[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-29 UTC."],[[["\u003cp\u003eBulk Whois integration version 14.0 can be configured to work with Google Security Operations SOAR by obtaining API credentials from the Bulk Whois API account.\u003c/p\u003e\n"],["\u003cp\u003eThe integration requires an API Key and Api Secret, both generated in the Bulk Whois console, and allows optional parameters such as Instance Name, Description, SSL Verification, and Remote Running.\u003c/p\u003e\n"],["\u003cp\u003eThe 'Ping' action allows for testing connectivity, while the 'WhoIs Details' action retrieves Whois information for URLs, hostnames, and IP addresses.\u003c/p\u003e\n"],["\u003cp\u003eThe WhoIs Details action enriches entity data with various fields like RegistrarWHOISServer, UpdatedDate, DomainName, and more, based on the JSON results.\u003c/p\u003e\n"],["\u003cp\u003eAPI access to Bulk Whois is done through an outbound connection, using the 'apikey' protocol, on the 'Multivalues' port.\u003c/p\u003e\n"]]],[],null,["# Bulk Whois\n==========\n\nIntegration version: 14.0\n\nConfigure Bulk Whois to work with Google Security Operations\n------------------------------------------------------------\n\n### How to obtain API credentials\n\n1. To obtain API credentials, sign in to your [Bulk Whois API\n account](https://bulk-whois-api.com/log/in).\n\n2. Navigate to the **My Account** section and select **API Credentials** in the\n left side menu where your API Key is ready for use.\n\n### Network\n\nConfigure Bulk Whois integration in Google SecOps\n-------------------------------------------------\n\nFor detailed instructions on how to configure an integration in\nGoogle SecOps, see [Configure\nintegrations](/chronicle/docs/soar/respond/integrations-setup/configure-integrations).\n\n### Integration parameters\n\nUse the following parameters to configure the integration:\n\n| **Note:** You can make changes at a later stage if needed. Once configured, the Instances can be used in Playbooks. For detailed information on configuring and supporting multiple instances, see [Supporting multiple instances](/chronicle/docs/soar/respond/integrations-setup/supporting-multiple-instances).\n\nActions\n-------\n\n### Ping\n\n#### Description\n\nTest Connectivity.\n\n#### Parameters\n\nN/A\n\n#### Run On\n\nThis action runs on all entities.\n\n#### Action Results\n\n##### Script Result\n\n### WhoIs Details\n\n#### Description\n\nGet domain/IP Whois info.\n\n#### Parameters\n\nN/A\n\n#### Run On\n\nThis action runs on the following entities:\n\n- URL\n- Hostname\n- IP Address\n\n#### Action Results\n\n##### Entity Enrichment\n\n##### Script Result\n\n##### JSON Result\n\n [\n {\n \"EntityResult\": {\n \"RegistrarWHOISServer\": \" \",\n \"UpdatedDate\": \"2018-05-22T09\",\n \"Reseller\": \" \",\n \"DNSSEC\": \"unsigned\",\n \"DomainName\": \"GOOGLE.CO.IN\",\n \"RegistrarIANAID\": \"292\",\n \"RegistrantCountry\": \"US\",\n \"RegistrarAbuseContactEmail\": \" \",\n \"RegistryDomainID\": \"D8357-AFIN\",\n \"DomainStatus\": \"clientUpdateProhibited\",\n \"RegistrarAbuseContactPhone\": \" \",\n \"RegistryExpiryDate\": \"2019-06-23T14\",\n \"Registrar\": \"MarkMonitorInc.\",\n \"RegistrantOrganization\": \"GoogleInc.\",\n \"NameServer\": \"NS4.GOOGLE.COM\",\n \"CreationDate\": \"2003-06-23T14\",\n \"RegistrarURL\": \"http\",\n \"RegistrantState/Province\": \"CA\",\n \"RegistrarRegistrationExpirationDate\": \" \",\n \"\u003e\u003e\u003eLastupdateofWHOISdatabase\": \"2019-01-15T06\"\n },\n \"Entity\": \"GOOGLE.CO.IN\"\n }\n ]\n\n**Need more help?** [Get answers from Community members and Google SecOps professionals.](https://security.googlecloudcommunity.com/google-security-operations-2)"]]
