Has anyone been able to come up with a workaround for Geolocation data being out of date in ESM? We do not take on prem upgrads frequently and run into issues with geolocations being incorrect or non populated for events and generating false positives.
Re: Geolocation information data incorrect workaround
In addition to the hotfixes for situations where you know the geolocation has updated but the SIEM has not updated it yet (or especially for private IPs where you need to have geolocation) then this is a good use case for Zones and SubZones. With Subzones you can assign a range of IPs to a specific geolocation, including private ips.
Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.
Community Help Hub
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.