SRX

Expand all | Collapse all

Third Party SecIntel Feed - Microsoft Updates

  • 1.  Third Party SecIntel Feed - Microsoft Updates

    Posted 11-02-2020 14:26

    Hello,

     

    Regarding information from the Juniper documentation on SecIntel feeds

     

    https://www.juniper.net/documentation/en_US/release-independent/sky-atp/topics/concept/sky-atp-integrated-feeds.html

     

    Does anyone know of feeds for Microsoft servers or CDNs that are associated with Microsoft products and their associated updates? Alternatively, are there any good repositories that may have feed URLs that can be referenced to try to find a corresponding feed for something that you might need? I can't seem to find any documentation on what kind of "feeds" these are and I haven't been able to turn up anything with searches on third party SecIntel feeds.



  • 2.  RE: Third Party SecIntel Feed - Microsoft Updates

     
    Posted 11-17-2020 16:28
    Hi Greg,

    I too hit this when I was looking at SecIntel feeds, so I ended up writing a python script that pulls down the XML feed from Microsoft and converts it into a format that can be read by the SRX SecIntel module.

    It's an internal tool, but I'd be happy to give it a bit of polish and publish it online if it would be of use to anyone else?

    Let me know what feeds you want to see and I'll add them in.

    ------------------------------
    Cheers,

    Ben Dale
    JNCIE-SEC #63
    JNCIP-SP
    JNCIP-ENT
    JNCIP-DC
    ------------------------------



  • 3.  RE: Third Party SecIntel Feed - Microsoft Updates

    Posted 12-02-2020 13:39

    Hey!

    Sorry for the late reply, I would be very happy to get something like this. What we're looking for in particular is really just the windows update IPs/Hosts, since there already is one that is offered for O365, we've been able to use that successfully.