Skip to main content

MaxMind GeoIP2

This Integration is part of the MaxMind GeoIP2 Pack.#

This integration was integrated and tested with MaxMind GeoIP2 v2.1.

Configure MaxMind GeoIP2 on Cortex XSOAR

  1. Navigate to Settings > Integrations > Servers & Services .
  2. Search for MaxMind GeoIP2.
  3. Click Add instance to create and configure a new integration instance.
    • Name : a textual name for the integration instance.
    • API Key : The API key from MaxMind
    • Account ID : Account number used for MaxMind
    • Use system proxy
    • Trust any certificate (not secure)
    • Service Version : Denotes what level of detail for the results. There are three options Country , City , and Insights . Note that each version has a different cost per API call.
    • Base URL : The API endpoint.
  4. Click Test to validate the URLs, token, and connection.

Commands

You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

  1. Check the reputation of an IP address: ip

1. Check the reputation of an IP address

Checks the reputation of an IP address (when information is available, returns a JSON with details). Uses all configured Threat Intelligence feeds.

Base Command

ip

Input
Argument Name Description Required
ip IP address to query Required

Context Output
Path Type Description
IP.Address string The IP address
MaxMind.Address string The IP address
MaxMind.Geo.City string The IP city
IP.Geo.Country string The IP country
MaxMind.Geo.Country string The IP country
IP.Geo.Location string The IP geographic location in coordinates
MaxMind.Geo.Location string The IP geographic location in coordinates
MaxMind.Geo.TimeZone string The time zone the IP is located
MaxMind.Geo.Accuracy number The accuracy of the location
MaxMind.Geo.Continent string The IP continent
MaxMind.Geo.Subdivision string The IP subdivision
IP.ASN string The IP ASN
MaxMind.ASN string The IP ASN
MaxMind.Organization string The IP organization
MaxMind.Tor boolean Is IP a Tor exit node
MaxMind.Host string The IP host
MaxMind.Anonymous boolean Is the IP anonymous
MaxMind.UserType string The IP user type
MaxMind.ISP string The IP ISP
MaxMind.Domain string The domain associated to the IP
MaxMind.ISO_Code string ISO code for the country the IP is located
MaxMind.RegisteredCountry string Country the IP is registered to

Command Example

!ip ip="8.8.8.8"

Context Example 
{
    "IP": {
        "Geo": {
            "Country": "United States",
            "Location": "37.751, -97.822"
        },
        "ASN": 15169,
        "Address": "8.8.8.8"
    },
    "MaxMind": {
        "Address": "8.8.8.8",
        "ISP": "Google",
        "Organization": "Google LLC",
        "ISO_Code": "US",
        "Geo": {
            "Location": "37.751, -97.822",
            "Country": "United States",
            "Continent": "North America",
            "Accuracy": 1000
        },
        "ASN": 15169,
        "RegisteredCountry": "United States"
    }
}
Human Readable Output

screen shot 2019-01-16 at 15 22 07

Edit this page
Report an Issue