Configure Google Maps for visual geolocation data
The MaxMind app provides a geolocate_IP
action that uses Google Maps functionality to show a world map with a marker indicating the approximate location of the IP under investigation. You must provide a Google Maps API key to enable this functionality. See the Google Maps Javascript API site for more information about obtaining a Google Maps API key.
After obtaining an API key, perform the following steps:
- From the Main Menu, select Administration.
- Select Administration Settings > Google Maps.
- Enter your API key into the field.
- Click Save Changes.
With a proper API key applied, MaxMind Geolocate IP displays a map with searches.
The MaxMind app is updated periodically with the Splunk Phantom product.
If you want to update the MaxMind app's database more frequently, see the instructions on the MaxMind website in the article MaxMind updates.
The MaxMind database is stored in the directory /opt/phantom/apps/maxmind_[app id]
Configure search in Splunk Phantom | Manage your organization's credentials with a password vault |
This documentation applies to the following versions of Splunk® Phantom (Legacy): 4.8, 4.9, 4.10, 4.10.1, 4.10.2, 4.10.3, 4.10.4, 4.10.6, 4.10.7
Feedback submitted, thanks!