Inaccurate IP GeoData Lookup
The-Real-Justin opened this issue · 2 comments
Describe the bug
The external data source that the Azure Firewall Workbook relies upon to determine the location of IP addresses is very out of date.
https://raw.githubusercontent.com/datasets/geoip2-ipv4/master/data/geoip2-ipv4.csv
Reproduce
Steps to reproduce the behavior:
- Go to: https://raw.githubusercontent.com/datasets/geoip2-ipv4/master/data/geoip2-ipv4.csv
- Search for "85.239.32.0/19" (actual client ip is: 85.239.52.9)
- See that it is in Russia
- Go to: https://www.iplocation.net/ip-lookup
- Search for "85.239.52.9"
- See that it is reported as being in Atlanta, Georgia
Expected behavior
IP Address geo-location lookup is accurate
Screenshots
N/A
Environment- if applicable
N/A
Desktop (please complete the following information if applicable):
N/A
Logs- if applicable
N/A
Additional context
The last commit to the public dataset was 6 years ago.
@The-Real-Justin Thank you for submitting this issue. We will get back to you in the next 72 hours.
Thanks,
I found that this KQL function was recently released. I've played around with it and it seems to be much more accurate than the current csv lookup.
https://learn.microsoft.com/en-us/azure/data-explorer/kusto/query/geo-info-from-ip-address-function