IPSum suspicious and/or malicious IP addresses (Level 6)

Source: IPSum

Feed information: https://github.com/stamparm/ipsum/

Feed link: https://raw.githubusercontent.com/stamparm/ipsum/master/levels/6.txt

Defender For Endpoint

let ThreatIntelFeed = externaldata(DestIP: string)[@"https://raw.githubusercontent.com/stamparm/ipsum/master/levels/6.txt"] with (format="txt", ignoreFirstRecord=True);
let IPRegex = '[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}';
let MaliciousIP = materialize (
       ThreatIntelFeed
       | where DestIP matches regex IPRegex
       | distinct DestIP
        );
DeviceNetworkEvents
| where RemoteIP in (MaliciousIP)
| project-reorder Timestamp, DeviceName, RemoteIP, RemotePort, InitiatingProcessAccountName

Sentinel

let ThreatIntelFeed = externaldata(DestIP: string)[@"https://raw.githubusercontent.com/stamparm/ipsum/master/levels/6.txt"] with (format="txt", ignoreFirstRecord=True);
let IPRegex = '[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}';
let MaliciousIP = materialize (
       ThreatIntelFeed
       | where DestIP matches regex IPRegex
       | distinct DestIP
        );
DeviceNetworkEvents
| where RemoteIP in (MaliciousIP)
| project-reorder TimeGenerated, DeviceName, RemoteIP, RemotePort, InitiatingProcessAccountName

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

TI Feed - MISP IPSum level 6.md

TI Feed - MISP IPSum level 6.md

IPSum suspicious and/or malicious IP addresses (Level 6)

Source: IPSum

Feed information: https://github.com/stamparm/ipsum/

Feed link: https://raw.githubusercontent.com/stamparm/ipsum/master/levels/6.txt

Defender For Endpoint

Sentinel

Files

TI Feed - MISP IPSum level 6.md

Latest commit

History

TI Feed - MISP IPSum level 6.md

File metadata and controls

IPSum suspicious and/or malicious IP addresses (Level 6)

Source: IPSum

Feed information: https://github.com/stamparm/ipsum/

Feed link: https://raw.githubusercontent.com/stamparm/ipsum/master/levels/6.txt

Defender For Endpoint

Sentinel