API ip-geo D&R Rule - 2

cmd1775 · March 10, 2026, 6:33pm

The ticket titled “API ip-geo D&R Rule“ is locked, so I am starting a new thread.

I have implemented the updated D&R rule (from the previous ticket) and it is still matching US IPs.

I have a rule that only excludes US IPs and it works as expected (matches non-US IPs). So the API lookup is working.

maximelb · March 10, 2026, 6:49pm

hmmm, can you share the rule that’s not working here again? Just so we have the most up to date version all in context?

cmd1775 · March 10, 2026, 7:06pm

Here is the rule:

event: UserLoggedIn
metadata_rules:
  op: and
  rules:
    - case sensitive: false
      not: true
      op: is
      path: event/country/iso_code
      value: US
    - case sensitive: false
      not: true
      op: is
      path: event/country/iso_code
      value: CA
op: lookup
path: event/ActorIpAddress
resource: lcr://api/ip-geo

Topic		Replies	Views
API ip-geo D&R Rule Support	3	11	March 10, 2026
Configure API Key IP Range in UI Feature Requests	0	18	June 6, 2025
About the Detection & Response Rules category Detection & Response Rules	1	30	February 17, 2025
Heavily impacted by GCP Outages Status	0	22	June 12, 2025
API errors impacting users Status	0	28	March 26, 2025

API ip-geo D&R Rule - 2

Related topics