IBM Security QRadar SOAR

 View Only

  • 1.  Whois function-query issue

    Posted Wed February 10, 2021 12:44 PM

    We have installed the whois function for resilient ibm app exchange.
    When re run the workflow Example: Whois Query Against Artifact for an artifact like url, we get the right output at the note section.

    When we are running the same workflow for IP addresses the results are none.


    We checked the parameter whois_query and we observed the following


    Is something wrong with the reverse searching at whois?

    Does anybody known why we get none output or to fix it?

    Thank you for your time.



    ------------------------------
    Michail Christof
    ------------------------------


  • 2.  RE: Whois function-query issue

    Posted Mon February 15, 2021 12:59 PM
    I believe there is a documentation error here or the functionality change to only support URLs and Domain names, and not IP Addresses. We'll queue this documentation change for a future release.

    ------------------------------
    Mark Scherfling
    ------------------------------

    Original Message


  • 3.  RE: Whois function-query issue

    Posted Tue February 16, 2021 11:15 AM
    Thank you for your time Mark.

    ------------------------------
    Michail Christof
    ------------------------------

    Original Message