IPinfo WHOIS ORG Data Connector
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
| Attribute | Value |
|---|---|
| Connector ID | IPinfoWHOISORGDataConnector |
| Publisher | IPinfo |
| Used in Solutions | IPinfo |
| Collection Method | Azure Function |
| Connector Definition Files | IPinfo_WHOIS_ORG_API_AzureFunctionApp.json |
| Ingestion API | Log Ingestion API — Azure Function code uses LogsIngestionClient/Log Ingestion API |
This IPinfo data connector installs an Azure Function app to download WHOIS_ORG datasets and insert it into custom log table in Microsoft Sentinel
Tables Ingested
This connector ingests data into the following tables:
| Table | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|
Ipinfo_WHOIS_ORG_CL |
? | ✓ | ? |
💡 Tip: Tables with Ingestion API support allow data ingestion via the Azure Monitor Data Collector API, which also enables custom transformations during ingestion.
Permissions
Resource Provider Permissions: - Workspace (Workspace): read and write permissions on the workspace are required. - Keys (Workspace): read permissions to shared keys for the workspace are required. See the documentation to learn more about workspace keys.
Custom Permissions: - Microsoft.Web/sites permissions: Read and write permissions to Azure Functions to create a Function App is required. See the documentation to learn more about Azure Functions. - IPinfo API Token: Retrieve your IPinfo API Token here.
Setup Instructions
⚠️ Note: These instructions were automatically generated from the connector's user interface definition file using AI and may not be fully accurate. Please verify all configuration steps in the Microsoft Sentinel portal.
1. Retrieve API Token
Retrieve your IPinfo API Token here.
2. In your Azure AD tenant, create an Azure Active Directory (AAD) application
In your Azure AD tenant, create an Azure Active Directory (AAD) application and acquire Tenant ID, Client ID, and Client Secret: Use this Link.
3. Assign the AAD application the Microsoft Sentinel Contributor Role.
Assign the AAD application you just created to the Contributor(Privileged administrator roles) and Monitoring Metrics Publisher(Job function roles) in the same “Resource Group” you use for “Log Analytic Workspace” on which “Microsoft Sentinel” is added: Use this Link.
4. Get Workspace Resource ID
Use the Log Analytic Workspace -> Properties blade having the 'Resource ID' property value. This is a fully qualified resourceId which is in the format '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}'
5. Deploy the Azure Function
Use this for automated deployment of the IPinfo data connector using an ARM Tempate.
-
Click the Deploy to Azure button below.
2. Select the preferred Subscription, Resource Group and Location. 3. Enter the RESOURCE_ID, IPINFO_TOKEN, TENANT_ID, CLIENT_ID, CLIENT_SECRET.
1. Manual Deployment of Azure Functions
Use the following step-by-step instructions to deploy the IPinfo data connector manually with Azure Functions (Deployment via Visual Studio Code). Step 1 - Deploy a Function App
- Download the Azure Function App file. Extract the archive to your local development computer Azure Function App.
- Create Function App using Hosting Functions Premium or App service plan using advanced option using VSCode.
- Follow the function app manual deployment instructions to deploy the Azure Functions app using VSCode.
- After successful deployment of the function app, follow the next steps for configuring it.
Step 2 - Configure the Function App
- Go to Azure Portal for the Function App configuration.
- In the Function App, select the Function App Name and select Settings -> Configuration or Environment variables.
- In the Application settings tab, select + New application setting.
- Add each of the following application settings individually, with their respective string values (case-sensitive): RESOURCE_ID IPINFO_TOKEN TENANT_ID CLIENT_ID CLIENT_SECRET RETENTION_IN_DAYS TOTAL_RETENTION_IN_DAYS SCHEDULE LOCATION
- Once all application settings have been entered, click Save.
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