Fortinet black logo

ipinfo.io

1.0.0
1.0.0

ipinfo.io v1.0.0

About the connector

IPInfo is a free IP information web service that you can use to search the owner, internet provider and location of any IP address.

This document provides information about the IPInfo connector, which facilitates automated interactions with an IPInfo server using FortiSOAR™ playbooks. Add the IPInfo connector as a step in FortiSOAR™ playbooks and perform automated operations, such as retrieving details and geolocation information for a specified IPv4 or IPv6 IP.

Version information

Connector Version: 1.0.0

FortiSOAR™ Version Tested on: 4.11.0.-1161

Authored By: Fortinete

Certified: Yes

Installing the connector

All connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and use the yum command to install connectors:

yum install FortiSOAR™-connector-ipinfo

For the detailed procedure to install a connector, click here

Prerequisites to configuring the connector

  • You must have the URL of IPInfo server to which you will connect and perform automated operations.
  • You must have the API token that is configured for your account to access the IPInfo endpoint to which you will connect and perform automated operations.
  • To access the FortiSOAR™ UI, ensure that port 443 is open through the firewall for the FortiSOAR™ instance.

Configuring the connector

For the procedure to configure a connector, click here

Configuration parameters

In FortiSOAR™, on the connectors page, select the IPInfo connector and click Configure to configure the following parameters:

Parameter Description
Server URL URL of the IPInfo server to which you will connect and perform automated operations.
API Token API token configured for your account to access the IPInfo endpoint to which you will connect and perform the automated operations.
Verify SSL Specifies whether the SSL certificate for the server is to be verified or not.
By default, this option is set as True.

Actions supported by the connector

The following automated operations can be included in playbooks, and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 and onwards:

Function Description Annotation and Category
Lookup IP Address Looks up the IPv4 or IPv6 IP address that you have specified or for the calling IP address on the IPInfo server and retrieves details of that IP address from the IPInfo server. lookup_network
Investigation
Get Geolocation Information Retrieves the geolocation information for the IPv4 or IPv6 IP address that you have specified from the IPInfo server. get_geolocation_information
Investigation

operation: Lookup IP Address

Input parameters

Parameter Description
IP Address (Optional) IPv4 or IPv6 IP address for which you want to retrieve details from the IPInfo endpoint.
If you do not specify any IP address, then this operation will return the details for the calling IP address. This enables you to lookup details of your IP address or the IP address of a visitor to your site, without knowing the IP address in advance.

Output

The output contains the following populated JSON schema:


{
"ip": "",
"city": "",
"region": "",
"phone": "",
"country": "",
"loc": "",
"hostname": "",
"postal": "",
"org": ""
}

operation: Get Geolocation Information

Input parameters

Parameter Description
IP Address IPv4 or IPv6 IP address for which you want to retrieve geolocation details from the IPInfo endpoint.

Output

The output contains the following populated JSON schema:


{
"ip": "",
"country": "",
"phone": "",
"region": "",
"loc": "",
"city": "",
"postal": ""
}

Included playbooks

The Sample - IPInfo - 1.0.0 playbook collection comes bundled with the IPInfo connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the IPInfo connector.

  • Get Geolocation Information
  • Lookup IP Address

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.

Previous
Next

About the connector

IPInfo is a free IP information web service that you can use to search the owner, internet provider and location of any IP address.

This document provides information about the IPInfo connector, which facilitates automated interactions with an IPInfo server using FortiSOAR™ playbooks. Add the IPInfo connector as a step in FortiSOAR™ playbooks and perform automated operations, such as retrieving details and geolocation information for a specified IPv4 or IPv6 IP.

Version information

Connector Version: 1.0.0

FortiSOAR™ Version Tested on: 4.11.0.-1161

Authored By: Fortinete

Certified: Yes

Installing the connector

All connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and use the yum command to install connectors:

yum install FortiSOAR™-connector-ipinfo

For the detailed procedure to install a connector, click here

Prerequisites to configuring the connector

Configuring the connector

For the procedure to configure a connector, click here

Configuration parameters

In FortiSOAR™, on the connectors page, select the IPInfo connector and click Configure to configure the following parameters:

Parameter Description
Server URL URL of the IPInfo server to which you will connect and perform automated operations.
API Token API token configured for your account to access the IPInfo endpoint to which you will connect and perform the automated operations.
Verify SSL Specifies whether the SSL certificate for the server is to be verified or not.
By default, this option is set as True.

Actions supported by the connector

The following automated operations can be included in playbooks, and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 and onwards:

Function Description Annotation and Category
Lookup IP Address Looks up the IPv4 or IPv6 IP address that you have specified or for the calling IP address on the IPInfo server and retrieves details of that IP address from the IPInfo server. lookup_network
Investigation
Get Geolocation Information Retrieves the geolocation information for the IPv4 or IPv6 IP address that you have specified from the IPInfo server. get_geolocation_information
Investigation

operation: Lookup IP Address

Input parameters

Parameter Description
IP Address (Optional) IPv4 or IPv6 IP address for which you want to retrieve details from the IPInfo endpoint.
If you do not specify any IP address, then this operation will return the details for the calling IP address. This enables you to lookup details of your IP address or the IP address of a visitor to your site, without knowing the IP address in advance.

Output

The output contains the following populated JSON schema:


{
"ip": "",
"city": "",
"region": "",
"phone": "",
"country": "",
"loc": "",
"hostname": "",
"postal": "",
"org": ""
}

operation: Get Geolocation Information

Input parameters

Parameter Description
IP Address IPv4 or IPv6 IP address for which you want to retrieve geolocation details from the IPInfo endpoint.

Output

The output contains the following populated JSON schema:


{
"ip": "",
"country": "",
"phone": "",
"region": "",
"loc": "",
"city": "",
"postal": ""
}

Included playbooks

The Sample - IPInfo - 1.0.0 playbook collection comes bundled with the IPInfo connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the IPInfo connector.

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.

Previous
Next