https://catalogartifact.azureedge.net/publicartifacts/idbllc1687537942583.microsoft-sentinel-solution-ipinfo-ipintelligence-600e75ba-f644-4977-a7c9-1a51a0f7470a/701ea1ba-20f3-4c79-83d7-057a85915b9d_Logo.png

IPinfo: IP geolocation & intelligence database

by IPinfo Inc.

Highly contextualized IP address metadata for security enrichment

What does this solution provide?


This solution enables Microsoft and IPinfo [mutual] customers to access IPinfo's leading IP intelligence databases in Sentinel workspaces.
It is primarily used to enhance threat detection and response by enriching logs with highly contextualized IP address insights. The data insights include: IP geolocation, network ownership, routing, proxy detection and many other IP based classifications/attributes.


Who is this solution designed for?


Security Operations Professionals/Teams (analysts, engineers etc.) using Microsoft Sentinel and who have an active IPinfo database download subscription in place. Currently this solution does not support IPinfo API customers.

What tables are accessible in this solution?


  • IP to Country + ASN

  • IP to Geolocation

  • IP to Company

  • ASN Database

  • IP to Privacy Detection

  • IP to Mobile Carrier

  • Hosted Domains

  • Abuse Contact

  • IP WHOIS

  • IP to Geolocation Extended

  • IP to Privacy Detection Extended


For more information please check out our Data Dictionary

What are the key use cases?


IPinfo's leading IP databases provide Security Operations teams with actionable intelligence to detect and respond to threats in a smarter, more efficient way. Some common use cases are shown below:
  • Network / Access Management: Enrich your log data with accurate IP intelligence to implement dynamic network rules/policies to protect your network against sophisticated attacks.
  • Threat Intelligence, Detection & Response: Leverage a diverse range of IP based attributes to improve knowledge of IOCs and threat intelligence, whilst augmenting security playbooks to reduce MTTRs.
  • Reduce Alert Fatigue: Help your team to focus on what matters. Enriching logs with IP intelligence allows Security Teams to operate more efficiently by cutting through the noise and prioritizing actions on security events that present legitimate threats.


How to access / activate this solution?


Microsoft Sentinel customers will need to ensure that they have a free or paid IPinfo database download subscription in place, to activate their applicable datasets [see above] in this solution. Visit the IPinfo Signup Page for more information, or contact alliances@ipinfo.io for assistance.