GeoIP Plugin - Offer Expanded MaxMind Data

Question

GeoIP Plugin - Offer Expanded MaxMind Data

andrewvc opened this issue 6 years ago · 1 comments

Moved from elastic/logstash#9202 , original issue by @ubhackn

For really quick and easy security analysis of IP data, it would be helpful if the existing geoip plugin could include the GeoIP Anonymous IP database from MaxMind such that we don't need to purchase and maintain the license with them directly. Having a field like geoip.proxy_name would allow for highlighting of traffic from known proxy/anonymizer IPs (like TOR), which we can then use as an additional data point for threat detection.

Answer 1 · 2018-03-19T15:48:18.000Z

from what I understand the GeoIP Anonymous IP database is a commercial offering from Maxmind, so we won't be releasing it with Logstash which is an open source project.