May 17 2020 04:30 AM - edited May 17 2020 01:23 PM
Hi @CliveWatson
when using the above query i am trying to search across multiple tables at once and see if there is a match for any relevant IOC
1. i am managing several lists: IP. Hash. URL etc and have created various external data containers
when running it via join there is a limitation of ~3-4 tables to run on. i need to tun across 8+ tables
2. when trying to use an in statement as described below im unable to output the Category,Indicator, Campaign, :
3. also tried the following
May 17 2020 11:20 AM - edited May 17 2020 12:06 PM
May 17 2020 12:01 PM
If I understand Omri's question correctly, it is about getting the category and campaign associated once a match is found. The answer is to join the result set of the union on the IP address. A few implementation guidelines:
A few additional differences worth mentioning between your two versions:
Jun 15 2020 11:15 PM
Hi @CliveWatson
when trying to add to the query additional external data such as https://openphish.com/feed.txt
as there is no deceleration of the column names in the feed i am unable to determine what is the proper syntax of adding this.
Jun 16 2020 12:38 AM
Jun 17 2020 11:19 PM
@OmriPinsker : My guess is that openpish has some protection mechanism in place that blocks externaldata. As a long shot, you may want to check with them, however using Logic Apps to copy it daily to Azure storage would be easier.