I've had the Whois lookup service configured now for over a week and have yet to see it perform an actual lookup for Automated Threat Detection (CnC traffic). I've put gone through all the troubleshooting steps found here; Alerting: Troubleshoot Automated Threat Detection but I don't see any of the counters moving in the ESA Explorer View. The proxy is configured, the warm up period has long been over, I have a whitelist setup, and so on.
Whois Service in Explorer View
Automated Threat Detection ESA Configurations
C2 Aggreate Rule is Enabled
Does anyone have any ideas? I forgot to add that Live is configured and working.