IPinfo
Integration version: 4.0
Configure IPinfo to work with Google Security Operations SOAR
To obtain your Access Token, first sign in to your IPinfo Account.
You will be redirected to a Dashboard page, where you can find your Access Token.
Configure IPinfo integration in Google Security Operations SOAR
For detailed instructions on how to configure an integration in Google Security Operations SOAR, see Configure integrations.
Actions
Get Domain Information
Description
Fetch domain information for an address.
Parameters
N/A
Run On
This action runs on the Hostname entity.
Action Results
Entity Enrichment
| Enrichment Field Name | Logic - When to apply |
|---|---|
| count | Returns if it exists in JSON result |
| domain | Returns if it exists in JSON result |
| ip | Returns if it exists in JSON result |
| range | Returns if it exists in JSON result |
| domains | Returns if it exists in JSON result |
| asn | Returns if it exists in JSON result |
Insights
N/A
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| is_success | True/False | is_success:False |
JSON Result
[{
"EntityResult":
{
"count": 939,
"domain": "comcast.net",
"ip": "1.1.1.1",
"range": "1.1.1.1/12",
"domains":
[[
"comcast.net",
"Comcast.com",
"Watchable.com",
"Comcastnow.com",
"Comcastsportsnet.com",
"Xfinityprepaid.net",
"Comcastaddelivery.com",
"Bigtoptestdrive.com",
"Gotgearamazingoutdoors.com",
"comcastspotlight-mediafactbook.com",
"Entertainmentmoney.com",
"footballmaniasweepstakes.com",
"Jobsatcomcast.com",
"anyscreem.org",
"amyscreen.net",
"amalunasweeps.com",
"Comcastlabs.com",
"anycreen.org",
"coloradotruckauthority.com",
"touchdownandtailgate.com",
"Readytoridemonroepbr.com",
"anysceren.net",
"Bostonhealthads.com",
"Comcastspotlight-3d-hlly.com",
"Fordfrugalista.com"
]],
"asn": "AS7922"
},
"Entity": "comcast.net"
}]
Get IP Information
Description
This is one of the most common tools of any website, domain, or IP address to find out the user, internet provider, and location. IP address scanning is useful in finding the origin of unwanted emails or the source of spam, virus, and attacks. It will show you the domain owner's registered WHOIS and ARIN contact data, and the company that operates the associated server, wherever they are. You may find out their internet service provider for dynamic IP addresses of private users to allow them to contact them for a complaint.
Parameters
N/A
Run On
This actionr runs on the IP Address entity.
Action Results
Entity Enrichment
| Enrichment Field Name | Logic - When to apply |
|---|---|
| city | Returns if it exists in JSON result |
| loc | Returns if it exists in JSON result |
| country | Returns if it exists in JSON result |
| company | Returns if it exists in JSON result |
| hostname | Returns if it exists in JSON result |
| asn | Returns if it exists in JSON result |
| carrier | Returns if it exists in JSON result |
| ip | Returns if it exists in JSON result |
| postal | Returns if it exists in JSON result |
| region | Returns if it exists in JSON result |
Insights
N/A
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| is_success | True/False | is_success:False |
JSON Result
[{
"EntityResult":
{
"city": "Southbridge",
"loc": "42.0707,-72.0440",
"country": "US",
"company":
{
"domain": "sprint.com",
"type": "isp",
"name": "Sprint Springfield POP"
},
"hostname": "66-87-125-72.pools.spcsdns.net",
"asn":
{
"route": "1.1.1.1/24",
"type": "isp",
"domain": "spcsdns.net",
"name": "Sprint Personal Communications Systems",
"asn": "AS10507"
},
"carrier":
{
"mnc": "120",
"mcc": "310",
"name": "Sprint"
},
"ip": "1.1.1.1",
"postal": "01550",
"region": "Massachusetts"
},
"Entity": "1.1.1.1"
}]
Ping
Description
Check API token validity.
Parameters
N/A
Run On
This action runs on all entities.
Action Results
Entity Enrichment
N/A
Insights
N/A
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| ping_status | True/False | ping_status:False |
JSON Result
N/A