Ip Address Location Geo4/19/2021
In any case you can use PowerShell and one of the many free online IP geo location APIs to find out where these IPs are based geographically.Ill show you how.Geo Location Lookup Service Usage One such online IP geo location API provider is ip-api.
![]() Ip Address Location Geo Free Online IPAs an example, lets try to look up whitehouse.gov using PowerShell. For normal forensic analysis of a list of IP addresses I suggest to grab these four properties: Query (the IP address being queried) City Country ISP Analyzing a List of IP Addresses Assuming you have a long list of (unique) IPs you want to analyze, lets make a script that will provide you with valuable geographical information for each of the IP addresses. To make life more easy lets start by making a PowerShell function that will objectify the geo location information. But be warned The ip-api.com provider is protected from abuse by a 45-queries-per-minute limit If you penetrate this limit your IP will get blocked and you will have to log in to their web site to unblock it again (which is not easy when youre blocked). ![]() Please note If youre already a customer at ip-api.com you need to use a slightly different URL and include your API key in the body of the request, like so. Looking at the Data The above script generates an output to Excel that may look similar to this. But assuming you dont have any employees working or visiting that country it may appear strange that a Nigerian IP address is found connecting to your Office 365 environment (or VPN or remote desktop or whatever log file youre analyzing). Further Analysis When you have identified one or more suspicious IPs use them for further analysis of your log files. If youre investigating an Office 365 breach put the suspicious IPs in an input file and run the following script. This is very useful information for further damage control and as evidence in case you want to pursue legal action. Wrapping It Up I highly recommend proactive use of this technique: If your user base is limited geographically (certain countries or regions) you can set up alerts for critical resources in case of irregular accesses being detected. For more details on analysis of the Office 365 audit log using PowerShell refer to this post. If you continue to use this site we will assume that you are happy with it.
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |