IBM QRadar

IBM QRadar

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

View Only

Back to discussions

Expand all | Collapse all

Update the countries of public IP addresses on Qradar

1. Update the countries of public IP addresses on Qradar

Like
hichem azaiez
Posted Tue November 24, 2020 06:20 AM

Reply
Hi Community,

I am on version 7.33 Qradar, how will I be able to update the countries of public IP addresses on Qradar.

Below is an example of @IP that arrive from Tunisia but not identified by Qradar or with the wrong country (197.244.175.25 Nigeria flag) :

Help please!

Best,

------------------------------
Hichem AZAIEZ
------------------------------

------------------------------
hichem azaiez
------------------------------
2. RE: Update the countries of public IP addresses on Qradar

Like
Hasan Erhan AYDINOĞLU
Posted Wed November 25, 2020 03:39 AM

Reply
Hi Hichem

Could you please check the documents if it has solution?
https://www.ibm.com/support/pages/qradar-support-geodata-faq
Regards

------------------------------
Hasan Erhan AYDINOĞLU
------------------------------

Original Message
3. RE: Update the countries of public IP addresses on Qradar

Like
hichem azaiez
Posted Wed November 25, 2020 08:30 AM

Reply
Thanks for all very much.

------------------------------
Hichem AZAIEZ
------------------------------

Original Message
4. RE: Update the countries of public IP addresses on Qradar

Like
Dusan VIDOVIC
Posted Wed November 25, 2020 04:26 AM

Reply
Hi Hichem. You probably did already review the QRadar Geodata FAQ , nevertheless ? Few things pop to mind : Check under Admin > System Settings > Geographic Settings if you have the MaxMind account proprerly set and if the Country selection was set to Physical or Registered Location. In the lab (QRadar 7.4.1) I used the logrun.pl script with the spoofed IP address you stated and in thew Log activity UI I saw it as from Tunisia (my System settings > Country selection is set to Physical location).

------------------------------
Dusan VIDOVIC
------------------------------

Original Message
5. RE: Update the countries of public IP addresses on Qradar

Like
hichem azaiez
Posted Wed November 25, 2020 08:29 AM

Reply
Thanks very much.

------------------------------
Hichem AZAIEZ
------------------------------

Original Message

IBM QRadar

Update the countries of public IP addresses on Qradar

hichem azaiezTue November 24, 2020 06:20 AM

Hasan Erhan AYDINOĞLUWed November 25, 2020 03:39 AM

hichem azaiezWed November 25, 2020 08:30 AM

Dusan VIDOVICWed November 25, 2020 04:26 AM

hichem azaiezWed November 25, 2020 08:29 AM

1. Update the countries of public IP addresses on Qradar

2. RE: Update the countries of public IP addresses on Qradar

3. RE: Update the countries of public IP addresses on Qradar

4. RE: Update the countries of public IP addresses on Qradar

5. RE: Update the countries of public IP addresses on Qradar

Additional
Resources

Office

Quick Links

IBM QRadar

Update the countries of public IP addresses on Qradar

hichem azaiezTue November 24, 2020 06:20 AM

Hasan Erhan AYDINOĞLUWed November 25, 2020 03:39 AM

hichem azaiezWed November 25, 2020 08:30 AM

Dusan VIDOVICWed November 25, 2020 04:26 AM

hichem azaiezWed November 25, 2020 08:29 AM

1. Update the countries of public IP addresses on Qradar

2. RE: Update the countries of public IP addresses on Qradar

3. RE: Update the countries of public IP addresses on Qradar

4. RE: Update the countries of public IP addresses on Qradar

5. RE: Update the countries of public IP addresses on Qradar

Related Content

Geographic Data Enhancements

Adding country of origin or destination for internet routable addresses to offense notification emails

iptables prerouting to redirect port

QRadar Data Exfiltration Content Extension is released!

Qradar : Events/flows were dropped by the event pipeline.

Additional Resources

Office

Quick Links

Additional
Resources