Forum Discussion
Correct GEO IP Lookup
Right now with Azure P2 we get alerts and the GEO IP is incorrect so it reports a false positive on improbable travel. How can I use MS Sentinel to fix how Azure GEO lookup is incorrect?
- You can look at https://learn.microsoft.com/en-us/kusto/query/geo-info-from-ip-address-function?view=microsoft-fabric in a Playbook to enrich the result. Just make sure you read the notes on the source, as Azure P2 may use the same, you'll need to test a few IPs.
Hi Clive,
Do you know if this database look up is still referencing Azure or could you use another database for a reference?
it's using data as mentioned inthe link and below. If you need another source you either bring that in with a custom connector or maybe use one of the supplier Playbooks that enrich with links to VirusTotal etc...these may need a subscription
This function uses GeoLite2 data created by MaxMind, available from https://www.maxmind.com
