You can configure the Incident Contributors map on the Incident
Overview app's Incident Detail pane.
About this task
To plot locations of IP addresses on the Incident Contributors map, the
Incident Overview app uses a MaxMind City database. If you want to use the IP location map feature,
you must download and install a City database from MaxMind.
Procedure
-
In the Incident Overview app window, click
Configure and then click GeoIP Lookup.
-
Click Browse to locate and upload your database to the app. Only
.mmdb file extension is supported.
-
Use the Timezone field to configure the time zone that your QRadar® deployment uses.
Note: If your QRadar
Console is located
in a different time zone than you are, it is important to configure the correct time zone. By
default, the Incident Overview app calculates time zone information based on your browser location.
Maps and graphs won't display if the time zone that is configured in the
Timezone field is different from the QRadar host, or if the time zone
format is entered incorrectly.
Here are some examples of the correct format for the time zone setting:
- America/Halifax
- Europe/London
- Canada/Atlantic
Verify that your graphs and maps are working when you make any changes.
-
Define the default values for city, country, latitude, and longitude for unrecognized and
internal IP addresses in the remaining fields.
-
Click Save.