Sep 24 2024 05:36 AM
Right now with Azure P2 we get alerts and the GEO IP is incorrect so it reports a false positive on improbable travel. How can I use MS Sentinel to fix how Azure GEO lookup is incorrect?
Sep 25 2024 09:48 AM
Sep 29 2024 05:58 PM
Hi Clive,
Do you know if this database look up is still referencing Azure or could you use another database for a reference?
Sep 29 2024 11:27 PM
it's using data as mentioned inthe link and below. If you need another source you either bring that in with a custom connector or maybe use one of the supplier Playbooks that enrich with links to VirusTotal etc...these may need a subscription
This function uses GeoLite2 data created by MaxMind, available from https://www.maxmind.com