QUESTION

Are there any differences in the IPinfo enrichment providers in Panther, for example, ipinfo_location vs ipinfo_location_datalake?

ANSWER

As mentioned on our documentation page, each table fulfills a different purpose:

The ipinfo_asn and ipinfo_location tables are used for real-time lookups in the detection engine, while the ipinfo_asn_datalake and ipinfo_location_datalake tables are used for querying and joining to IPinfo data in the datalake.