Load more IoC data

Depending on settings in two properties and a script include definition, you can load geolocation information for IP addresses and websites in the Observables form. With further customization, you can also add other information, such as country codes, city names.

Before you begin

The following two properties must be set:
  • The domain name to retrieve additional information for IP addresses/URLs [sn_ti.ip_lookup.web_site]
  • The API key to be used for the above domain, if any [sn_ti.ip_lookup.api_key]
Role required: sn_ti.admin

Procedure

  1. Navigate to Threat Intelligence > IoC Repository > Observables.
  2. Click the IP address or URL of the observable to which you want to view more IoC data.
    The Location field shows the geolocation of the IoC.
  3. Click the Enrich data button to load the additional IoC data.
  4. You can also configure the Observable form to add other location-related fields, such as the country code and city code.
    Note: To load more location-related information, edit the ThreatAdditionalInfo script include and provide the appropriate API key from the website that provides the additional information.