The Enrichment Tab
  • 04 Oct 2023
  • 1 Minute to read
  • Dark
    Light

The Enrichment Tab

  • Dark
    Light

Article summary

Viewing Enrichment Data

If an enrichment service is available for a given Indicator type, the Enrichment tab of the Details screen will be available for Indicators of that type, regardless of whether a System Administrator enabled the enrichment service.

Figure 1 shows the Enrichment tab of the Details screen for the 193.161.193.99 Address Indicator, where FarSight Passive DNS, VirusTotal, and Shodan cards are displayed because the Farsight Security®, VirusTotal™, and Shodan® enrichment services are available for Address Indicators. In this example, all three enrichment services are enabled on the ThreatConnect instance and for Address Indicators, so each card displays data retrieved from the respective enrichment service for the 193.161.193.99 Address Indicator.

The Enrichment Tab_Figure 1_7.1.0

 

Note
If data cannot be retrieved from the enrichment service, an error message will be displayed on the enrichment service’s card. For example, if your API key for the enrichment service has exceeded the quota limit or no data are available for the Indicator, an error message stating so will be displayed on the enrichment service’s card.

To collapse or expand all cards on the Enrichment tab, click the Collapse All or Expand All button, respectively. By default, all cards are expanded.

Retrieving Data Manually

When you click on an Indicator’s Enrichment tab for the first time, data will be retrieved from each enabled enrichment service automatically if your System Administrator has enabled automatic data retrieval for the service. Otherwise, a message stating that “Automatic Data Retrieval has been disabled by the System Administrator” will be displayed on the card, and you will need to click the Retrieve Data button to populate the card with data. Once data have been retrieved, they will be cached for a period of time configured by your System Administrator. Each time you revisit that Indicator’s Enrichment tab, the cached data will be displayed until this period of time has passed.

To retrieve the latest data from an enrichment service, click the Retrieve Data button on the enrichment service’s card.

Note
The API key your System Administrator entered when configuring the enrichment service on the System Settings screen will be used each time data are retrieved for the Indicator.

ThreatConnect® is a registered trademark of ThreatConnect, Inc.
DomainTools® and Farsight Security® are registered trademarks of DomainTools, LLC.
VirusTotal™ is a trademark of Google, Inc.
Shodan® is a registered trademark of Shodan.

20146-02 v.04.A


Was this article helpful?