Send IOCs from your browser directly to your Azure Sentinel Threat Intel Indicator table!
The Arbala Security Multi-tool is an extension that allows you to submit IOCs directly from your web browser into your Azure Sentinel environment. Simply copy and paste a block of text from a tweet, an email, or an news article containing the IOCs into the tool. It will extract the valid IOC values and send them into your Azure Sentinel Threat Indicator Table! The tool is currently in alpha and will allow you submit multiple domain names, IPv4 addresses, and MD5/SHA256 file hashes. Your submission can also include a custom description for the IOCs, TLP level, confidence score, and any number of tags separated by comma or whitespace. We will be updating the tool frequently to bring exciting new features. Our package is open source and we welcome suggestions! Our most recent addition has been added support for requests containing more than 100 IOCs, which is Azure Sentinel's current API limit. The Arbala Security Multi-tool will now chunk these larger requests and send these as batches, allowing you to submit as many IOCs at one time as you need. Please visit our Github page at https://github.com/Arbala-Security/Multitool-Extension for instructions on configuring the App Registration to allow the extension API access to your Sentinel Threat Indicator table. The link is also available in the Configuration section of the extension. Change Log 0.0.4.1- Patch to input parsing on the Azure Sentinel IOC Submission page. 0.0.4.0 - Submission of requests larger than 100 items, tag fields, and encryption of local storage has been added. 0.0.3.0 - Submission of IPv4 addresses, and MD5/SHA256 hashes has been added. 0.0.2.1 - Submission of multiple Domains at once along with Confidence Scores and TLP indicators has been added!