@Marie_Chudolij  YouTube video 2-27-24 - Chronicle SOAR to the Rescue: Orchestrate SIEM Reference List Updates for Improved Threat Detection

I suggest IP addresses and info inferred from IP address can be unreliable for remote login analysis as:

- the geo location is not 100% reliable per se
- logins via VPNs with changing IPs
- logins via cloud resources (why is Joe from Chicago coming in from Council Bluffs, IA every few minutes?)

In future sessions I'm interested in more behavior based analysis to look for bad remote logins.

I enjoyed the YouTube video - thx for your work