Forum Discussion

Kyrouz's avatar
Kyrouz
Copper Contributor
Oct 03, 2021

Can we query the NIST RDS from Azure Sentinel?

In reference to this SANS Blog "Easy Access to the NIST RDS Database"

 

https://isc.sans.edu/diary/rss/27544

 

How can I fashion that first lookup into an Azure Sentinel query?  I'd love to be able to leverage NIST's list of known good applications during investigations (perhaps as enrichment in a workbook), and my first thought of "download the entire RDS into Azure blobs" just doesn't seem as practical as this.

Resources