Team Cymru Scout for Microsoft Sentinel

Solution: Team Cymru Scout

Team Cymru Scout Logo

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

Attribute	Value
Publisher	Team Cymru
Support Tier	Partner
Support Link	http://team-cymru.com
Categories	domains
Version	3.1.1
Author	Team Cymru - support@cymru.com
First Published	2024-07-16
Last Updated	2025-12-14
Solution Folder	Team Cymru Scout
Marketplace	Azure Marketplace · Popularity: 🟡 Low (16%)

Team Cymru Scout brings the most advanced AI-powered real-time intelligence into Microsoft Sentinel. The Microsoft Sentinel Integration allows you to perform LiveInvestigation on Indicators like IP, Domain and perform Correlation of Team Cymru Scout Data with Other Sources. It also leverage the capability to generate incident and notify when malicious ip found.

Data Connectors
Tables Used
Content Items

Data Connectors

This solution provides 1 data connector(s):

Team Cymru Scout Data Connector

Tables Used

This solution uses 33 table(s):

Table	Used By Connectors	Used By Content
`Communication_Data_CL` 🔶	-	Workbooks
`Cymru_Scout_Account_Usage_Data_CL`	Team Cymru Scout Data Connector	Workbooks
`Cymru_Scout_Domain_Data_CL`	Team Cymru Scout Data Connector	Workbooks
`Cymru_Scout_IP_Data_Communications_CL`	Team Cymru Scout Data Connector	-
`Cymru_Scout_IP_Data_Details_CL`	Team Cymru Scout Data Connector	Workbooks
`Cymru_Scout_IP_Data_Fingerprints_CL`	Team Cymru Scout Data Connector	-
`Cymru_Scout_IP_Data_Foundation_CL`	Team Cymru Scout Data Connector	Workbooks
`Cymru_Scout_IP_Data_OpenPorts_CL`	Team Cymru Scout Data Connector	-
`Cymru_Scout_IP_Data_PDNS_CL`	Team Cymru Scout Data Connector	-
`Cymru_Scout_IP_Data_Summary_Certs_CL`	Team Cymru Scout Data Connector	Workbooks
`Cymru_Scout_IP_Data_Summary_Details_CL`	Team Cymru Scout Data Connector	Workbooks
`Cymru_Scout_IP_Data_Summary_Fingerprints_CL`	Team Cymru Scout Data Connector	Workbooks
`Cymru_Scout_IP_Data_Summary_OpenPorts_CL`	Team Cymru Scout Data Connector	Workbooks
`Cymru_Scout_IP_Data_Summary_PDNS_CL`	Team Cymru Scout Data Connector	Workbooks
`Cymru_Scout_IP_Data_x509_CL`	Team Cymru Scout Data Connector	-
`Domain_Data_CL` 🔶	-	Workbooks
`Fingerprints_Data_CL` 🔶	-	Workbooks
`Identity_Data_CL` 🔶	-	Workbooks
`Open_Ports_Data_CL` 🔶	-	Workbooks
`PDNS_Data_CL` 🔶	-	Workbooks
`Proto_By_IP_Data_CL` 🔶	-	Workbooks
`Summary_Details_CL` 🔶	-	Workbooks
`Summary_Details_Top_Certs_Data_CL` 🔶	-	Workbooks
`Summary_Details_Top_Fingerprints_Data_CL` 🔶	-	Workbooks
`Summary_Details_Top_Open_Ports_Data_CL` 🔶	-	Workbooks
`Summary_Details_Top_Pdns_Data_CL` 🔶	-	Workbooks
`ThreatIntelligenceIndicator`	-	Workbooks
`Top_Asns_By_IP_Data_CL` 🔶	-	Workbooks
`Top_Country_Codes_By_IP_Data_CL` 🔶	-	Workbooks
`Top_Services_By_IP_Data_CL` 🔶	-	Workbooks
`Top_Tags_By_IP_Data_CL` 🔶	-	Workbooks
`Whois_Data_CL` 🔶	-	Workbooks
`X509_Data_CL` 🔶	-	Workbooks

🔶 CLv1: This table uses the legacy Custom Log V1 schema format with type-suffixed column names (e.g. _s, _d, _b, _t, _g). Note: identification is based on column name suffixes which are also permitted in CLv2, so this classification may not always be accurate.

Content Items

This solution includes 28 content item(s):

Content Type	Count
Parsers	22
Playbooks	3
Watchlists	2
Workbooks	1

Workbooks

Name Tables Used

Name	Tables Used
TeamCymruScout	`Communication_Data_CL` `Cymru_Scout_Account_Usage_Data_CL` `Cymru_Scout_Domain_Data_CL` `Cymru_Scout_IP_Data_Details_CL` `Cymru_Scout_IP_Data_Foundation_CL` `Cymru_Scout_IP_Data_Summary_Certs_CL` `Cymru_Scout_IP_Data_Summary_Details_CL` `Cymru_Scout_IP_Data_Summary_Fingerprints_CL` `Cymru_Scout_IP_Data_Summary_OpenPorts_CL` `Cymru_Scout_IP_Data_Summary_PDNS_CL` `Domain_Data_CL` `Fingerprints_Data_CL` `Identity_Data_CL` `Open_Ports_Data_CL` `PDNS_Data_CL` `Proto_By_IP_Data_CL` `Summary_Details_CL` `Summary_Details_Top_Certs_Data_CL` `Summary_Details_Top_Fingerprints_Data_CL` `Summary_Details_Top_Open_Ports_Data_CL` `Summary_Details_Top_Pdns_Data_CL` `ThreatIntelligenceIndicator` `Top_Asns_By_IP_Data_CL` `Top_Country_Codes_By_IP_Data_CL` `Top_Services_By_IP_Data_CL` `Top_Tags_By_IP_Data_CL` `Whois_Data_CL` `X509_Data_CL`

