Supported observables for RISKIQ and RISKIQ WHOISIQ

Release version: Australia

Updated March 12, 2026

1 minute to read

The RISKIQ API supports automatic SSL certificate lookups on IP address, file hash, Certificate Serial Number, domain, and URL observables. URL and domain observables are enriched automatically with the WHOISIQ API. For observable enrichment on other types of observables with the WHOISIQ API, create observables and run lookups manually from the Observables table.

Supported observables

The following table lists the type of APIs used in this integration, and the observables each API supports. The table also indicates whether a lookup occurs automatically when security incidents are created, or if the lookup is run manually from the Observables table.

Table 1. Supported observables and lookup
API	Supported observables	Lookup (automated or manual)
RISKIQ SSL certificate API	IP address File hash (certificate thumb print). See the following figure for an example of a file hash. Certificate Serial Number, or Serial Number. This string is a unique ID for the entity. See the following figure for an example of a certificate serial number. Domain (`www.site.com`, or `site.com`) URL Note: automatic scans are run for the URL format using the `https://` protocol, for example,`https://example.com/index.html`	Automated lookup when incidents are created. Results are displayed on the SSL Certificates tab of the security incident record.
RISKIQ WHOISIQ API	Domain URL	Automated lookup when incidents are created. Results are displayed on the Observable Enrichment Results tab on the security incident record.
RISKIQ WHOISIQ API	Email address Organization name Phone number Mailing address	Manual lookup is run from the Observables table. Results are displayed on the Observable Enrichment Results tab on the Observable record.