Skip to main content

IP Enrichment - Generic v2

This Playbook is part of the Common Playbooks Pack.#

Enrich IP addresses using one or more integrations.

  • Resolve IP addresses to hostnames (DNS)
  • Provide threat information
  • Separate internal and external IP addresses
  • For internal IP addresses, get host information


This playbook uses the following sub-playbooks, integrations, and scripts.


  • IP Enrichment - Internal - Generic v2
  • IP Enrichment - External - Generic v2


This playbook does not use any integrations.


This playbook does not use any scripts.


This playbook does not use any commands.

Playbook Inputs#

NameDescriptionDefault ValueRequired
IPThe IP address to enrich.IP.AddressOptional
InternalRangeA list of internal IP ranges to check IP addresses against. The list should be provided in CIDR notation, separated by commas. An example of a list of ranges would be: ",," (without quotes). If a list is not provided, will use default list provided in the IsIPInRanges script (the known IPv4 private address ranges).inputs.InternalRangeOptional
ResolveIPDetermines whether to convert the IP address to a hostname using a DNS query (True/ False).inputs.ResolveIPRequired
UseReputationCommandDefine if you would like to use the !IP command.
Note: This input should be used whenever there is no auto-extract enabled in the investigation flow.
Possible values: True / False.

Playbook Outputs#

IPThe IP objectsunknown
DBotScoreIndicator, Score, Type, Vendorunknown
EndpointThe Endpoint's objectunknown
Endpoint.HostnameThe hostname to enrichstring
Endpoint.OSEndpoint OSstring
Endpoint.IPList of endpoint IP addressesunknown
Endpoint.MACList of endpoint MAC addressesunknown
Endpoint.DomainEndpoint domain namestring

Playbook Image#

IP Enrichment - Generic v2