This is one of the most common tools of any website, domain, or IP address to
find out the user, internet provider, and location. IP address scanning is
useful in finding the origin of unwanted emails or the source of spam, virus,
and attacks. It will show you the domain owner's registered WHOIS and ARIN
contact data, and the company that operates the associated server, wherever they
are. You may find out their internet service provider for dynamic IP addresses
of private users to allow them to contact them for a complaint.
Parameters
N/A
Run On
This actionr runs on the IP Address entity.
Action Results
Entity Enrichment
Enrichment Field Name
Logic - When to apply
city
Returns if it exists in JSON result
loc
Returns if it exists in JSON result
country
Returns if it exists in JSON result
company
Returns if it exists in JSON result
hostname
Returns if it exists in JSON result
asn
Returns if it exists in JSON result
carrier
Returns if it exists in JSON result
ip
Returns if it exists in JSON result
postal
Returns if it exists in JSON result
region
Returns if it exists in JSON result
Insights
N/A
Script Result
Script Result Name
Value Options
Example
is_success
True/False
is_success:False
JSON Result
[{"EntityResult":{"city":"Southbridge","loc":"42.0707,-72.0440","country":"US","company":{"domain":"sprint.com","type":"isp","name":"Sprint Springfield POP"},"hostname":"66-87-125-72.pools.spcsdns.net","asn":{"route":"1.1.1.1/24","type":"isp","domain":"spcsdns.net","name":"Sprint Personal Communications Systems","asn":"AS10507"},"carrier":{"mnc":"120","mcc":"310","name":"Sprint"},"ip":"1.1.1.1","postal":"01550","region":"Massachusetts"},"Entity":"1.1.1.1"}]
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-07 UTC."],[[["\u003cp\u003eIPinfo version 5.0 integrates with Google Security Operations SOAR, requiring users to obtain an Access Token from their IPinfo account dashboard.\u003c/p\u003e\n"],["\u003cp\u003eThe "Get Domain Information" action retrieves data like count, domain, IP, range, domains, and ASN, operating on Hostname entities.\u003c/p\u003e\n"],["\u003cp\u003eThe "Get IP Information" action reveals details such as city, location, country, company, hostname, ASN, carrier, IP, postal code, and region for a given IP address, functioning on IP Address entities.\u003c/p\u003e\n"],["\u003cp\u003eThe "Ping" action verifies the API token's validity and runs on all entities, providing a true/false "ping_status" result.\u003c/p\u003e\n"],["\u003cp\u003eThe IPInfo Integration provides JSON result samples for both the “Get Domain Information” and “Get IP Information” action results.\u003c/p\u003e\n"]]],[],null,["IPinfo\n\nIntegration version: 5.0\n\nConfigure IPinfo to work with Google Security Operations\n\nTo obtain your Access Token, first sign in to your [IPinfo\nAccount](https://ipinfo.io/account/login).\n\nYou will be redirected to a **Dashboard page**, where you can find your Access\nToken.\n\nConfigure IPinfo integration in Google SecOps\n\nFor detailed instructions on how to configure an integration in\nGoogle SecOps, see [Configure\nintegrations](/chronicle/docs/soar/respond/integrations-setup/configure-integrations).\n\nActions\n\nGet Domain Information\n\nDescription\n\nFetch domain information for an address.\n\nParameters\n\nN/A\n\nRun On\n\nThis action runs on the Hostname entity.