Look up geo-information for an IP address using the MaxMind “GeoIP ISP” database.
You can obtain a free-to-use (gratis but not libre) database from https://www.maxmind.com/ or you can pay for a more accurate option.
You will need to provide the path to a valid GeoIP ISP database located on
your server. The artifact expects you to store the database location in the
server metadata, under the metadata key “GeoIPISPDB” (for example
/usr/shared/GeoIP2-City_20210910/GeoIP2-ISP.mmdb).
Although you can collect this artifact directly, it is more likely that you would import this artifact from your own artifact to gain access to the utility lookup functions.
name: Server.Enrichment.GeoIPISP
description: |
Look up geo-information for an IP address using the MaxMind "GeoIP ISP"
database.
You can obtain a free-to-use (gratis but not libre) database from
https://www.maxmind.com/ or you can pay for a more accurate option.
You will need to provide the path to a valid GeoIP ISP database located on
your server. The artifact expects you to store the database location in the
server metadata, under the metadata key "GeoIPISPDB" (for example
`/usr/shared/GeoIP2-City_20210910/GeoIP2-ISP.mmdb`).
Although you can collect this artifact directly, it is more likely that you
would import this artifact from your own artifact to gain access to the
utility lookup functions.
export: |
LET ISPDB = server_metadata().GeoIPISPDB
LET ISP(IP) = geoip(db=ISPDB, ip=IP).isp
LET ORG(IP) = geoip(db=ISPDB, ip=IP).organization
LET ASN(IP) = geoip(db=ISPDB, ip=IP).autonomous_system_number
LET ASO(IP) = geoip(db=ISPDB, ip=IP).autonomous_system_organization
parameters:
- name: IP
description: An IP to lookup
type: SERVER
sources:
- query: |
SELECT ISP(IP=_value) AS ISP,
ORG(IP=_value) AS Organization,
ASN(IP=_value) AS ASN,
ASO(IP=_value) AS ASO
FROM foreach(row=IP)