Forum Discussion
Log source gives IP but not location, anything I can do to get location from IP?
Recently deployed a custom data connector that pulls logs from one of our BI tools. The logs contain who did what from what IP but that's about it. I like to have alerting for sign in's or activity c...
This is one idea (it shows you how to find the country from an IP address) and also how to see if any country want seen in the previous week
let week_ = SigninLogs
| where TimeGenerated between(startofday(ago(7d)) .. endofday(ago(2d)))
| where isnotempty(IPAddress)
| summarize count() by IPAddress
| extend LocationDetails = geo_info_from_ip_address(IPAddress)
| extend country = LocationDetails.country
| distinct tostring(country)
;
SigninLogs
| where TimeGenerated > ago(1d)
| where isnotempty(IPAddress)
| summarize count() by IPAddress
| extend LocationDetails = geo_info_from_ip_address(IPAddress)
| extend country = LocationDetails.country
| distinct tostring(country), IPAddress
| where country !in (week_) // only show countries Today that were not seen before 
Clive,
Thanks a TON. I was able to modify this and get it to work using fields from the custom data table we deployed. Thanks again!!
Thanks a TON. I was able to modify this and get it to work using fields from the custom data table we deployed. Thanks again!!