Azure-Sentinel/Playbooks/Get-GeoFromIpAndTagIncident

Occasional Visitor

Hi

 

I am really scratching my head with this one, I want to use the Get-GeoFromIpAndTagIncident playbook which is available on GitHub from the Community page in Sentinel. I've set up the playbook but when I run it I get a failure with the message 'SSL unavailable for this endpoint, order a key at https://members.ip.api.com/' , I'm positive there's a way to circumvent this but I am drawing a blank as to where?

1 Reply

Hello @RW_THX1138 ,

 

Try to open the IP-API on your Azure Portal, go to Overview -> Edit. Scroll down and you will see "Scheme" is set to HTTPS. Change it to HTTP and check if it works.

OR

You should have an account on https://ip-api.com/ and probably from there create an API key to use it in your connection. 

Check the HTTP and update.