Forum Discussion
Thijs Lecomte
Jun 22, 2020Bronze Contributor
You can use the externaldata operation in KQL - https://techcommunity.microsoft.com/t5/azure-sentinel/implementing-lookups-in-azure-sentinel/ba-p/1091306?fbclid=IwAR20ClvXfB2_r5oejWFa8Npr6-qFC3fuKKYEs7Hr19_im_en5BkE1e8L_Jo
But this is rather limited as there is no way to authenticate.
If you need access to an API that requires authentication, you should write a Logic App and use that
But this is rather limited as there is no way to authenticate.
If you need access to an API that requires authentication, you should write a Logic App and use that
- uditk14Jun 25, 2020Copper Contributor
I have used externaldata operator to fetch data from a CSV having a few columns namely, IP ranges, country code, country name, continent name etc.
In Azure Activity table there is a CallerIP value.
I need to print the location for each caller Ip.
CSV file - https://datahub.io/core/geoip2-ipv4#premium-data-2
Can you help me with the KQL??
@hspinto