Log4Shell is an emerging threat and its exploit is still in the wild. As a SecOps analyst your job is to monitor your cloud assets ensure if there is any communication to known IoC you would have a proper action.
In this article, I’d like to share a simple script to help bulk upload known Log4Shell IoC to Microsoft Sentinel Threat Intelligence (TI) so you can monitor them.
Read the following article to learn more about the Microsoft Sentinel TI API:
Provide your resource group, Log Analytics workspace name and IoC source. Currently I use this list
How about Watchlist?
Of course you can use Microsoft Sentinel Watchlist to store Log4j IoC. However, I think Threat Intelligence is more appropriate. You can easily upload CSV file to Watchlist.