QueryWhois

Description:

A powerful whois query processor primary designed to enrich DataFlows with whois based APIs (e.g. ShadowServer's ASN lookup) but that can be also used to perform regular whois lookups.

Tags:

whois, enrich, ip

Properties:

In the list below, the names of required properties appear in bold. Any other properties (not in bold) are considered optional. The table also indicates any default values, and whether a property supports the NiFi Expression Language.

Display NameAPI NameDefault ValueAllowable ValuesDescription
Lookup valueQUERY_INPUTThe value that should be used to populate the query
Supports Expression Language: true (will be evaluated using flow file attributes and variable registry)
Whois Query TypeWHOIS_QUERY_TYPEThe Whois query type to be used by the processor (if used)
Whois ServerWHOIS_SERVERThe Whois server to be used
Whois Server PortWHOIS_SERVER_PORT43The TCP port of the remote Whois server
Whois Query TimeoutWHOIS_TIMEOUT1500 msThe amount of time to wait until considering a query as failed
Batch SizeBATCH_SIZE25The number of incoming FlowFiles to process in a single execution of this processor.
Bulk ProtocolBULK_PROTOCOLNone
  • Begin/End The evaluated input of each flowfile is enclosed within begin and end tags. Each row contains a delimited set of fields
  • None Queries are made without any particular dialect
The protocol used to perform the bulk query.
Results ParserQUERY_PARSERNone
  • Split Use a delimiter character or RegEx  to split the results into attributes
  • RegEx Use a regular expression to split the results into attributes
  • None Do not split results
The method used to slice the results into attribute groups
Parser RegExQUERY_PARSER_INPUTChoice between a splitter and regex matcher used to parse the results of the query into attribute groups. NOTE: This is a multiline regular expression, therefore, the DFM should decide how to handle trailing new line characters.
Key lookup group (multiline / batch)KEY_GROUPWhen performing a batched lookup, the following RegEx numbered capture group or Column number will be used to match the whois server response with the lookup field

Relationships:

NameDescription
not foundWhere to route flow files if data enrichment query rendered no results
foundWhere to route flow files after successfully enriching attributes with data

Reads Attributes:

None specified.

Writes Attributes:

NameDescription
enrich.dns.record*.group*The captured fields of the Whois query response for each of the records received

State management:

This component does not store state.

Restricted:

This component is not restricted.

Input requirement:

This component requires an incoming relationship.

System Resource Considerations:

None specified.