FIlter a user who attempts to login outside of the UK


Looking to get a filter created which will fall over into a rule that will detect any attempted logon to one of our adm accounts from an IP outside of the UK?

From my own thoughts this would involve me gaining a CSV list of UK IP addresses adding them to a user defined group *uk IP* and creating the rule to trigger if detection IP is not equal.

Anyone had experience doing something similar?