If you’re running Microsoft Sentinel, you can now enrich your security logs directly with IPinfo data — no custom connectors or manual API wiring needed.
Microsoft Sentinel is a cloud-native SIEM (Security Information and Event Management) and SOAR (Security Orchestration, Automation, and Response) platform built on Azure.
- Ingests logs from across an organization’s infrastructure — cloud, on-prem, endpoints, applications
- Detects threats using built-in analytics rules and ML-based anomaly detection
- Investigates incidents by correlating events and enriching entities (IPs, users, hosts)
- Automates responses via Logic App-based playbooks
It’s Microsoft’s answer to traditional SIEMs like Splunk, but fully managed and pay-as-you-go based on data ingestion volume.
The solution brings IPinfo’s IP intelligence datasets into your Sentinel workspace. These attributes attach context to the IP entities in your incidents, helping analysts triage faster and reduce time spent on low-signal alerts.
What it covers:
- Geolocation (city, region, country)
- Network & ASN ownership
- Proxy, VPN, and hosting detection
Who it’s for:
Security teams using Microsoft Sentinel with an active IPinfo database download subscription (free or paid tiers both qualify).
To get started, find the IPinfo IP Intelligence solution in the Microsoft Sentinel Content Hub or directly on the Microsoft Marketplace.
Microsoft Marketplace | cloud solutions, AI apps, and agents