Is there a way to find the country for an IP?
eg. Fortinet has SourceIP, DestinationIP. Can I map those to a country or country abbreviation?
I've seen this geoData (below) used somewhere, but I don't know how to map this to the provided subnet to source, destination IP addresses, and get the resulting country information.
let geoData =
materialize (externaldata(network:string,geoname_id:string,continent_code:string,continent_name:string,
country_iso_code:string,country_name:string,is_anonymous_proxy:string,is_satellite_provider:string)
[@"https://raw.githubusercontent.com/datasets/geoip2-ipv4/master/data/geoip2-ipv4.csv"] with
(ignoreFirstRecord=true, format="csv"));
let lookup = toscalar( geoData | summarize list_CIDR=make_set(network) );