Mapping IP addresses to geolocation can enhance your detection models with risk calculations. In UBA, this functionality is achieved using the MaxMind database. UBA ships with a pre-packaged version of the GeoLite2 Free database. You can choose to download the latest version of that database and run that version instead of the pre-packaged version. Perform the following steps to download the latest version of the database and run that version in UBA: If you update UBA, the downloaded, local version of the GeoLite2 Free database takes precedence over the pre-packaged version that ships with UBA. To use the pre-packaged version of the database you must remove the downloaded, local version. 1. Go to https://dev.maxmind.com/geoip/geoip2/geolite2/#Databases 2. Download GeoLite2-City.mmdb.gz and unzip and copy GeoLite2-City.mmdb to the Management Node (node1) as follows: /etc/caspida/local/conf/etl/geo-db/maxmind 3. Sync cluster: /opt/caspida/bin/Caspida sync-cluster /etc/caspida/local/conf/etl/geo-db/ 4. Restart caspida: /opt/caspida/bin/Caspida stop-all /opt/caspida/bin/Caspida start-all To learn more about IP address geolocation settings in UBA, see Set internal IP range and associated office locations  in the Install and Upgrade UBA manual. ... View more