Create OMI-Crypto-Miner-Detection.txt

eshlomo1 · web-flow · commit 67e4ff24122e · 2021-09-18T00:38:27.000+03:00
diff --git a/OMIGOD/OMI-Crypto-Miner-Detection.txt b/OMIGOD/OMI-Crypto-Miner-Detection.txt
@@ -0,0 +1,7 @@
+// Azure OMI Crypto Miner Detection
+let OMG = (externaldata(ip:string)
+[@"https://raw.githubusercontent.com/eshlomo1/Azure-Sentinel-4-SecOps/master/OMIGOD/OMIGOD-Cryptocurrency-Miner-Data.txt"]
+| distinct ip
+);
+union DeviceNetworkEvents, AzureDiagnostics, AzureActivity
+| where RemoteIP contains "OMG" and RemoteUrl contains "OMG"
