Skip to content

Latest commit

 

History

History
21 lines (18 loc) · 1.08 KB

TI Feed - DigitalSideDomains.md

File metadata and controls

21 lines (18 loc) · 1.08 KB

DigitalSide Threat-Intel suspicious and/or malicious domains

Source: DigitalSide Threat-Intel

Defender For Endpoint

let ThreatIntelFeed = externaldata(Domain: string)[@"https://osint.digitalside.it/Threat-Intel/lists/latestdomains.txt"] with (format="txt", ignoreFirstRecord=True);
DeviceNetworkEvents
| where RemoteUrl has_any (ThreatIntelFeed)
| project Timestamp, RemoteUrl, RemoteIP, DeviceName, InitiatingProcessCommandLine, InitiatingProcessFileName, InitiatingProcessAccountDomain, InitiatingProcessAccountName

Sentinel

let ThreatIntelFeed = externaldata(Domain: string)[@"https://osint.digitalside.it/Threat-Intel/lists/latestdomains.txt"] with (format="txt", ignoreFirstRecord=True);
DeviceNetworkEvents
| where RemoteUrl has_any (ThreatIntelFeed)
| project TimeGenerated, RemoteUrl, RemoteIP, DeviceName, InitiatingProcessCommandLine, InitiatingProcessFileName, InitiatingProcessAccountDomain, InitiatingProcessAccountName