IC SunsetThe developerWorks Connections platform will be sunset on December 31, 2019. On January 1, 2020, this community and its apps will no longer be available. More details available on our FAQ.
Topic
  • No replies
uwmpatters
uwmpatters
1 Post

Pinned topic AQL: geographic area from events

‏2016-09-20T20:26:26Z |

I don't know if this is properly an API question, or an AQL question, but since I don't see any AQL fora and I ran into this working with the API... what I'd like to do is get QRadar to tell me what its idea of the country of source/destinationIPs it's returning to me in my AQL query. I can see that simarc and flows databases will allow this, but apparently not events. Am I missing something, or will I need to do this on my own? In the past, I've done that, but the libraries to which I have access don't always jive completely with QRadar's. I thought about just copying off QRadar's geoip file on occasion and pointing to that, but I'd really rather not.