MaxMind GeoIP 2.0.0
App Vendor: MaxMind
App Category: Data Enrichment & Threat Intelligence, Network Security
Connector Version: 2.0.0
API Version: v2.1
About App
The MaxMind GeoIP app allows security teams to integrate with the MaxMind GeoIP enterprise application. The app helps analysts identify the IPs from where the attacks originated. Location details of the IP such as Country/City can be identified to gain insights into the attack.
The MaxMind GeoIP app is configured with Cyware Orchestrate to perform the following actions:
Action Name | Description |
|---|---|
Get City | This action retrieves details of the city associated with the given IP. |
Get Country | This action retrieves details of the country associated with a given IP. |
Get Insights | This action retrieves insights associated with a given IP. |
Generic Action | This is a generic action used to make requests to any MaxMind GeoIP endpoint. |
Configuration Parameters
The following configuration parameters are required for the MaxMind GeoIP app to communicate with the MaxMind GeoIP enterprise application. The parameters can be configured by creating instances in the app.
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Base URL | Enter the base URL used to connect to the MaxMind GeoIP API. Example: https://geoip.maxmind.com/geoip | Text | Optional | Default value: https://geoip.maxmind.com/geoip |
User ID | Enter the user ID/account ID. Example: 474221 | Text | Required | |
License Key | Enter the license key. | Password | Required | |
API Version | Enter the API version. Example: v2.0 | Text | Optional | Default value: v2.1 |
Timeout | Enter the timeout value in seconds. This is the number of seconds that requests will wait to establish a connection with MaxMind GeoIP. | Integer | Optional | Allowed range: 15-120 Default value: 15 |
Verify | Choose your preference to verify SSL or TLS while making requests. It is recommended to set this option to yes. Passing no may result in incorrectly establishing the connection. | Boolean | Optional | By default, verification is enabled. |
Action: Get City
This action retrieves details of the city associated with the given IP.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
IP Address | Enter the IP address to retrieve associated city details. Example: 1.1.1.1 | Text | Required |
Example Request
[
{
"ip": "1.1.1.1"
}
]Action: Get Country
This action retrieves details of the country associated with a given IP.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
IP Address | Enter the IP address to retrieve associated country details. Example: 1.1.1.1 | Text | Required |
Example Request
[
{
"ip": "1.1.1.1"
}
]Action: Get Insights
This action obtains insights associated with a given IP.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
IP Address | Enter the IP address to retrieve associated insights. Example: 1.1.1.1 | Text | Required |
Example Request
[
{
"ip": "1.1.1.1"
}
]Action: Generic Action
This is a generic action used to make requests to any MaxMind GeoIP endpoint.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Method | Enter the HTTP method to make the request. | Text | Required | Allowed values: GET, PUT, POST, DELETE |
Endpoint | Enter the endpoint to make the request to. Example: country/1.1.1.1 | Text | Required | |
Query Params | Enter the query parameters to pass to the API. Example: index, max_limit | Key Value | Optional | |
Payload | Enter the payload to pass to the API. Example: $JSON{port:2456} | Any | Optional | |
Extra Fields | Enter the extra fields to pass to the API. | Key Value | Optional | Allowed keys: payload_json, custom_output, download, files, filename, retry_wait, retry_count, response_type |
Example Request
[
{
"method": "GET",
"endpoint": "country/1.2.3.4",
"extra_fields": {},
"query_params": {
"page": "0",
"size": "100"
}
}
]