In Workbench, you can quickly find a list of countries from which we don't expect authentication. Authentication from any of those countries is treated as suspicious.
-
Log in to https://workbench.expel.io.
-
Navigate to Detections > Detection strategy.
-
Select the Suspicious authentication tab.
The countries are listed in the Suspicious authentication source countries section in the form of a two-letter ISO 3166 code.