Topic
  • No replies
uwmpatters
uwmpatters
1 Post

Pinned topic AQL: geographic area from events

‏2016-09-20T20:26:26Z |

I don't know if this is properly an API question, or an AQL question, but since I don't see any AQL fora and I ran into this working with the API... what I'd like to do is get QRadar to tell me what its idea of the country of source/destinationIPs it's returning to me in my AQL query. I can see that simarc and flows databases will allow this, but apparently not events. Am I missing something, or will I need to do this on my own? In the past, I've done that, but the libraries to which I have access don't always jive completely with QRadar's. I thought about just copying off QRadar's geoip file on occasion and pointing to that, but I'd really rather not.