The MaxMind Geolocate Operation for ThreatQ enables analysts to fetch geolocation information from a MaxMind database or the web API.

The operation provides the following actions:

• Lookup - performs a Geolocation lookup for the given IP Address.
• Lookup All Related IPS - performs a look up of related IPs and adds the results to the description.

The operation is compatible with the following system objects:

• Files (Attachments)
• Indicators:
  • IP Address
  • IPv6 Address