Azure Sentinel – Watchlist Enhancements
Azure Sentinel Watchlists provides the ability to quickly import IP addresses, file hashes, etc. from csv files into your Azure Sentinel workspace. Then utilize the watchlist name/value pairs for joining and filtering for use in alert rules, threat hunting, workbooks, notebooks and for general queries.
Watchlist Updating Functionality
The new watchlist UI encompasses the following functionality:
- Add new watchlist items or update existing watchlist items.
- Select and update multiple watchlist items at once via an Excel-like grid.
- Add/remove columns from the watchlist update UI view for better usability.
How to update watchlist
From the Azure portal, navigate to Azure Sentinel > Configuration > Watchlist
Select a Watchlist, then select Edit Watchlist Items
Select > Add New, update watchlist parameters