Dec 20 2023 05:38 PM
Hi All,
I would like to create a Watchlist for Hashes, URLs, Domains and IPs.
After that i would like to create a KQL query to search the watchlist.
Kindly help.
Dec 20 2023 10:38 PM
@sulaimanncs915 hi,
you may find a very good guide at the link below to start building your watchlists which includes a query as well:
https://charbelnemnom.com/how-to-use-watchlist-in-azure-sentinel/#Create_a_hunting_query
But, mentioning hashes, IPs, urls and domains, that statement alone includes many tables to look into. Can you be more specific?
Dec 26 2023 07:49 PM
Dec 29 2023 05:52 AM