Some feeds that are mentioned on MISPs Feed page cannot be implemented in KQL, this is due to various reasons mentioned below.
Feed Name | Provider | Reason |
---|---|---|
alienvault reputation generic | .alienvault.com | Externaldata(), does not support this datatype. |
All current domains belonging to known malicious DGAs | osint.bambenekconsulting.com | Commercial licence requried for the feed |
blocklist.greensnow.co | greensnow.co | Externaldata(), does not support this datatype. |
cybercrime-tracker.net - all | cybercrime-tracker.net | Externaldata(), does not support this datatype. |
CyberCure - Blocked URL Feed | www.cybercure.ai | The remote server returned an error: (405) Method Not Allowed. |
CyberCure - Hash Feed | www.cybercure.ai | The remote server returned an error: (405) Method Not Allowed. |
CyberCure - IP Feed | www.cybercure.ai | The remote server returned an error: (405) Method Not Allowed. |
CIRCL OSINT Feed | CIRCL | Results exeed the allowed query limits |
Domains from High-Confidence DGA-based C&C Domains Actively Resolving | osint.bambenekconsulting.com | Commercial licence requried for the feed |
http://cybercrime-tracker.net gatelist | http://cybercrime-tracker.net | Externaldata(), does not support this datatype. |
http://cybercrime-tracker.net hashlist | http://cybercrime-tracker.net | Externaldata(), does not support this datatype. |
ip-block-list - snort.org | https://snort.org | Access to persistent storage path 'https://snort.org/downloads/ip-block-list' was denied |
IPs from High-Confidence DGA-Based C&Cs Actively Resolving - requires a valid license | osint.bambenekconsulting.com | Commercial licence requried for the feed |
mirai.security.gives | security.gives | Externaldata() timeout. |
Panels Tracker | Benkow.cc | Externaldata(), does not support this datatype. |
sshpwauth.txt | dataplane.org | csv |
This list contains all browser mining domains - A list to prevent browser mining only | ZeroDot1 - CoinBlockerLists | Read from IStreamSource failed |
This list contains all domains - A list for administrators to prevent mining in networks | ZeroDot1 - CoinBlockerLists | Read from IStreamSource failed |
This list contains all optional domains - An additional list for administrators | ZeroDot1 - CoinBlockerLists | Read from IStreamSource failed |
Tor exit nodes | dan.me.uk | Data is shared in the ALL Nodes feed, otherwise double data is used |
VXvault - URL List | VXvault | Externaldata(), does not support this datatype. |
OpenPhish url list | openphish.com | Partial query failure: Unable to perform requested operation. (message: 'Error with persistent storage path 'https://openphish.com/feed.txt' (operation 'CreateFileRef'). |