\n\nAction Results\n\nEntity Enrichment\n\n| Enrichment Field Name | Logic - When to apply |\n|-----------------------|-------------------------------------|\n| count | Returns if it exists in JSON result |\n| domain | Returns if it exists in JSON result |\n| ip | Returns if it exists in JSON result |\n| range | Returns if it exists in JSON result |\n| domains | Returns if it exists in JSON result |\n| asn | Returns if it exists in JSON result |\n\nInsights\n\nN/A\n\nScript Result\n\n| **Script Result Name** | **Value Options** | **Example** |\n|------------------------|-------------------|------------------|\n| is_success | True/False | is_success:False |\n\nJSON Result \n\n [{\n \"EntityResult\":\n {\n \"count\": 939,\n \"domain\": \"comcast.net\",\n \"ip\": \"1.1.1.1\",\n \"range\": \"1.1.1.1/12\",\n \"domains\":\n [[\n \"comcast.net\",\n \"Comcast.com\",\n \"Watchable.com\",\n \"Comcastnow.com\",\n \"Comcastsportsnet.com\",\n \"Xfinityprepaid.net\",\n \"Comcastaddelivery.com\",\n \"Bigtoptestdrive.com\",\n \"Gotgearamazingoutdoors.com\",\n \"comcastspotlight-mediafactbook.com\",\n \"Entertainmentmoney.com\",\n \"footballmaniasweepstakes.com\",\n \"Jobsatcomcast.com\",\n \"anyscreem.org\",\n \"amyscreen.net\",\n \"amalunasweeps.com\",\n \"Comcastlabs.com\",\n \"anycreen.org\",\n \"coloradotruckauthority.com\",\n \"touchdownandtailgate.com\",\n \"Readytoridemonroepbr.com\",\n \"anysceren.net\",\n \"Bostonhealthads.com\",\n \"Comcastspotlight-3d-hlly.com\",\n \"Fordfrugalista.com\"\n ]],\n \"asn\": \"AS7922\"\n },\n \"Entity\": \"comcast.net\"\n }]\n\nGet IP Information\n\nDescription\n\nThis is one of the most common tools of any website, domain, or IP address to\nfind out the user, internet provider, and location. IP address scanning is\nuseful in finding the origin of unwanted emails or the source of spam, virus,\nand attacks. It will show you the domain owner's registered WHOIS and ARIN\ncontact data, and the company that operates the associated server, wherever they\nare. You may find out their internet service provider for dynamic IP addresses\nof private users to allow them to contact them for a complaint.\n\nParameters\n\nN/A\n\nRun On\n\nThis actionr runs on the IP Address entity.\n\nAction Results\n\nEntity Enrichment\n\n| Enrichment Field Name | Logic - When to apply |\n|-----------------------|-------------------------------------|\n| city | Returns if it exists in JSON result |\n| loc | Returns if it exists in JSON result |\n| country | Returns if it exists in JSON result |\n| company | Returns if it exists in JSON result |\n| hostname | Returns if it exists in JSON result |\n| asn | Returns if it exists in JSON result |\n| carrier | Returns if it exists in JSON result |\n| ip | Returns if it exists in JSON result |\n| postal | Returns if it exists in JSON result |\n| region | Returns if it exists in JSON result |\n\nInsights\n\nN/A\n\nScript Result\n\n| **Script Result Name** | **Value Options** | **Example** |\n|------------------------|-------------------|------------------|\n| is_success | True/False | is_success:False |\n\nJSON Result \n\n [{\n \"EntityResult\":\n {\n \"city\": \"Southbridge\",\n \"loc\": \"42.0707,-72.0440\",\n \"country\": \"US\",\n \"company\":\n {\n \"domain\": \"sprint.com\",\n \"type\": \"isp\",\n \"name\": \"Sprint Springfield POP\"\n },\n \"hostname\": \"66-87-125-72.pools.spcsdns.net\",\n \"asn\":\n {\n \"route\": \"1.1.1.1/24\",\n \"type\": \"isp\",\n \"domain\": \"spcsdns.net\",\n \"name\": \"Sprint Personal Communications Systems\",\n \"asn\": \"AS10507\"\n },\n \"carrier\":\n {\n \"mnc\": \"120\",\n \"mcc\": \"310\",\n \"name\": \"Sprint\"\n },\n \"ip\": \"1.1.1.1\",\n \"postal\": \"01550\",\n \"region\": \"Massachusetts\"\n },\n \"Entity\": \"1.1.1.1\"\n }]\n\nPing\n\nDescription\n\nCheck API token validity.\n\nParameters\n\nN/A\n\nRun On\n\nThis action runs on all entities.\n\nAction Results\n\nEntity Enrichment\n\nN/A\n\nInsights\n\nN/A\n\nScript Result\n\n| **Script Result Name** | **Value Options** | **Example** |\n|------------------------|-------------------|-------------------|\n| ping_status | True/False | ping_status:False |\n\nJSON Result \n\n N/A\n\n**Need more help?** [Get answers from Community members and Google SecOps professionals.](https://security.googlecloudcommunity.com/google-security-operations-2)"]]
