Forum Discussion
AWS CloudTrail - "whois" Organization Whitelist
Hi all, I'm trying to creat a custom alert trigger in Sentinel, to filter source ip addresses from my cloudtrail logs, as I've whitelisted ips (vpn) well defined. However some services like a...
Hi Gary, thanks for the response.
I thought about that, but not sure how to stream the data to get it queried from whois.
As logic apps connectors for Sentinel are basically based on alerts, the nois would be huge if I used this approach.
Do you have a suggestion on that?
Best regards.
Lucas
Siedlarczyk95 This would a straight Logic App, not a Playbook so you could set up to use the Recurrence trigger and use the HTTP action to call whois (assuming you can make a REST call to get the data you need)