diff --git a/analyzers/MaxMind/MaxMind_GeoIP.json b/analyzers/MaxMind/MaxMind_GeoIP.json index fc6b94e17..80fd4be19 100644 --- a/analyzers/MaxMind/MaxMind_GeoIP.json +++ b/analyzers/MaxMind/MaxMind_GeoIP.json @@ -7,5 +7,21 @@ "description": "Use MaxMind to geolocate an IP address.", "dataTypeList": ["ip"], "baseConfig": "MaxMind", - "command": "MaxMind/geo.py" + "command": "MaxMind/geo.py", + "configurationItems": [ + { + "name": "user_id", + "description": "MaxMind API User ID", + "required": true, + "multi": false, + "type": "string" + }, + { + "name": "license_key", + "description": "MaxMind API License Key", + "required": true, + "multi": false, + "type": "string" + } + ] } diff --git a/analyzers/MaxMind/geo.py b/analyzers/MaxMind/geo.py index fbc9d2e2c..ce5e8c7e3 100755 --- a/analyzers/MaxMind/geo.py +++ b/analyzers/MaxMind/geo.py @@ -4,10 +4,16 @@ import geoip2.database from geoip2.errors import AddressNotFoundError from cortexutils.analyzer import Analyzer +from geoip2.webservice import Client class MaxMindAnalyzer(Analyzer): + def __init__(self): + Analyzer.__init__(self) + self.user_id = self.get_param('config.user_id', None, 'Missing MaxMind API user_id') + self.license_key = self.get_param('config.license_key', None, 'Missing MaxMind API license_key') + def dump_city(self, city): return { 'confidence': city.confidence, @@ -74,7 +80,10 @@ def run(self): try: data = self.get_data() - city = geoip2.database.Reader(os.path.dirname(__file__) + '/GeoLite2-City.mmdb').city(data) + if self.user_id != None and self.license_key != None: + city = Client(self.user_id, self.license_key).city(data) + else: + city = geoip2.database.Reader(os.path.dirname(__file__) + '/GeoLite2-City.mmdb').city(data) self.report({ 'city': self.dump_city(city.city),