This KQL query retrieves all Tor exit nodes from the official tor project website.
Tor exit nodes are the gateways of the communication flow between the Tor client and the destination server (after leaving the Tor network).
Any request coming from one of these IP addresses indicates that the request came from the Tor network.
This query can be used to check how many login attempts are coming from Tor exit nodes to the Entra ID tenant and whether further login attempts from Tor exit nodes should be blocked (e.g. conditional access) or not.
let TorExitNodes = externaldata (IPAddress: string) ['https://check.torproject.org/torbulkexitlist'] with (format=txt);
union SigninLogs, AADNonInteractiveUserSignInLogs
| where TimeGenerated > ago(90d)
//| where ResultType == 0 //See all successfull Logons
| lookup kind = inner TorExitNodes on $left.IPAddress == $right.IPAddress
| project
TimeGenerated,
Category,
ResultType,
ResultDescription,
Identity,
AppDisplayName,
IPAddress,
AuthenticationRequirement,
RiskDetail,
RiskState,
RiskLevelAggregated,
RiskLevelDuringSignIn,
RiskEventTypes_V2This Python script for Linux can analyze Microsoft Windows *.msi Installer files and point out…
Bear C2 is a compilation of C2 scripts, payloads, and stagers used in simulated attacks…
Discover your application security risks and vulnerabilities in only a few minutes. In this guide…
The idea behind waymore is to find even more links from the Wayback Machine than…
The Pycript extension for Burp Suite is a valuable tool for penetration testing and security…
For official releases, refer to Dependency Track Docs >> Changelogs for information about improvements and…