IP Enrichment - Internal - Generic v2

Enriches Internal IP addresses using one or more integrations.

  • Resolve IP address to hostname (DNS)
  • Separate internal and external IP addresses
  • Get host information for IP addresses

Dependencies

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks

  • Endpoint Enrichment - Generic v2

Integrations

This playbook does not use any integrations.

Scripts

  • IPToHost
  • IsIPInRanges

Commands

This playbook does not use any commands.

Playbook Inputs


NameDescriptionDefault ValueSourceRequired
IPThe IP address to enrich.AddressIPOptional
InternalRangeA CSV list of IP address ranges (in CIDR notation). Use this list to check if an IP address is found within a set of IP address ranges. For example, "172.16.0.0/12,10.0.0.0/8,192.168.0.0/16" (without quotation marks). If no list is provided, the default list provided in the IsIPInRanges script (the known IPv4 private address ranges) will be used.inputs.InternalRange-Optional
ResolveIPWhether to convert the IP address to a hostname using a DNS query. Can be, "True" or "False"Noneinputs.ResolveIPRequired

Playbook Outputs


PathDescriptionType
IPThe IP objects.unknown
DBotScoreThe Indicator, Score, Type and Vendor.unknown
EndpointThe endpoint's object.unknown
Endpoint.HostnameThe hostname to enrich.string
Endpoint.OSThe Endpoint operating system.string
Endpoint.IPThe list of endpoint IP addresses.unknown
Endpoint.MACThe list of endpoint MAC addresses.unknown
Endpoint.DomainThe Endpoint domain name.string

Playbook Image


IP_Enrichment_Internal_Generic_v2