What's the difference between the IPinfo enrichment providers in Panther?
QUESTION
Are there any differences in the IPinfo enrichment providers in Panther, for example, ipinfo_location vs ipinfo_location_datalake?
ANSWER
As mentioned on our documentation page, each table fulfills a different purpose:
The ipinfo_asn and ipinfo_location tables are used for real-time lookups in the detection engine, while the ipinfo_asn_datalake and ipinfo_location_datalake tables are used for querying and joining to IPinfo data in the datalake.