📄️ Maxmind GeoIP2 and GeoLite2
Overview
📄️ RiskIQ PassiveTotal
RiskIQ PassiveTotal is in the process of becoming Microsoft Defender Threat Intelligence (MDTI). Until the ElastiFlow integration is fully available in MDTI, new users must continue to create an account in RiskIQ Passivetotal at https://community.riskiq.com/registration/.
📄️ User-Defined Metadata
The IP address enrichment module provides supplemental information for IP addresses, such as hostname, autonomous system, geolocation, reputation and additional user-defined metadata. Values are cached for improved performance and flow record throughput. For more control of when enrichment is applied, IP addresses can be included or excluded from various enrichers by CIDR, IP range or individual IP address.