I published the following diary on isc.sans.org: “Searching for Geographically Improbable Login Attempts“:
For the human brain, an IP address is not the best IOC because, like phone numbers, we are bad to remember them. That’s why DNS was created. But, in many log management applications, there are features to enrich collected data. One of the possible enrichment for IP addresses is the geolocalization. Based on databases, it is possible to locate an IP address based on the country and/or the city. This information is available in our DShield IP reputation database… [Read more]
[The post [SANS ISC] Searching for Geographically Improbable Login Attempts has been first published on /dev/random]
Article Link: https://blog.rootshell.be/2018/07/17/sans-isc-searching-for-geographically-improbable-login-attempts/