The IPInfo action submits a collection of supported indicators of compromise (IOC) to the IPInfo API in the form of individual HTTP Requests. IPInfo returns a response for each object containing any information it has about the IOC.

The action can perform the following function:

• IPInfo - Enriches IP Addresses with Location information such as Region, Coordinates, Country, and City

The action is compatible with the following IP Address indicator types.

The action returns the  enriched system object:

• IP Address

Note:  This action is intended for use with ThreatQ TDR Orchestrator (TQO). An active TQO license is required for this feature.