cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

source ip location and filtering based on the geolocation

jwalasingh
Occasional Contributor

‎Mar 09 2022 01:28 AM

‎Mar 09 2022 01:28 AM

source ip location and filtering based on the geolocation

Hi All,

Greetings..

 

need to check if any IP address from Ukraine and Russia is connecting to my network through my Perimeter FortiGate Firewall. could you please let me know how i can do the filtering based on geolocation? how can i achieve this

 

Thanks in advance for your support.

 

Labels:
597 Views
0 Likes
5 Replies
Reply
5 Replies
best response confirmed by jwalasingh (Occasional Contributor)
Clive_Watson

‎Mar 09 2022 02:09 AM

‎Mar 09 2022 02:09 AM

Solution

Re: source ip location and filtering based on the geolocation

@jwalasingh 

 

Good timing - I just answered this type of question on another thread earlier today, maybe

let IP_Data = 
    external_data(network:string,geoname_id:long,continent_code:string,continent_name:string ,country_iso_code:string,    country_name:string,is_anonymous_proxy:bool,is_satellite_provider:bool)
    ['https://raw.githubusercontent.com/datasets/geoip2-ipv4/master/data/geoip2-ipv4.csv']
    with (ignoreFirstRecord=true, format="csv");
CommonSecurityLog
| where DeviceVendor == "Fortinet"
| where DeviceProduct startswith "Forti"
| summarize ipCount=count() by IPAddress=DestinationIP    
| where isnotempty(IPAddress)
| evaluate ipv4_lookup(IP_Data, IPAddress, network)
| where country_iso_code  in ('RU','UA')

 

You just ned to swap line #8 to SourceIP if you want that instead?   You may need to add other 'where' filters but this should be the basics.

0 Likes
Reply
Jonhed

‎Mar 09 2022 03:08 AM

‎Mar 09 2022 03:08 AM

Re: source ip location and filtering based on the geolocation

This is the first time I saw this ipv4_lookup plugin, it looks great.
Is this something that was added recently?
0 Likes
Reply
Clive_Watson

‎Mar 09 2022 03:28 AM

‎Mar 09 2022 03:28 AM

Re: source ip location and filtering based on the geolocation

In the past 12-6months maybe - not sure ;)

1 Like
Reply
514039847qqcom

‎Nov 17 2022 07:57 AM

‎Nov 17 2022 07:57 AM

Re: source ip location and filtering based on the geolocation

hello, friend,I lost my laptop,I only have Mac address, can I get the criminal internet ip location?
0 Likes
Reply
514039847qqcom

‎Nov 17 2022 08:02 AM

‎Nov 17 2022 08:02 AM

Re: source ip location and filtering based on the geolocation

I can use microsoft count search the laptop location, but it is not very, accurate, arround 200m difference, criminal use it connect with wifi, Can I get his IP?
0 Likes
Reply