Bulk Whois

Integration version: 14.0

Configure Bulk Whois to work with Google Security Operations SOAR

How to obtain API credentials

  1. To obtain API credentials, sign in to your Bulk Whois API account.

  2. Navigate to the My Account section and select API Credentials in the left side menu where your API Key is ready for use.

Network

Function Default Port Direction Protocol
API Multivalues Outbound apikey

Configure Bulk Whois integration in Google Security Operations SOAR

For detailed instructions on how to configure an integration in Google Security Operations SOAR, see Configure integrations.

Integration parameters

Use the following parameters to configure the integration:

Parameter Display Name Type Default Value Is Mandatory Description
Instance Name String N/A No Name of the Instance you intend to configure integration for.
Description String N/A No Description of the Instance.
Api Key String N/A Yes API key generated in Bulk Whois console.
Api Secret String N/A Yes Generated in Bulk Whois console with API Key.
Verify SSL Checkbox Checked No Use this checkbox, if your Bulk Whois connection requires an SSL verification (unchecked by default).
Run Remotely Checkbox Unchecked No Check the field in order to run the configured integration remotely. Once checked, the option appears to select the remote user (agent).

Actions

Ping

Description

Test Connectivity.

Parameters

N/A

Run On

This action runs on all entities.

Action Results

Script Result
Script Result Name Value Options Example
null N/A N/A

WhoIs Details

Description

Get domain/IP Whois info.

Parameters

N/A

Run On

This action runs on the following entities:

  • URL
  • Hostname
  • IP Address

Action Results

Entity Enrichment
Enrichment Field Name Logic - When to apply
RegistrarWHOISServer Returns if it exists in JSON result
UpdatedDate Returns if it exists in JSON result
Reseller Returns if it exists in JSON result
DNSSEC Returns if it exists in JSON result
DomainName Returns if it exists in JSON result
RegistrarIANAID Returns if it exists in JSON result
RegistrantCountry Returns if it exists in JSON result
RegistrarAbuseContactEmail Returns if it exists in JSON result
RegistryDomainID Returns if it exists in JSON result
DomainStatus Returns if it exists in JSON result
RegistrarAbuseContactPhone Returns if it exists in JSON result
RegistryExpiryDate Returns if it exists in JSON result
Registrar Returns if it exists in JSON result
RegistrantOrganization Returns if it exists in JSON result
NameServer Returns if it exists in JSON result
CreationDate Returns if it exists in JSON result
RegistrarURL Returns if it exists in JSON result
RegistrantStateProvince Returns if it exists in JSON result
RegistrarRegistrationExpirationDate Returns if it exists in JSON result
LastupdateofWHOISdatabase Returns if it exists in JSON result
Script Result
Script Result Name Value Options Example
is_enriched True/False is_enriched:False
JSON Result
[
    {
        "EntityResult": {
            "RegistrarWHOISServer": " ",
            "UpdatedDate": "2018-05-22T09",
            "Reseller": " ",
            "DNSSEC": "unsigned",
            "DomainName": "GOOGLE.CO.IN",
            "RegistrarIANAID": "292",
            "RegistrantCountry": "US",
            "RegistrarAbuseContactEmail": " ",
            "RegistryDomainID": "D8357-AFIN",
            "DomainStatus": "clientUpdateProhibited",
            "RegistrarAbuseContactPhone": " ",
            "RegistryExpiryDate": "2019-06-23T14",
            "Registrar": "MarkMonitorInc.",
            "RegistrantOrganization": "GoogleInc.",
            "NameServer": "NS4.GOOGLE.COM",
            "CreationDate": "2003-06-23T14",
            "RegistrarURL": "http",
            "RegistrantState/Province": "CA",
            "RegistrarRegistrationExpirationDate": " ",
            ">>>LastupdateofWHOISdatabase": "2019-01-15T06"
        },
        "Entity": "GOOGLE.CO.IN"
    }
]