Configuring IP location of the QRadar Incident Overview app

You can configure the Incident Contributors map on the Incident Overview app's Incident Detail pane.

About this task

To plot locations of IP addresses on the Incident Contributors map, the Incident Overview app uses a MaxMind City database. If you want to use the IP location map feature, you must download and install a City database from MaxMind.

Procedure

  1. In the Incident Overview app window, click Configure and then click GeoIP Lookup.
  2. Click Browse to locate and upload your database to the app. Only .mmdb file extension is supported.
  3. Use the Timezone field to configure the time zone that your QRadar® deployment uses.
    Note: If your QRadar Console is located in a different time zone than you are, it is important to configure the correct time zone. By default, the Incident Overview app calculates time zone information based on your browser location. Maps and graphs won't display if the time zone that is configured in the Timezone field is different from the QRadar host, or if the time zone format is entered incorrectly.
    Here are some examples of the correct format for the time zone setting:
    • America/Halifax
    • Europe/London
    • Canada/Atlantic
    Verify that your graphs and maps are working when you make any changes.
  4. Define the default values for city, country, latitude, and longitude for unrecognized and internal IP addresses in the remaining fields.
  5. Click Save.