Watchlists are a critical component to enhance security operations and provide data correlation. Up till now, watchlist files have been limited to 3.8 MB per upload. We are excited to announce that Watchlists now support up to 500 MB file size per upload!
There are many scenarios where you will need to reference and look up a larger dataset in your detection rules or investigation. Here are some sample use cases you can use the large watchlists for.
To create a large watchlist, you will need to upload a watchlist file in an Azure Storage account. Then create a shared access signature (SAS) URL for Microsoft Sentinel to securely retrieve the watchlist data. Finally upload the watchlist to your workspace in Microsoft Sentinel.
Check out our step-by-step instructions to create a large watchlist.
Try out this new watchlist capability and let us know your feedback!
Thanks @sharonko for providing the demo and @Jing Nghik , @Inwafula for reviewing the blog.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.