Location from IP

%3CLINGO-SUB%20id%3D%22lingo-sub-1480280%22%20slang%3D%22en-US%22%3ELocation%20from%20IP%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1480280%22%20slang%3D%22en-US%22%3E%3CP%3EIs%20there's%20a%20way%20to%20find%20out%20the%20location%20i.e.%20city%20and%20country%20from%20IP%20address%3F%3C%2FP%3E%3CP%3EI%20am%20using%20AzureActivity%20table%20and%20want%20to%20plot%20the%20activities%20on%20a%20GeoMap.%3C%2FP%3E%3CP%3EIn%20order%20to%20do%20that%20I%20need%20to%20find%20out%20the%20location%20from%20CallerIp%20address.%3C%2FP%3E%3CP%3ECan%20somebody%20please%20let%20me%20know%20if%20we%20can%20do%20this.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAlso%2C%20subsequently%2C%20I%20have%20to%20find%20if%20the%20IP%20is%20blacklisted%20as%20well%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1480652%22%20slang%3D%22en-US%22%3ERe%3A%20Location%20from%20IP%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1480652%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F693835%22%20target%3D%22_blank%22%3E%40uditk14%3C%2FA%3E%26nbsp%3BInside%20of%20Azure%20Sentinel%2C%20no%20there%20isn't.%26nbsp%3B%20%26nbsp%3BYou%20could%20use%20a%20Logic%20App%20that%20performs%20this%20query%20and%20saves%20the%20information%20into%20a%20separate%20custom%20table%20that%20you%20can%20then%20query.%26nbsp%3B%20Also%2C%20depending%20on%20what%20you%20are%20doing%20with%20the%20data%2C%20you%20can%20use%20Azure%20Notebooks%20to%20do%20the%20query.%26nbsp%3B%20These%20notebooks%20can%20use%20both%20data%20inside%20of%20and%20an%20external%20to%20Azure%20Sentinel.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAs%20far%20as%20using%20a%20blacklist%2C%20take%20a%20look%20at%20this%20blog%20post%20that%20discusses%20the%20externdata%20command%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fimplementing-lookups-in-azure-sentinel%2Fba-p%2F1091306%22%20target%3D%22_blank%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fimplementing-lookups-in-azure-sentinel%2Fba-p%2F1091306%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Occasional Contributor

Is there's a way to find out the location i.e. city and country from IP address?

I am using AzureActivity table and want to plot the activities on a GeoMap.

In order to do that I need to find out the location from CallerIp address.

Can somebody please let me know if we can do this.

 

Also, subsequently, I have to find if the IP is blacklisted as well

1 Reply

@uditk14 Inside of Azure Sentinel, no there isn't.   You could use a Logic App that performs this query and saves the information into a separate custom table that you can then query.  Also, depending on what you are doing with the data, you can use Azure Notebooks to do the query.  These notebooks can use both data inside of and an external to Azure Sentinel.

 

As far as using a blacklist, take a look at this blog post that discusses the externdata command: https://techcommunity.microsoft.com/t5/azure-sentinel/implementing-lookups-in-azure-sentinel/ba-p/10...