Geolocation

This page displays collected public IP address connections to your environment that have been geolocated to their area of origin.  This will allow you to understand where your users are located in the world for purposes of cloud migration or to understand where you may be receiving suspicious connections.

This site includes IP2Location LITE data available from https://lite.ip2location.com.

All country codes and names are based on ISO 3166.

High Risk Areas

The list of High Risk Areas is sourced primarily from Stanford University.  The university compiles its list of high risk countries from a number of sources, including countries that are the subject of Travel Warnings by the U.S. Department of State, and those that are identified as high risk by other U.S. Government sources such as the Department of the Treasury Office of Foreign Assets Control (OFAC), the Federal Bureau of Investigation (FBI), and the Office of the Director of National Intelligence (ODNI). The High Risk Country List also incorporates information from their academic and commercial advisors (e.g., Control Risks). The list is maintained by the Information Security Office, Global Business Services, and the Office of International Affairs and will be updated regularly.

Pin Data

Each pin represents a specific latitude and longitude that one or many IPs have been geolocated to.

On hover:  This will show you how many IPs have been located to that location. 

On click:  Clicking will open a detail pane on the right that will have the following panels (from top to bottom):

  1. View Connection Information: This button will pull up a table that contains all connection information we have for that geolocation (e.g. src and dest ports, IPs, protocols, etc.)
  2. IP Communication: This table shows every internal IP that is communicating with the selected geolocation.  The arrow indicates the direction of the communication.  The arrow is also relative to the map to make it easier to understand
  3. Top 3 Protocols: By count of flows (rows in the view connections tables) which protocols were seen most
  4. Top Threat Level: The Threat Level of devices seen communicating to that location
  5. Stacks: The application stacks that are communicating to that geolocation
  6. LocationsThe locations that are communicating to that geolocation