![]() For me however, those values are empty.Īpparently this is something that must be changed with the Minemeld processor so that it does not merge IPs and generate ranges. whichever of the three they find with a value. They instead use NetworkIP, NetworkDestinationIP, NetworkSourceIP. This is impractical and the preview Threat Intel rules offered by Microsoft do not use that field. I have to write the query in such a way to ignore the "IPv4:" and then also be able to interpret range. ![]() The problem is this is something that's very impractical to use from an analytics point of view. As you can see, we have IPv4: then a range of IPs follows. Currently, with threat intel of type IP, I get the IP in a field called ExternalIndicatorID. Turned the Threat Intel Connector on and now I have the Threat Intel in the LogAnalytics space.ġ. Processing it, then using the Microsoft Security Graph extension to forward it to Microsoft. ![]() I have deployed a Minemeld server in Azure, I'm pulling free threat intel in there.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |