IBM QRadar SOAR

Hello,

I'm wondering if there's a way to automatically trigger the WHOIS lookup that's available within DNS Name artifacts?

I'd like to have the report auto pulled so it doesn't require manual action.

Here's a screenshot of the WHOIS section of a DNS Name artifact:


Thanks!

------------------------------
Liam Mahoney
------------------------------

At this moment, there is no built-in way to automatically pull the Whois report on SOAR standalone.

------------------------------
Gilbert Liao
------------------------------

Original Message:
Sent: Mon May 02, 2022 06:06 PM
From: Liam Mahoney
Subject: Auto Trigger WHOIS Lookup for DNS Name Artifacts

Hello,

I'm wondering if there's a way to automatically trigger the WHOIS lookup that's available within DNS Name artifacts?

I'd like to have the report auto pulled so it doesn't require manual action.

Here's a screenshot of the WHOIS section of a DNS Name artifact:


Thanks!

------------------------------
Liam Mahoney
------------------------------

Any update to this?  Can the software do this now?

------------------------------
Joshua Cochran
------------------------------

Original Message:
Sent: Tue May 03, 2022 04:28 AM
From: Gilbert Liao
Subject: Auto Trigger WHOIS Lookup for DNS Name Artifacts

At this moment, there is no built-in way to automatically pull the Whois report on SOAR standalone.

------------------------------
Gilbert Liao

Original Message:
Sent: Mon May 02, 2022 06:06 PM
From: Liam Mahoney
Subject: Auto Trigger WHOIS Lookup for DNS Name Artifacts

Hello,

I'm wondering if there's a way to automatically trigger the WHOIS lookup that's available within DNS Name artifacts?

I'd like to have the report auto pulled so it doesn't require manual action.

Here's a screenshot of the WHOIS section of a DNS Name artifact:


Thanks!

------------------------------
Liam Mahoney
------------------------------

The built-in Whois function (as shown in the original post above) cannot be automatically triggered, but there are apps you can use in rules or playbooks to automate the lookup.

e.g. "RDAP/WHOIS function for SOAR" app https://exchange.xforce.ibmcloud.com/hub/extension/423ad33ee836d572276a8524f86bf11e

It also includes a manual rule for your reference.

------------------------------
Gilbert Liao
------------------------------

Original Message:
Sent: Sat September 07, 2024 02:55 PM
From: Joshua Cochran
Subject: Auto Trigger WHOIS Lookup for DNS Name Artifacts

Any update to this?  Can the software do this now?

------------------------------
Joshua Cochran

Original Message:
Sent: Tue May 03, 2022 04:28 AM
From: Gilbert Liao
Subject: Auto Trigger WHOIS Lookup for DNS Name Artifacts

At this moment, there is no built-in way to automatically pull the Whois report on SOAR standalone.

------------------------------
Gilbert Liao

Original Message:
Sent: Mon May 02, 2022 06:06 PM
From: Liam Mahoney
Subject: Auto Trigger WHOIS Lookup for DNS Name Artifacts

Hello,

I'm wondering if there's a way to automatically trigger the WHOIS lookup that's available within DNS Name artifacts?

I'd like to have the report auto pulled so it doesn't require manual action.

Here's a screenshot of the WHOIS section of a DNS Name artifact:


Thanks!

------------------------------
Liam Mahoney
------------------------------