Watchlists

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Content Index

---

Watchlists are reference data tables that you can import into Microsoft Sentinel and use in queries and analytic rules. They are useful for storing lists of high-value assets, VIP users, known malicious indicators, or approved IP addresses for allowlisting. Learn more

49 watchlists across all Microsoft Sentinel solutions.

Jump to: A | C | D | E | H | J | L | M | N | O | R | S | T | U | V

Source: 📦 Solution | 📄 Standalone | 🔗 GitHub Only

A

Name	Source
action_results_lookup	📦 Veeam
Azure-Public-IPs	🔗 GitHub Only

C

Name	Source
collection_schedule_settings	📦 Veeam
ConditionalAccessBenignStatusCodes	📦 Microsoft Entra ID
CorelightAggregationsEnrichment1	📦 Corelight
CorelightAggregationsEnrichment2	📦 Corelight
CorelightDNSPortDesc	📦 Corelight
CorelightGeoCountries	📦 Corelight
CorelightInferencesDesc	📦 Corelight
coveware_settings	📦 Veeam

D

Name	Source
DataminrPulseAsset	📦 Dataminr Pulse
DataminrPulseVulnerableDomain	📦 Dataminr Pulse
DataminrPulseVulnerableHash	📦 Dataminr Pulse
DataminrPulseVulnerableIp	📦 Dataminr Pulse
DataminrPulseVulnerableMalware	📦 Dataminr Pulse
DeploymentandMigration	🔗 GitHub Only

E

Name	Source
ExchangeServicesMonitoring	📦 Microsoft Exchange Security - Exchange On-Premises
ExchangeVIP	📦 Microsoft Exchange Security - Exchange On-Premises
ExchOnlineVIP	📦 Microsoft Exchange Security - Exchange Online

H

Name	Source
HighlySensitivePasswords	📦 Lastpass Enterprise Activity Monitoring

J

Name	Source
job_types_lookup	📦 Veeam

L

Name	Source
license_editions_lookup	📦 Veeam
license_types_lookup	📦 Veeam
ListofTCPUDPPorts	🔗 GitHub Only

M

Name	Source
MSBizApps-Configuration	📦 Microsoft Business Applications

N

Name	Source
NetworkSession_Monitor_Configuration	📦 Network Session Essentials
NOBELIUM-TI	🔗 GitHub Only

O

Name	Source
operation_names_lookup	📦 Veeam

R

Name	Source
RansomwareFileExtensions	📦 Malware Protection Essentials

S

Name	Source
session_states_lookup	📦 Veeam
SOCcontacts	📦 SOC-Process-Framework
SOCDepartmental	📦 SOC-Process-Framework
SOCEmailDistribution	📦 SOC-Process-Framework
SOCExternalContacts	📦 SOC-Process-Framework
SOCgeneralIT	📦 SOC-Process-Framework
SOCInternalContacts	📦 SOC-Process-Framework
SOCIRP	📦 SOC-Process-Framework
SOCMA	📦 SOC-Process-Framework
SOCPager	📦 SOC-Process-Framework
SocRA	📦 SOC-Process-Framework
SOCUseCase	📦 SOC-Process-Framework
SOCworkstations	📦 SOC-Process-Framework

T

Name	Source
TeamCymruScoutDomainData	📦 Team Cymru Scout
TeamCymruScoutIPData	📦 Team Cymru Scout

U

Name	Source
Update-RiskyUserWatchlist	🔗 GitHub Only
UpdateCloudIPs	🔗 GitHub Only

V

Name	Source
vbr_events_lookup	📦 Veeam
vbr_settings	📦 Veeam
vone_settings	📦 Veeam

---

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Content Index