Anyone do anything with ASN enrichment?

Daniel Jordan · September 2023

Daniel Jordan · September 2023

I see the Maxmind GeoLite2 database has it, but I don't think the GeoIP function does it?

Raanan Dagan · September 2023

Try to download the GeoLite2-ASN.mmdb file

Raanan Dagan · September 2023

It seems like it contains the correct info. See screenshot

Daniel Jordan · September 2023

Is the mmdb or csv preferred?

Raanan Dagan · September 2023

Based on the Cribl docs, I just see a reference to mmdb https://docs.cribl.io/stream/geoip-function

Daniel Jordan · September 2023

Correct, I have two options for ASN data with maxmind: CSV or MMDB, does Cribl have any testing on which one could be quicker?

Raanan Dagan · September 2023

I can only suspect the difference is minor .. in both cases the lookup will be loaded to the worker processes memory, so it should be fast regardless

Daniel Jordan · September 2023

Thanks!

Answers