Skip to main content

IP Enrichment - External - Generic v2

This Playbook is part of the Common Playbooks Pack.#

Enriches IP addresses using one or more integrations.

  • Resolve IP addresses to hostnames (DNS)
  • Provide threat information
  • Separate internal and external addresses


This playbook uses the following sub-playbooks, integrations, and scripts.


This playbook does not use any sub-playbooks.


  • VirusTotal - Private API


  • IPToHost
  • IsIPInRanges


  • threat-crowd-ip
  • vt-private-get-ip-report

Playbook Inputs#

NameDescriptionDefault ValueSourceRequired
IPThe IP address to enrich.AddressIPOptional
InternalRangeA CSV list of IP address ranges (in CIDR notation). Use this list to check if an IP address is found within a set of IP address ranges. For example: ",," (without quotes). If a list is not provided, will use default list provided in the IsIPInRanges script (the known IPv4 private address ranges).inputs.InternalRange-Optional
ResolveIPWhether to convert the IP address to a hostname using a DNS query (True/False).Noneinputs.ResolveIPRequired

Playbook Outputs#

IPThe IP address objects.unknown
DBotScoreThe Indicator, Score, Type, and Vendor.unknown
EndpointThe Endpoint's object.unknown
Endpoint.HostnameThe hostname to enrich.string
Endpoint.OSThe Endpoint operating system.string
Endpoint.IPA list of Endpoint IP addresses.unknown
Endpoint.MACA list of Endpoint MAC addresses.unknown
Endpoint.DomainThe Endpoint domain name.string

Playbook Image#