Update the countries of public IP addresses on Qradar

View Only

Update the countries of public IP addresses on Qradar

1. Update the countries of public IP addresses on Qradar

0 Like
hichem azaiez
Posted Tue November 24, 2020 06:20 AM

Reply
Hi Community,

I am on version 7.33 Qradar, how will I be able to update the countries of public IP addresses on Qradar.

Below is an example of @IP that arrive from Tunisia but not identified by Qradar or with the wrong country (197.244.175.25 Nigeria flag) :

Help please!

Best,

------------------------------
Hichem AZAIEZ
------------------------------

------------------------------
hichem azaiez
------------------------------
2. RE: Update the countries of public IP addresses on Qradar

0 Like
Hasan Erhan AYDINOĞLU
Posted Wed November 25, 2020 03:39 AM

Reply
Hi Hichem

Could you please check the documents if it has solution?
https://www.ibm.com/support/pages/qradar-support-geodata-faq
Regards

------------------------------
Hasan Erhan AYDINOĞLU
------------------------------

Original Message
3. RE: Update the countries of public IP addresses on Qradar

0 Like
hichem azaiez
Posted Wed November 25, 2020 08:30 AM

Reply
Thanks for all very much.

------------------------------
Hichem AZAIEZ
------------------------------

Original Message
4. RE: Update the countries of public IP addresses on Qradar

0 Like
Dusan VIDOVIC
Posted Wed November 25, 2020 04:26 AM

Reply
Hi Hichem. You probably did already review the QRadar Geodata FAQ , nevertheless ? Few things pop to mind : Check under Admin > System Settings > Geographic Settings if you have the MaxMind account proprerly set and if the Country selection was set to Physical or Registered Location. In the lab (QRadar 7.4.1) I used the logrun.pl script with the spoofed IP address you stated and in thew Log activity UI I saw it as from Tunisia (my System settings > Country selection is set to Physical location).

------------------------------
Dusan VIDOVIC
------------------------------

Original Message
5. RE: Update the countries of public IP addresses on Qradar

0 Like
hichem azaiez
Posted Wed November 25, 2020 08:29 AM

Reply
Thanks very much.

------------------------------
Hichem AZAIEZ
------------------------------

Original Message

IBM Security QRadar

Update the countries of public IP addresses on Qradar

hichem azaiezTue November 24, 2020 06:20 AM

Hasan Erhan AYDINOĞLUWed November 25, 2020 03:39 AM

hichem azaiezWed November 25, 2020 08:30 AM

Dusan VIDOVICWed November 25, 2020 04:26 AM

hichem azaiezWed November 25, 2020 08:29 AM

1. Update the countries of public IP addresses on Qradar

2. RE: Update the countries of public IP addresses on Qradar

3. RE: Update the countries of public IP addresses on Qradar

4. RE: Update the countries of public IP addresses on Qradar

5. RE: Update the countries of public IP addresses on Qradar