IPinfo.io is a Threat Intelligence (TI) integration. TI Data Source integrations are used during investigations to improve analysis and in interactive chat to help answer questions. They are optional, but enabling more tooling integrations enhances Dropzone analysis.
The Dropzone platform integrates with IPinfo.io to determine IP information such as IP reputation, location data, proxy detection, and organization context.
Record the access token shown for use later in the Dropzone UI where it is called "API key"
The API key
Enable IPinfo.io
To enable the Data Source integration, do the following:
Navigate to your Dropzone AI tenant home page e.g. https://mycompany.dropzone.app
In the bottom left hand corner, click Settings > Integrations
Integrations Dropdown
Click "Available"
Click Available
In the Search bar, search ipinfo.io, then click "Configure"
The ipinfo.io Data Tile
Input the API key
Under "Trusted Enterprise Remote Access Solutions," select from the dropdown any remote-access solutions you wish to treat as a trusted enterprise
The ipinfo.io Data Source Configuration (pt 1)
In the "Trusted Networks" section, you may input a list of trusted IP addresses or CIDR ranges to exclude from analysis. To do so, click "Add Item," input the IP address or range, and add a brief description of the network. Continue adding items until done
The ipinfo.io Data Source Configuration (pt 2)
Click "Test & Save" to finish
If you have any errors engage your Dropzone AI support representative.
