Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

Azure-Sentinel/Playbooks/Get-GeoFromIpAndTagIncident

Copper Contributor

Hi

 

I am really scratching my head with this one, I want to use the Get-GeoFromIpAndTagIncident playbook which is available on GitHub from the Community page in Sentinel. I've set up the playbook but when I run it I get a failure with the message 'SSL unavailable for this endpoint, order a key at https://members.ip.api.com/' , I'm positive there's a way to circumvent this but I am drawing a blank as to where?

3 Replies

Hello @RW_THX1138 ,

 

Try to open the IP-API on your Azure Portal, go to Overview -> Edit. Scroll down and you will see "Scheme" is set to HTTPS. Change it to HTTP and check if it works.

OR

You should have an account on https://ip-api.com/ and probably from there create an API key to use it in your connection. 

Check the HTTP and update.

 

Thanks mikhailf, so I ended up starting again from scratch as couldn't find the how to edit IP-API, found that the issue was the custom connector which I hadn't downloaded but when I did download I found that I needed to edit it to change it from HTTPS to HTTP and hey presto it's now all working, couldn't have got to that stage without your steer though so thanks for that.
Hi Rich_Watson, please share if you found out the solution.