Forum Discussion

RW_THX1138's avatar
RW_THX1138
Copper Contributor
Jun 24, 2022

Azure-Sentinel/Playbooks/Get-GeoFromIpAndTagIncident

Hi

 

I am really scratching my head with this one, I want to use the Get-GeoFromIpAndTagIncident playbook which is available on GitHub from the Community page in Sentinel. I've set up the playbook but when I run it I get a failure with the message 'SSL unavailable for this endpoint, order a key at https://members.ip.api.com/' , I'm positive there's a way to circumvent this but I am drawing a blank as to where?

  • mikhailf's avatar
    mikhailf
    Steel Contributor

    Hello RW_THX1138 ,

     

    Try to open the IP-API on your Azure Portal, go to Overview -> Edit. Scroll down and you will see "Scheme" is set to HTTPS. Change it to HTTP and check if it works.

    OR

    You should have an account on https://ip-api.com/ and probably from there create an API key to use it in your connection. 

    Check the HTTP and update.

     

    • Rich_Watson's avatar
      Rich_Watson
      Copper Contributor
      Thanks mikhailf, so I ended up starting again from scratch as couldn't find the how to edit IP-API, found that the issue was the custom connector which I hadn't downloaded but when I did download I found that I needed to edit it to change it from HTTPS to HTTP and hey presto it's now all working, couldn't have got to that stage without your steer though so thanks for that.

Resources