Forum Discussion
Minemeld Threat Intel Integration to Sentinel
Hello guys, I have deployed a Minemeld server in Azure, I'm pulling free threat intel in there. Processing it, then using the Microsoft Security Graph extension to forward it to Microsoft. Turned...
GabrielNeculaHere is another trick
//datatable or watchlist can be added here, in this example i use static datatable
let IPLookup = datatable(cidr:string, cidr_name:string)
[
"16.168.0.0/16", "cidr_name_1",
"16.167.0.0/16", "cidr_name_2",
];
TABLEwithIP
| evaluate ipv4_lookup(IPLookup, from_address_s, cidr, return_unmatched = false)