MaxMind offers both free and paid geolocation services. Their GeoIP service enables users to query the location of an IPv4 or IPv6 address. Context such as an IP’s country, continent, city, postal code, and more can be retrieved.

This integration allows ThreatQ users to enrich IP addresses with geolocation data from MaxMind. This data can be used to better understand the context of an IP address and make more informed decisions.

The integration provides the following action:

• MaxMind GeoIP Lookup - This action fetches geolocation data for IP addresses from MaxMind’s GeoIP service.

The action is compatible with the following object types:

• Indicators
• IP Address
• IPv6 Address

The action returns the following enriched system objects:

• Indicators
• IP Address
• IPv6 Address
• FQDN

Note:  This action is intended for use with ThreatQ TDR Orchestrator (TQO). An active TQO license is required for this feature.