Overview
Exaforce integrates Digital Envoy to automatically enrich every IP address with precise geolocation and network intelligence. By adding city-level location data, ISP identification, connection type classification, and organizational context to each IP-based event, Exaforce helps security teams quickly assess whether network activity represents legitimate user behavior or potential threats.
How it works
Exaforce queries Digital Envoy data in real time as events arrive from identity providers, cloud platforms, SaaS applications, and network sources. When an IP address appears in a sign-in attempt, API call, or network connection, Exaforce retrieves precise geographic coordinates, city and country information, ISP and carrier details, connection type classification (residential, corporate, mobile, hosting), and more. This intelligence is automatically added to detection, investigation, and triage workflows, providing analysts with immediate context without manual lookups or switching tools.
Benefits
Automatic IP enrichment with Digital Envoy data accelerates investigations by providing immediate geographic, network, and organizational context for every IP-based event, eliminating manual lookups and reducing mean time to triage. Precise city-level geolocation and connection type classification improve detection accuracy by surfacing subtle anomalies that coarser data sources miss, helping teams distinguish legitimate behavior changes from genuine threats. Network intelligence reduces false positives by providing context that explains why an IP address or location pattern appears anomalous, such as a user traveling for business or connecting through a corporate VPN endpoint.
