Technical Tip: What data is used to determine a user or node location on the Investigate page

The Reveal Platform uses different data sources to decide on the correct location for a user and/or node in the Web UI.

The list below is in preference order:

1. The location as defined using the subnets>locations API.
2. The GeoIP location for the remote IP address last used by the node, as presented to the Reveal edge node.

Subnets -> Locations API:

The purpose of this setting is to allow for internal IP address ranges (i.e. 10.10.1.0/24) to be resolved to a specific latitude/longitude. This is useful as geo-IP databases cannot be used for internal addresses.  Full details of this API can be found in the platform API documentation: 

https://<tenant-id>.reveal.nextdlp.com/api/explorer#/Locations

Note:

• The GeoIP database for a given IP address is updated every 2 weeks, and may not always be accurate. 
• The true GeoIP information of an IP address can be checked here: https://www.maxmind.com/en/geoip-demo
• The source IP address can be affected by several factors, including NAT settings, VPN usage, and other proxies.
• If the Reveal Agent is on a local IP range and can contact the Reveal edge node directly (no NAT etc.) then the Reveal edge node will likely see a local IP address which will resolve to (0, 0) unless a high precedence location can be found.
• If a user has multiple nodes associated with their Digital Passport, their location on the map will be chosen at random.