← Back to Explore
kqlHunting
OnionMail EmailAddresses
raw.githubusercontent.com/jkerai1/TLD-TABL-Block/refs/heads/main/OnionMail.txt'] with (format=csv, ignoreFirstRecord=False);
Detection Query
let OnionMailAddresses = externaldata (onionmail: string) [@'https://raw.githubusercontent.com/jkerai1/TLD-TABL-Block/refs/heads/main/OnionMail.txt'] with (format=csv, ignoreFirstRecord=False);
EmailEvents
| where SenderFromDomain has_any (OnionMailAddresses) or RecipientEmailAddress has_any(OnionMailAddresses)
// See https://github.com/jkerai1/TLD-TABL-Block for Script to blockData Sources
EmailEvents
Platforms
office-365
Tags
office-365
Raw Content
let OnionMailAddresses = externaldata (onionmail: string) [@'https://raw.githubusercontent.com/jkerai1/TLD-TABL-Block/refs/heads/main/OnionMail.txt'] with (format=csv, ignoreFirstRecord=False);
EmailEvents
| where SenderFromDomain has_any (OnionMailAddresses) or RecipientEmailAddress has_any(OnionMailAddresses)
// See https://github.com/jkerai1/TLD-TABL-Block for Script to block