TeamCymruScout

Communication_Data_CL
Cymru_Scout_Account_Usage_Data_CL
Cymru_Scout_Domain_Data_CL
Cymru_Scout_IP_Data_Details_CL
Cymru_Scout_IP_Data_Foundation_CL
Cymru_Scout_IP_Data_Summary_Certs_CL
Cymru_Scout_IP_Data_Summary_Details_CL
Cymru_Scout_IP_Data_Summary_Fingerprints_CL
Cymru_Scout_IP_Data_Summary_OpenPorts_CL
Cymru_Scout_IP_Data_Summary_PDNS_CL
Domain_Data_CL
Fingerprints_Data_CL
Identity_Data_CL
Open_Ports_Data_CL
PDNS_Data_CL
Proto_By_IP_Data_CL
Summary_Details_CL
Summary_Details_Top_Certs_Data_CL
Summary_Details_Top_Fingerprints_Data_CL
Summary_Details_Top_Open_Ports_Data_CL
Summary_Details_Top_Pdns_Data_CL
ThreatIntelligenceIndicator
Top_Asns_By_IP_Data_CL
Top_Country_Codes_By_IP_Data_CL
Top_Services_By_IP_Data_CL
Top_Tags_By_IP_Data_CL
Whois_Data_CL
X509_Data_CL

Playbooks

Name	Description	Tables Used
Team Cymru Scout Create Incident And Notify	This playbook will create an incident for suspicious or malicious ip and notify to pre-defined or us...	-
Team Cymru Scout Enrich Incident	This playbook will fetch and ingest IP or Domain Indicator data based on Entity mapped in Microsoft ...	-
Team Cymru Scout Live Investigation	This playbook will fetch and ingest IP or Domain Indicator data based on input parameters given in t...	-

Parsers

Name	Description	Tables Used
CymruScoutAccountUsage	-	`Cymru_Scout_Account_Usage_Data_CL` (read)
CymruScoutCommunicationsData	-	`Communication_Data_CL` (read)
CymruScoutCorrelate	-	`ThreatIntelligenceIndicator` (read)
CymruScoutDomain	-	`Cymru_Scout_Domain_Data_CL` (read)
CymruScoutDomainData	-	`Domain_Data_CL` (read)
CymruScoutFingerprintsData	-	`Fingerprints_Data_CL` (read)
CymruScoutIP	-	`Cymru_Scout_IP_Data_Details_CL` (read) `Cymru_Scout_IP_Data_Foundation_CL` (read) `Cymru_Scout_IP_Data_Summary_Certs_CL` (read) `Cymru_Scout_IP_Data_Summary_Details_CL` (read) `Cymru_Scout_IP_Data_Summary_Fingerprints_CL` (read) `Cymru_Scout_IP_Data_Summary_OpenPorts_CL` (read) `Cymru_Scout_IP_Data_Summary_PDNS_CL` (read)
CymruScoutIdentity	-	`Identity_Data_CL` (read)
CymruScoutOpenPortsData	-	`Open_Ports_Data_CL` (read)
CymruScoutPdnsData	-	`PDNS_Data_CL` (read)
CymruScoutProtoByIP	-	`Proto_By_IP_Data_CL` (read)
CymruScoutSummary	-	`Summary_Details_CL` (read)
CymruScoutSummaryTopCerts	-	`Summary_Details_Top_Certs_Data_CL` (read)
CymruScoutSummaryTopFingerprints	-	`Summary_Details_Top_Fingerprints_Data_CL` (read)
CymruScoutSummaryTopOpenPorts	-	`Summary_Details_Top_Open_Ports_Data_CL` (read)
CymruScoutSummaryTopPdns	-	`Summary_Details_Top_Pdns_Data_CL` (read)
CymruScoutTopAsnsByIP	-	`Top_Asns_By_IP_Data_CL` (read)
CymruScoutTopCountryCodesByIP	-	`Top_Country_Codes_By_IP_Data_CL` (read)
CymruScoutTopServicesByIP	-	`Top_Services_By_IP_Data_CL` (read)
CymruScoutTopTagsByIP	-	`Top_Tags_By_IP_Data_CL` (read)
CymruScoutWhois	-	`Whois_Data_CL` (read)
CymruScoutX509Data	-	`X509_Data_CL` (read)

Watchlists

Name	Description	Tables Used
TeamCymruScoutDomainData	-	-
TeamCymruScoutIPData	-	-

Release Notes

Version	Date Modified (DD-MM-YYYY)	Change History
3.1.1	25-09-2025	Fixed bug in TeamCymruScoutEnrichIncident playbook.
3.1.0	16-05-2025	Updated Workbook, Parser, Data Connector and created new playbook.
3.0.0	07-08-2024	Added Solution for Team Cymru Scout.