Supported Cortex XSOAR versions: 5.5.0 and later.
This playbook compares the domain registrant against the Cortex XSOAR list of approved registrants provided in the inputs. A registrant is the company or entity that owns the domain.
This playbook uses the following sub-playbooks, integrations, and scripts.
This playbook does not use any sub-playbooks.
This playbook does not use any integrations.
|Indicators matching the indicator query will be used as playbook input
|The Cortex XSOAR list name that contains the approved registrars. A registrant is the company or entity that owns the domain.
|A one-character string used to delimit fields. This must match the value that you defined in the list separator server configuration.
The default value is a comma, however, as registrants might contain the "," character in their name,
Cortex XSOAR recommends that you select a different delimiter.
|This input receives the Whois results from the parent playbook.
|Domains for which the registrant wasn't in the list.
|Domains for which the registrant was in the list.
|Domains which Whois wasn't able to resolve.
|In case no registrant list was provided all domains will be outputted to this context path.