cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

can we auto update Watchlist in azure sentinel?

ankit976
Copper Contributor

‎Dec 03 2021 12:28 AM

‎Dec 03 2021 12:28 AM

can we auto update Watchlist in azure sentinel?

Is there any possible way to update watchlist automatic from some daily updated IOC.

 

Scenario --->

As currently in my organization we have repository where we update IOC in CSV on daily basis, so I want to that CSV data can be auto updated in watchlist of azure sentinel on daily basis........

Any suggestion will be very helpful. Thanks in advance.

1,464 Views
0 Likes
1 Reply
Reply
1 Reply
Clive_Watson

‎Dec 03 2021 02:43 AM

‎Dec 03 2021 02:43 AM

Re: can we auto update Watchlist in azure sentinel?

You can use the api to perform the updates https://docs.microsoft.com/en-us/rest/api/securityinsights/watchlists/create-or-update - maybe using Logic Apps (Playbooks), this is an example that uses a Watchlist that you maybe able to adapt
1 Like
Reply