Watchlists

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

Back to Content Index

Watchlists are reference data tables that you can import into Microsoft Sentinel and use in queries and analytic rules. They are useful for storing lists of high-value assets, VIP users, known malicious indicators, or approved IP addresses for allowlisting. Learn more

49 watchlists across all Microsoft Sentinel solutions.

Jump to: A | C | D | E | H | J | L | M | N | O | R | S | T | U | V

Source: 📦 Solution | 📄 Standalone | 🔗 GitHub Only

A

Name Source
action_results_lookup 📦 Veeam
Azure-Public-IPs 🔗 GitHub Only

C

Name Source
collection_schedule_settings 📦 Veeam
ConditionalAccessBenignStatusCodes 📦 Microsoft Entra ID
CorelightAggregationsEnrichment1 📦 Corelight
CorelightAggregationsEnrichment2 📦 Corelight
CorelightDNSPortDesc 📦 Corelight
CorelightGeoCountries 📦 Corelight
CorelightInferencesDesc 📦 Corelight
coveware_settings 📦 Veeam

D

Name Source
DataminrPulseAsset 📦 Dataminr Pulse
DataminrPulseVulnerableDomain 📦 Dataminr Pulse
DataminrPulseVulnerableHash 📦 Dataminr Pulse
DataminrPulseVulnerableIp 📦 Dataminr Pulse
DataminrPulseVulnerableMalware 📦 Dataminr Pulse
DeploymentandMigration 🔗 GitHub Only

E

Name Source
ExchangeServicesMonitoring 📦 Microsoft Exchange Security - Exchange On-Premises
ExchangeVIP 📦 Microsoft Exchange Security - Exchange On-Premises
ExchOnlineVIP 📦 Microsoft Exchange Security - Exchange Online

H

Name Source
HighlySensitivePasswords 📦 Lastpass Enterprise Activity Monitoring

J

Name Source
job_types_lookup 📦 Veeam

L

Name Source
license_editions_lookup 📦 Veeam
license_types_lookup 📦 Veeam
ListofTCPUDPPorts 🔗 GitHub Only

M

Name Source
MSBizApps-Configuration 📦 Microsoft Business Applications

N

Name Source
NetworkSession_Monitor_Configuration 📦 Network Session Essentials
NOBELIUM-TI 🔗 GitHub Only

O

Name Source
operation_names_lookup 📦 Veeam

R

Name Source
RansomwareFileExtensions 📦 Malware Protection Essentials

S

Name Source
session_states_lookup 📦 Veeam
SOCcontacts 📦 SOC-Process-Framework
SOCDepartmental 📦 SOC-Process-Framework
SOCEmailDistribution 📦 SOC-Process-Framework
SOCExternalContacts 📦 SOC-Process-Framework
SOCgeneralIT 📦 SOC-Process-Framework
SOCInternalContacts 📦 SOC-Process-Framework
SOCIRP 📦 SOC-Process-Framework
SOCMA 📦 SOC-Process-Framework
SOCPager 📦 SOC-Process-Framework
SocRA 📦 SOC-Process-Framework
SOCUseCase 📦 SOC-Process-Framework
SOCworkstations 📦 SOC-Process-Framework

T

Name Source
TeamCymruScoutDomainData 📦 Team Cymru Scout
TeamCymruScoutIPData 📦 Team Cymru Scout

U

Name Source
Update-RiskyUserWatchlist 🔗 GitHub Only
UpdateCloudIPs 🔗 GitHub Only

V

Name Source
vbr_events_lookup 📦 Veeam
vbr_settings 📦 Veeam
vone_settings 📦 Veeam

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

Back to Content Index