Skip to main content

Entity Enrichment - Generic

This Playbook is part of the Deprecated Content (Deprecated) Pack.#


Use "Entity Enrichment - Generic v3" playbook instead.

DEPRECATED. Use "Entity Enrichment - Generic v3" playbook instead. Enriches entities using one or more integrations.


This playbook uses the following sub-playbooks, integrations, and scripts.


  • Account Enrichment - Generic
  • IP Enrichment - Generic
  • File Enrichment - Generic
  • Email Address Enrichment - Generic
  • URL Enrichment - Generic
  • Domain Enrichment - Generic
  • Endpoint Enrichment - Generic


This playbook does not use any integrations.


This playbook does not use any scripts.


This playbook does not use any commands.

Playbook Inputs#

NameDescriptionDefault ValueRequired
IPThe IP addresses to enrich.${IP.Address}Optional
InternalRangeThe internal range to check against the IP address.-Optional
MD5The MD5 hash to enrich.${File.MD5}Optional
SHA256The SHA256 hash to enrich.${File.SHA256}Optional
SHA1The SHA1 hash to enrich.${File.SHA1}Optional
urlThe URL to enrich.${URL.Data}Optional
EmailThe email addresses to enrich.${Account.Email.Address}Optional
HostnameThe hostname to enrich.${Endpoint.Hostname}Optional
UsernameThe username to enrich.${Account.Username}Optional
DomainThe domain name to enrich.${Domain.Name}Optional

Playbook Outputs#

AccountThe account's object.unknown
Account.IDThe unique account DN (Distinguished Name).string
DomainThe domain objects.unknown
URLThe URL's object.unknown
URL.MaliciousWhether the URL was detected as malicious.unknown
URL.VendorThe name of vendor who labeled the URL as malicious.string
URL.DescriptionThe additional information of the URL.string
URL.AddressThe enriched URL.string
Account.Email.AddressThe email account's full address.string
IPThe IP address objects.unknown
Account.Email.DomainThe email account's domain.string
Account.Email.NetworkTypeThe email account networktype. Can be, "Internal" or "External".string
Account.Email.UsernameThe email account username.string
Account.Email.Distance.DomainThe compared domain.unknown
Account.Email.Distance.ValueThe distance between the email domain and the compared domain.string
Account.TypeThe type of the account entity.string
Account.UsernameThe account username.string
Account.EmailThe email address associated with the account.unknown
Account.GroupsThe groups the account is part of.unknown
Account.DisplayNameThe account display name.string
Account.ManagerThe account's manager.string
FileThe file's object.unknown
File.MD5The MD5 hash of the file.string
File.SHA1The SHA1 hash of the file.string
File.SHA256The SHA256 hash of the file.string
File.Malicious.VendorThe vendor that made the decision that the file was malicious.string
EndpointThe Endpoint's object.unknown
Endpoint.HostnameThe hostname to enrich.string
Endpoint.OSThe Endpoint OS.string
Endpoint.IPThe list of endpoint IP addresses.unknown
Endpoint.MACThe list of endpoint MAC addresses.unknown
Endpoint.DomainThe Endpoint domain name.string
DBotScoreThe indicator's object.unknown
DBotScore.IndicatorThe indicator.string
DBotScore.TypeThe indicator type.string
DBotScore.VendorThe DBot score vendor.string
DBotScore.ScoreThe DBot score.number

Playbook Image#