This KQL query retrieves all Tor exit nodes from the official tor project website.
Tor exit nodes are the gateways of the communication flow between the Tor client and the destination server (after leaving the Tor network).
Any request coming from one of these IP addresses indicates that the request came from the Tor network.
This query can be used to check how many login attempts are coming from Tor exit nodes to the Entra ID tenant and whether further login attempts from Tor exit nodes should be blocked (e.g. conditional access) or not.
let TorExitNodes = externaldata (IPAddress: string) ['https://check.torproject.org/torbulkexitlist'] with (format=txt);
union SigninLogs, AADNonInteractiveUserSignInLogs
| where TimeGenerated > ago(90d)
//| where ResultType == 0 //See all successfull Logons
| lookup kind = inner TorExitNodes on $left.IPAddress == $right.IPAddress
| project
TimeGenerated,
Category,
ResultType,
ResultDescription,
Identity,
AppDisplayName,
IPAddress,
AuthenticationRequirement,
RiskDetail,
RiskState,
RiskLevelAggregated,
RiskLevelDuringSignIn,
RiskEventTypes_V2Starship is a powerful, minimal, and highly customizable cross-shell prompt designed to enhance the terminal…
Lemmy is an innovative, open-source platform designed for link aggregation and discussion, providing a decentralized…
The latest release of ImHex v1.37.0 introduces a host of exciting features and improvements, enhancing…
Ghauri is a cutting-edge, cross-platform tool designed to automate the detection and exploitation of SQL…
Writing tools have become indispensable for individuals looking to enhance their writing efficiency, accuracy, and…
PatchWerk is a proof-of-concept (PoC) tool designed to clean NTDLL syscall stubs by patching syscall…