Forum Discussion
Correct GEO IP Lookup
Right now with Azure P2 we get alerts and the GEO IP is incorrect so it reports a false positive on improbable travel. How can I use MS Sentinel to fix how Azure GEO lookup is incorrect?
Hi Clive,
Do you know if this database look up is still referencing Azure or could you use another database for a reference?
it's using data as mentioned inthe link and below. If you need another source you either bring that in with a custom connector or maybe use one of the supplier Playbooks that enrich with links to VirusTotal etc...these may need a subscription
This function uses GeoLite2 data created by MaxMind, available from https://www.maxmind.com