IOC’s. You can’t afford one of those $70,000 feeds of hashes and IP addresses (and larger companies may be wasting their money anyway), but from time to time you receive you receive a bunch of indicators from a reliable source and you don’t want them to go to waste. If you are a Microsoft shop, step one might be pasting those indicators into a spreadsheet template and uploading them into the MS365 portal. That’s great for protecting yourself right now and going forward, but what about looking back in time to make sure that you weren’t already pwned? Sure, you could construct a query with a huge array, but referencing a text file would be a lot easier. Here are instructions for using Azure Sentinel to do this with minimal fuss. Pre-Requisites : Azure Sentinel Instance with Microsoft 365 Defender Data Connector in place Ingredient: A simple text file called evilipaddrs.txt which is just a list of known bad IP’s. Steps: Azure Portal -> Creat...