Create an observable for manual WHOISIQ lookups

  • Versão de lançamento: Australia
  • Atualizado 12 de mar. de 2026
  • 1 min. de leitura

    • Security incident analysts use information from observable enrichment with the WHOISIQ API to learn more about the email addresses, names, and phone numbers of organizations.

    Antes de Iniciar

    Role required: sn_si.analyst

    Procedimento

    1. Navigate to All > IoC Repository > Observables.
      Figura 1. Enter Observables in navigation filter
      Enter Observables in the navigation panel.
      Under the navigation panel, the Observables module is displayed.
      Figura 2. Observables module
      Observables module.
    2. Click the Observables module to display the Observables list.
      Figura 3. Observables list
      Observables list
    3. Click New to create a new observable.
    4. On Observable form, fill in the fields.
      FieldDescription
      Value Email address, organization name, phone number, or mailing address. For example, test1gmail.com
      Observable type The field is automatically cleared.
      Finding The field is automatically set to Unknown.
      Figura 4. Create a new observable
      Enter a value in the field.
    5. Click Submit.
      You are returned to the Observables list. In the Value column, your new observable is displayed.
      Nota:
      If you cannot locate your observable on the part of the list that is displayed, use the search functionality to find it.
    6. Edit the Observable type field to change the type from Unknown to Email address to match your observable.
      1. In the Observable type column, single-click to the right of the Unknown text to select it.
        Figura 5. Select the Observable type field
        Click off of the text and in the column to select the field.
        The selected field is outlined in blue.
      2. With the field outlined in blue, double-click anywhere inside the highlighted field to open the editor.
      3. In the field that is displayed, enter the observable type (Email address) and click the green check mark to save the value.
        Figura 6. Edit the Observable type field
        Enter the observable type in the editor and click the green check to save it.
        In the Observable type column on the list, Email Address is displayed for your new observable.
        Figura 7. Updated Observable type field
        Observable type field updated with new observable.

    O que Fazer Depois

    If you have created and edited an observable for lookup, run the observable enrichment lookup from the Observable record with the WHOISIQ API.