GeoIP in Wazuh

[USHA GIRI]

Hello Team, 

      Can you explain me the process of configuring GeoIP in Wazuh. I want to know the procedure to add on the dashboard. 

#help

Thank You

[Julia Magán Rodríguez]

Hello,

The default Wazuh installation includes an ingest pipeline that uses the Elasticsearch GeoIP processor to enrich events with geographical information associated with their source IP. You can see more info here.

However, this doesn't allow using custom Wazuh rules with GeoIP lookup results as part of the rule criteria: the GeoIP info is obtained after decoding and checking the event against the ruleset. If you want to trigger an alert based on GeoIP info, you'll need to follow these steps.