IPinfo
Connector Category: Enrichment Tool
CTIX integrates with IPinfo to retrieve the details of an IP address, such as the hostname, location, timezone, ASN, company, privacy, and abuse. This integration allows analysts to get detailed insights about suspicious IP addresses and recommend necessary actions to block the threat.
Use Cases
Identify the origin of a cyberattack by geo-locating IP addresses.
Identify the root cause of a cyberattack by correlating the location details of IP addresses and threat actors.
Benefits
Enrich suspicious IP addresses in real-time to proactively defend against a variety of cyberattacks.
Identify targeted attacks at an early stage by identifying the geo-location of the IP address.
Configure IPinfo App in CTIX
Configure IPinfo to enrich IP addresses.
Before you Start
Ensure that you have the API credentials of your IPinfo account.
Ensure that you have the view, create, and update permissions for Enrichment Management in CTIX.
Steps
To configure IPinfo as an enrichment tool in CTIX, do the following:
Sign in to CTIX and go to Administration > Enrichment Management > Enrichment Tools.
Search and select the ipinfo enrichment tool.
Click Add Account.
Enter a unique account name to identify the instance. For example, Prod_ipinfo.
Enter the base URL to directly connect to the application's server. For example, https://<domain>/directoryname/.
Enter the API key to authenticate API calls between the CTIX and IPinfo servers.
Click Save.
After successfully adding an account, you can view and enable the IPinfo feed enrichment types. You can also configure quota to define a limit to the number of enrichment requests an IPinfo account makes for a certain duration. After the quota expires, you can not make enrichment requests until the quota is reset for the next duration. For more information, see Define Quota in Configure Enrichment Tools.
To understand the number of API calls and quota units consumed by the IPinfo enrichment tool, refer to the following table.
Enrichment Tool | Feed Enrichment Type | Number of API Calls | Quota Consumed |
|---|---|---|---|
IPinfo | IP | 1 | 1 |
You can configure an enrichment policy to automatically enrich the threat intel data of IPinfo. For more information, see Configure Enrichment Policy.