Skip to content
/ RansomWatchToMDEIoC Public

Parse Ransomwatch results in python and create MDE IOC lists as you search

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

jkerai1/RansomWatchToMDEIoC

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

20 Commits
README.md
README.md
 
 
RansomwatchIOC.py
RansomwatchIOC.py
 
 
RansomwatchToTABL.ps1
RansomwatchToTABL.ps1
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

GitHub stars GitHub forks GitHub issues GitHub pulls

RansomWatchToMDEIoC

Parse Ransomwatch results in python and create MDE IOC lists as you search.

https://ransomwatch.telemetry.ltd/

There is a limit of 500 IOCs per CSV in MDE, if you need to split out the IOCs, please see: https://github.com/jkerai1/SoftwareCertificates/blob/main/Bulk-IOC-CSVs/Scripts/MDE-IOC-Batch-Separator.py

Required Libraries for validating domains:

pip install validators
pip install tldextract

Example Usage

image

How to Bulk Import IOCs

image

See also MDE IOC/TenantAllowBockList Repos for

DNSTwist: https://github.com/jkerai1/DNSTwistToMDEIOC
JoeSandBox: https://github.com/jkerai1/JoeSandBoxToMDEBlockList
TLD: https://github.com/jkerai1/TLD-TABL-Block

Map

image

Ransomwatch Repo

https://github.com/joshhighet/ransomwatch

About

Parse Ransomwatch results in python and create MDE IOC lists as you search

Topics

ioc csv tld ransomware defender iocs endpoint mde ransom dfe defenderforendpoint ransomwatch

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages