GeoIP Monitoring

Description

This bundle tracks the inbound and outbound geographic mapping based on the origin and destination IP address.

Bundle Contents

• (2) Alerts
  
  • GeoIP Inbound Alerts
  • GeoIP Outbound Alerts
• (1) Triggers
  
  • GeoIP Tracking
• (3) Pages
  
  • GeoIP Traffic
  • GeoIP Device Traffic
  • GeoIP Alerts
    
• (1) Geomap
  • GeoIP
    
• (1) Applications
  • GeoIP
    
• (1) Dashboard
  • GeoIP - Summary
    
• (1) Record Format
  • GeoIP

Requirements

Installation Instructions

1. Download the bundle on this page.
   
2. Log into the ExtraHop Web UI and complete the following procedures, which are available in the ExtraHop Web UI Guide ExtraHop Web UI Guide.
   
   • Upload a Bundle
   • Apply a Bundle
     • Make sure to select Overwrite
       
   • Assign a Trigger
     
     • Monitoring traffic inside of the firewall: Assign the trigger to the internal gateway/firewall interface(s).
     • Monitoring traffic inside and outside of the firewall: Assign the trigger to the inside gateway/firewall interface(s) and to the external interface(s).
       Note that with this configuration you will also want to add your public IP addresses to the DMZ array within the trigger (See step #3 below)
       
   • Enable a Trigger
   • (Optional) Configure Email Notifications
     
   • (Optional) Configure Syslog Handlers
     
3. Edits to the trigger:
   
   • Add your public IP addresses to the DMZ array at the top of the trigger.
     
   • If you have an exa and wish to commit records to it set the exa variable to true.