Are there any differences in the IPinfo enrichment providers in Panther, for example, ipinfo_location
vs ipinfo_location_datalake
?
As mentioned on our documentation page, each table fulfills a different purpose:
The ipinfo_asn
and ipinfo_location
tables are used for real-time lookups in the detection engine, while the ipinfo_asn_datalake
and ipinfo_location_datalake
tables are used for querying and joining to IPinfo data in the datalake.