MaxMind

This app is a set of actions to interact with the MaxMind GeoIP2 service. For full details on using MaxMind GeoIP2 please see here. The following actions are available:

• Get GeoIP Info - Action to retrieve GeoIP2 info for a specified Address.
• Advanced Request - Users may access the full MaxMind API.

This app can be found in the ThreatConnect App Catalog under the name: MaxMind

The Polarity - MaxMind integration will search MaxMind's vast IP database to provide geolocation, ASN and proxy information. Enabling analysts to quickly understand what an IP is and where it is located.

Examples

MaxMind Data Overview

• Summary Tags: Quickly get an understanding if the IP is related to a proxy and what the country of the IP and who owns the IP.
• Info: Additional information on the IP such as: ASN, Network, Org, Country and Type of IP if available.