Hunt for malicious files that have been identified by CERT-FR

Source: CERT-FR

Feed link: https://misp.cert.ssi.gouv.fr/feed-misp/hashes.csv

Defender XDR

let CERTFRFeed = externaldata (SHA1: string, threatid :string) ["https://misp.cert.ssi.gouv.fr/feed-misp/hashes.csv"];
DeviceFileEvents
| join CERTFRFeed on SHA1
// Additional information about the hash is available by using the ThreatInfoLink field.
| extend ThreatInfoLink = strcat("https://misp.cert.ssi.gouv.fr/feed-misp/", threatid, ".json")
| project-reorder Timestamp, SHA1, ThreatInfoLink, DeviceName

Sentinel

let CERTFRFeed = externaldata (SHA1: string, threatid :string) ["https://misp.cert.ssi.gouv.fr/feed-misp/hashes.csv"];
DeviceFileEvents
| join CERTFRFeed on SHA1
// Additional information about the hash is available by using the ThreatInfoLink field.
| extend ThreatInfoLink = strcat("https://misp.cert.ssi.gouv.fr/feed-misp/", threatid, ".json")
| project-reorder TimeGenerated, SHA1, ThreatInfoLink, DeviceName

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

TI Feed - CERT-FR-MISPFeed.md

TI Feed - CERT-FR-MISPFeed.md

Hunt for malicious files that have been identified by CERT-FR

Source: CERT-FR

Feed link: https://misp.cert.ssi.gouv.fr/feed-misp/hashes.csv

Defender XDR

Sentinel

Files

TI Feed - CERT-FR-MISPFeed.md

Latest commit

History

TI Feed - CERT-FR-MISPFeed.md

File metadata and controls

Hunt for malicious files that have been identified by CERT-FR

Source: CERT-FR

Feed link: https://misp.cert.ssi.gouv.fr/feed-misp/hashes.csv

Defender XDR

Sentinel