Kusto blocklist.de Table
Description
This data is the blocklist.de lists provided for use in Kusto.
Source
The superb blocklist.de.
Why should I use this data?
Allows the ability to track IP addresses that have been observed to being involved in attacks against web facing infrastructure, for instance SSH, FTP, Webservers, etc.
Updates
Daily at around 0300UTC. The source data may or may not be updated as regularly.
Perma Link
https://firewalliplists.gypthecat.com/lists/kusto/kusto-blocklistde.csv.zip
Schema
| Column Name | Data Type | Notes |
|---|---|---|
| CIDR | string | |
| Source | string | Always blocklist.de |
Base Kusto Table
externaldata (CIDR:string, Source:string) ['https://firewalliplists.gypthecat.com/lists/kusto/kusto-blocklistde.csv.zip'] with (ignoreFirstRecord=true)
Base Kusto Function
let blocklistde = (externaldata (CIDR:string, Source:string) ['https://firewalliplists.gypthecat.com/lists/kusto/kusto-blocklistde.csv.zip'] with (ignoreFirstRecord=true));
Self Contained Kusto
// What countries are in the blocklist.de data set?
let blocklistde = (externaldata (CIDR:string, Source:string) ['https://firewalliplists.gypthecat.com/lists/kusto/kusto-blocklistde.csv.zip'] with (ignoreFirstRecord=true));
blocklistde
| summarize count() by Country = tostring(geo_info_from_ip_address(format_ipv4(CIDR))['country'])
| order by count_ desc
| render columnchart
MDE Example
Coming soon.
Sentinel & Azure Log Analytics Example
Coming soon.