Azure Service Tags gets updated every now and then which is a list of IP addresses for Azure / Microsoft Data centers. All the existing references need to be changed based on this as the URL for json file depends upon date. E.g. – ServiceTags_Public_20220307.json
A GitHub workflow to run every 14days to check the latest version of the list and updates to a json file. This file can a be a single source of reference across.
Applicable References :
| Analytic Rule | Hunting Query | Workbook |
|---|---|---|
| Azure Portal Signin from another Azure Tenant | Sign-Ins from Azure External Tenant | Can be good use case for SignIn Activities |
GitHub repository link https://github.com/samikroy/SyncMSServiceTags
Have made a Pull Request for the same to be a part of Microsoft Sentinel - Azure/Azure-Sentinel#4332