How does Threat Analytics Region/Location detection work

Document ID : KB000122157
Last Modified Date : 30/11/2018
Show Technical Document Details
Question:
We are configuring CA Threat Analytics and already integrated with CA PAM, the data log from CA PAM already received and Analyzed by Threat Analytics but some of the features like Location is not found.
How do we get location information displayed in Threat Analytics?
Environment:
PAM 3.2.2
Threat Analytics 2.2.2
Answer:
There's no action needed to get Threat Analytics for PAM to lookup and display the geolocation associated with IP address of PAM clients.
If you have TAP deployed it will do this automatically.
 
BUT IT'S IMPORTANT TO KNOW - TAP can only determine a geolocation for IP addresses that are routable.
That means the IP addresses visible to PAM/TAP cannot be in one of the 'reserved' blocks set aside for internal and test use. (i.e., these non-routable address ranges are 10.0.0.0 - 10.255.255.255, 172.16.0.0 - 172.31.255.255, 192.168.0.0 - 192.168.255.255 ) .


If the PAM user login from an IP address other than the mentioned above, Threat Analytics for PAM can display the geolocation.
Otherwise, it is normal to not see any geolocation information.