TIM - Process Domain Registrant With Whois
Supported versions
Supported Cortex XSOAR versions: 5.5.0 and later.
This playbook compares the domain registrant against the Cortex XSOAR list of approved registrants provided in the inputs. A registrant is the company or entity that owns the domain.
Dependencies#
This playbook uses the following sub-playbooks, integrations, and scripts.
Sub-playbooks#
This playbook does not use any sub-playbooks.
Integrations#
This playbook does not use any integrations.
Scripts#
- SetAndHandleEmpty
- FilterByList
- Set
Commands#
- appendIndicatorField
Playbook Inputs#
| Name | Description | Default Value | Required |
|---|---|---|---|
| Indicator Query | Indicators matching the indicator query will be used as playbook input | Optional | |
| ApprovedregistrantsListName | The Cortex XSOAR list name that contains the approved registrars. A registrant is the company or entity that owns the domain. | Optional | |
| RegistrantListDelimiter | A one-character string used to delimit fields. This must match the value that you defined in the list separator server configuration. |
The default value is a comma, however, as registrants might contain the "," character in their name, Cortex XSOAR recommends that you select a different delimiter. | | Optional | | WhoisResults | This input receives the Whois results from the parent playbook. | | Optional |
Playbook Outputs#
| Path | Description | Type |
|---|---|---|
| RegistrantDomainNotInList | Domains for which the registrant wasn't in the list. | string |
| RegistrantDomainInList | Domains for which the registrant was in the list. | string |
| DomainsNotResolvedByWhois | Domains which Whois wasn't able to resolve. | string |
| DomainsNotProcessed | In case no registrant list was provided all domains will be outputted to this context path. | string |
Playbook Image#
