Kusto Tables
The use of these external tables should be possible in any technology which uses Kusto. Including Microsoft Defender for Endpoint, Microsoft Sentinel, Azure Monitor, etc.
FAQ
Question: Do you store historic tables? eg to see a data set on a given date?
Answer: No, I do not have the technical capacity for this.
Answer: Update April 2024 I am attempting to track historic Tor data and provide it for KQL ingestion, updates to follow in due course.
Question: How can I import these automatically in my solution?
Answer: If you mean creating a table with this data there is little advantage. KQL engines check to see if they already have cached the most fresh version and if so they don’t re-download. If you want to do this anyway instructions may be coming soon.
Question: Why do you provide these tables?
Answer: Because who doesn’t love enriching their existing datasets and to show how easy it is to use external data sources in KQL.
Question: What assurances do you make these tables are correct?
Answer: None whatsoever. I download from the sources identified, do some normalisation and provide here. You should never use a single source in TI as the whole truth.
- Kusto ASN Table
- Kusto blocklist.de Table
- Kusto Bogon Networks Table
- Kusto FireHOL Anonymous Table
- Kusto FireHOL Data Center Table
- Kusto Geo IP Light Table
- Kusto Geo IP Table
- Kusto Public Holidays CSV
- Kusto Spamhaus DROP and EDROP Table
- Kusto Team Cymru Table
- Kusto Tor Exit Nodes Table
- Kusto Tor Exit Nodes Historic Table
- Kusto Interesting Queries
- How to Run These Queries