Document toolboxDocument toolbox

ARIN Whois

Owned by Jonas Gonzalez
Last updated: Nov 29, 2024
3 min read
[ 1 Connect ARIN Whois with Devo SOAR ] [ 2 Actions for ARIN Whois ] [ 2.1 Lookup IP ] [ 2.1.1 Input Field ] [ 2.1.2 Output ] [ 3 Release Notes ]

ARIN Whois is a directory service for accessing registration data contained within ARIN's registration database.

Connect ARIN Whois with Devo SOAR

  1. Navigate to Automations > Integrations.

  2. Search for ARIN Whois.

  3. Click Details, then the + icon. Enter the required information in the following fields.

  4. Label: Enter a connection name.

  5. Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.

  6. Verify SSL: Select option to verify connecting server's SSL certificate (Default is Verify SSL Certificate).

  7. Remote Agent: Run this integration using the Devo SOAR Remote Agent.

  8. After you've entered all the details, click Connect.

Actions for ARIN Whois

Lookup IP

Retrieve ARIN Whois data for an IP address.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Input Name

Description

Required

IPs column name

Select a column that contains IP addresses.

Required

Output

A JSON object containing multiple rows of result:

  • has_error: True/False

  • error: message/null

  • lookup: IP address whose data was fetched

  • start_ip: Net - Start Address of IP

  • end_ip: Net - End Address of IP

  • full: raw API JSON response

``` {json}{ "has_error":false, "end_ip":"125.231.255.255", "lookup":"125.227.70.80", "full":{ "handle":"125.224.0.0 - 125.231.255.255", "name":"HINET-NET", "links":[ { "href":"https://rdap.apnic.net/ip/125.224.0.0/13", "type":"application/rdap+json", "rel":"self", "value":"https://rdap.apnic.net/ip/125.227.70.80" }, { "href":"https://netox.apnic.net/search/125.224.0.0%2F13?utm_source=rdap&utm_medium=result&utm_campaign=rdap_result", "type":"text/html", "rel":"related", "value":"https://rdap.apnic.net/ip/125.227.70.80" } ], "entities":[ { "handle":"IRT-TWNIC-AP", "roles":[ "abuse" ], "links":[ { "href":"https://rdap.apnic.net/entity/IRT-TWNIC-AP", "type":"application/rdap+json", "rel":"self", "value":"https://rdap.apnic.net/ip/125.227.70.80" } ], "vcardArray":[ "vcard", [ [ "version", {

}, "text", "4.0" ], [ "fn", { }, "text", "IRT-TWNIC-AP" ], [ "kind", { }, "text", "group" ], [ "adr", { "label":"Taipei, Taiwan, 100" }, "text", [ "", "", "", "", "", "", "" ] ], [ "email", { }, "text", "hostmaster@twnic.net.tw" ], [ "email", { "pref":"1" }, "text", "hostmaster@twnic.net.tw" ] ] ], "remarks":[ { "description":[ "Please note that TWNIC is not an ISP and is not empowered", "to investigate complaints of network abuse." ], "title":"remarks" } ], "objectClassName":"entity", "events":[ { "eventAction":"last changed", "eventDate":"2015-10-08T07:58:24Z" } ] }, { "handle":"HN27-AP", "roles":[ "administrative", "technical" ], "links":[ { "href":"https://rdap.apnic.net/entity/HN27-AP", "type":"application/rdap+json", "rel":"self", "value":"https://rdap.apnic.net/ip/125.227.70.80" } ], "vcardArray":[ "vcard", [ [ "version", { }, "text", "4.0" ], [ "fn", { }, "text", "HINET Network-Adm" ], [ "kind", { }, "text", "individual" ], [ "adr", { "label":"CHTD, Chunghwa Telecom Co., Ltd.\nNo. 21, Sec. 21, Hsin-Yi Rd.,\nTaipei Taiwan 100" }, "text", [ "", "", "", "", "", "", "" ] ], [ "tel", { "type":"voice" }, "text", "+886 2 2322 3495" ], [ "tel", { "type":"voice" }, "text", "+886 2 2322 3442" ], [ "tel", { "type":"voice" }, "text", "+886 2 2344 3007" ], [ "tel", { "type":"fax" }, "text", "+886 2 2344 2513" ], [ "tel", { "type":"fax" }, "text", "+886 2 2395 5671" ], [ "email", { }, "text", "network-adm@hinet.net" ] ] ], "remarks":[ { "description":[ "same as TWNIC nic-handle HN184-TW" ], "title":"remarks" } ], "objectClassName":"entity", "events":[ { "eventAction":"last changed", "eventDate":"2011-08-22T06:04:01Z" } ] } ], "port43":"whois.apnic.net", "country":"TW", "endAddress":"125.231.255.255", "ipVersion":"v4", "remarks":[ { "description":[ "Data Communication Business Group,", "Chunghwa Telecom Co.,Ltd.", "No.21, Sec.1, Xinyi Rd., Taipei City", "10048, Taiwan" ], "title":"description" } ], "startAddress":"125.224.0.0", "cidr0_cidrs":[ { "v4prefix":"125.224.0.0", "length":13 } ], "rdapConformance":[ "history_version_0", "cidr0", "rdap_level_0" ], "notices":[ { "description":[ "Objects returned came from source", "APNIC" ], "title":"Source" }, { "description":[ "This is the APNIC WHOIS Database query service. The objects are in RDAP format." ], "links":[ { "href":"http://www.apnic.net/db/dbcopyright.html", "type":"text/html", "rel":"terms-of-service", "value":"https://rdap.apnic.net/ip/125.227.70.80" } ], "title":"Terms and Conditions" } ], "objectClassName":"ip network", "type":"ALLOCATED PORTABLE", "events":[ { "eventAction":"last changed", "eventDate":"2013-12-04T12:38:04Z" } ]

}, "error":null, "start_ip":"125.224.0.0" } ```

Release Notes

  • v2.0.0 - Updated architecture to support IO via filesystem