> Could a text list be reformatted with a script? Probably, but to be used only once, the list can be entered manually in any firewall. The Suricata platform is more useful as an add-on to firewalls when the blacklists are dynamic, they are maintained by places like https://abuse.ch The proxy Squid uses raw text lists. This is a list I have found at https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Cyber-Sicherheit/SiSyPHus/Analyse_Telemetriekomponente_1_2.html (in German): geo.settings-win.data.microsoft.com.akadns.net db5-eap.settings-win.data.microsoft.com.akadns.net settings-win.data.microsoft.com db5.settings-win.data.microsoft.com.akadns.net asimov-win.settings.data.microsoft.com.akadns.net db5.vortex.data.microsoft.com.akadns.net v10-win.vortex.data.microsoft.com.akadns.net geo.vortex.data.microsoft.com.akadns.net v10.vortex-win.data.microsoft.com v10.events.data.microsoft.com v20.events.data.microsoft.com us.vortex-win.data.microsoft.com eu.vortex-win.data.microsoft.com vortex-win-sandbox.data.microsoft.com alpha.telemetry.microsoft.com oca.telemetry.microsoft.com ceuswatcab01.blob.core.windows.net ceuswatcab02.blob.core.windows.net eaus2watcab01.blob.core.windows.net eaus2watcab02.blob.core.windows.net weus2watcab01.blob.core.windows.net weus2watcab02.blob.core.windows.net