IPInfo App for Splunk

The IPinfo Splunk app brings IPinfo's API and IP database (MMDB) products into Splunk. It adds the ipinfo command, which looks up IP information for any IP address in your data. The app enriches Splunk events with geolocation, ASN, privacy, company, abuse, domains, carrier, and residential proxy data. It supports REST API and local MMDB lookups, with automated and manual database updates. SUPPORTED VERSIONS Supports Splunk Enterprise 9.x and 10.x and Splunk Cloud, on Windows, Linux, and Mac. Standalone, distributed, and search head cluster deployments are all supported. DATA PRODUCTS The app supports all IPinfo data types: - IP to Location - IP to Location Extended - IP to Privacy Detection - IP to Privacy Detection Extended - ASN - IP to Company - IP to Carrier - Hosted Domains - Abuse Contact - IP to Country ASN (free) - IP to Residential Proxy (7-day and 30-day lookback) It also supports IPinfo data products that will include different data types together (more info on ipinfo.io/pricing): - IPinfo Lite: Free, unlimited country-level geolocation and ASN data. Full accuracy, commercial license included, production-ready. - IPinfo Core: Adds city and region geolocation, lat/lon, timezone, postal, and boolean flags for anonymous, mobile, satellite and hosting IPs. - IPinfo Plus: Adds Privacy Extended: VPN, proxy, Tor, relay, hosting and mobile carrier identification with service name when applicable, geolocation radius, and ASN/geo last-changed timestamps. - IPinfo Max: Adds residential proxy detection with provider name, last seen, and percentage of days seen. Also includes last-seen dates for other anonymizer services. API only. USAGE After setup, analysts can run single IP lookups from the IPinfo tab or use full SPL syntax to enrich IPs in logs and dashboards. With local MMDB files, lookups are fast and have no request limits. The ipinfo command supports parameters for privacy, ASN, company, abuse, domains, carrier, country ASN, residential proxy, and a combined alltypes flag. GETTING STARTED Sign up at ipinfo.io and retrieve your access token from the dashboard. Start for free with IPinfo Lite: unlimited country-level geolocation and ASN data, full accuracy, and a commercial license so you can run it in production. Upgrade to Core, Plus, or Max as your use case grows. USE CASES - Account takeover and fraud detection - SOC alert enrichment and triage - Threat investigation and incident response - Detection rule engineering - Geo-fencing and compliance RESOURCES - Documentation: https://ipinfo.io/developers/splunk - Sign up: https://ipinfo.io/signup - Pricing: https://ipinfo.io/pricing - Enterprise plans: https://ipinfo.io/enterprise KEYWORDS IP geolocation, IP enrichment, proxy detection, VPN detection, residential proxy, fraud detection, SIEM enrichment, ASN lookup, account takeover, anonymizer detection