Ransomware attacks continue to evolve, and SOC teams need timely intelligence to stay ahead. Public feeds like ransomware.live provide near real-time information on ransomware victims and groups. By using Azure Logic Apps, you can automatically retrieve this data, transform it into a human-readable format, and post it directly to a Microsoft Teams chat or channel giving your SOC team actionable insights without manual effort.

🛠 Prerequisites

Before you start, ensure you have:

• An Azure subscription with permission to create Logic Apps.
• Access to a Microsoft Teams account with permission to post to a group chat or channel.
• A Ransomware.live API endpoint (e.g.,https://ransomware.live/api/recent).
• Basic familiarity with Logic Apps designer and Teams connectors.

Workflow Architecture

The Logic App will:

1. Trigger on a schedule (e.g., every 24 hours).
2. Retrieve the latest ransomware victim data via HTTP GET.
3. Parse the JSON response into structured fields.