Thank you for your feedback.
Form temporarily unavailable. Please try again or contact docfeedback@servicenow.com to submit your comments.

Submit a Whois lookup from a security incident

Log in to subscribe to topics and get notified when content changes.

Submit a Whois lookup from a security incident

Perform a Whois lookup from observables in a security incident in the Security Incident Response module to obtain context on the observables.

Before you begin

The Security Operations Whois Integration must be activated and configured.

Role required: sn_si.basic

Procedure

  1. Create a security incident or open an existing one.
  2. Click the Security Incident Observables related list.
  3. Select one or more observables to run Whois lookups on.
  4. Click the Actions on selected rows drop-down menu at the bottom of the screen, and select Run domain lookup.
    The results of the lookups appear in the Security Scan Requests related list, and the Activity notes record the lookup submission.
    Note: If the Security Operations Have I Been Pwned? Integration plugin is also activated, the Run domain lookup action also returns Have I Been Pwned? breach information.
Feedback