Loading...

Azure Firewall and WAF integrations in Microsoft Copilot for Security

Azure Firewall and WAF integrations in Microsoft Copilot for Security

Azure Firewall and WAF are critical security services that many Microsoft Azure customers use to protect their network and applications from threats and attacks. Azure Firewall is a fully managed, cloud-native network security service that safeguards your Azure resources. It ensures high availability and scalability while filtering both inbound and outbound traffic, catching threats and only allowing legitimate traffic. Azure WAF is a cloud-native service that protects your web applications from common web-hacking techniques such as SQL injection and cross-site scripting. It offers centralized protection for web applications hosted behind Azure Application Gateway and Azure Front Door.

 

The Azure Firewall integration in Copilot for Security enables analysts to perform detailed investigations of malicious traffic intercepted by the IDPS [Intrusion Detection and Prevention System] feature of their firewalls across their entire fleet. Analysts can use natural language queries in the Copilot for Security standalone experience for threat investigation. With the Azure WAF integration, security and IT teams can operate more efficiently, focusing on high-value tasks. Copilot summarizes data and generates in-depth contextual insights into the WAF threat landscape. Both integrations simplify complex tasks, allowing analysts to ask questions in natural language instead of writing complex KQL queries.

 

In this blog, we will focus on setting up and leveraging the integration of Network Security services with Copilot for Security for hunting and troubleshooting malicious traffic.

 

Network Security Capabilities Available today in Copilot:

Azure Firewall:

  • Retrieve the top IDPS signature hits for an Azure Firewall
  • Get additional details to enrich the threat profile of an IDPS signature beyond log information
  • Look for a given IDPS signature across your tenant, subscription or resource group
  • Generate recommendations to secure your environment using Azure Firewall’s IDPS feature

 

Azure WAF:

  • Retrieve contextual details about WAF detections and the top rules triggered
  • Retrieve the top malicious IPs in the environment along with related WAF rules and patterns triggering the attack
  • Get information on SQL Injection attacks blocked by Azure WAF
  • Get information on XSS attacks blocked by Azure WAF

 

Prerequisites for enabling the integration:

In case you haven’t used Copilot for Security for other products, you need to onboard to Copilot for Security by following the process below:

  • Provision Capacity
    • This can be done through either signing in to Copilot for Security (https://securitycopilot.microsoft.com) or through the Azure Portal, as shown below:
    • More details about the detailed setup process for Copilot for Security can be found here.
    • The details around pricing for Copilot for Security can be found here.

ShabazShaik_0-1723479437667.png

 

ShabazShaik_1-1723479437676.png

 

 

 

  • Setup the default environment using the instructions mentioned here.

 

ShabazShaik_2-1723479437690.png

 

 

  • Enable Plugins:
    • For Firewall, only the plugin needs to be enabled as shown in the image below.

ShabazShaik_3-1723479437691.png

 

ShabazShaik_4-1723479437698.png

 

 

  • For WAF, along with enabling the plugin, we also need to ensure the WAF Log Analytics workspace name, Log Analytics resource group name and Log Analytics subscription ID are configured.

ShabazShaik_5-1723479437707.png

 

 

 

Once the Security Compute Units (SCUs) are provisioned as specified, the Azure WAF and Firewall logs are present in the Azure Log Analytics workspace, and the respective plugins are enabled, the capabilities will be ready for use.

 

Investigation of Threats in Azure Firewall using Copilot for Security:

 

  • Retrieving IDPS hits in Azure Firewall using Natural Language prompts:

ShabazShaik_6-1723479437712.jpeg

 

ShabazShaik_7-1723479437717.jpeg

 

  • Get additional details to enrich the threat profile of an IDPS signature beyond log information

ShabazShaik_8-1723479437724.jpeg

 

  • Look for a given IDPS signature across your tenant, subscription or resource group

ShabazShaik_9-1723479437727.jpeg

 

Investigation of Threats in Azure WAF using Copilot for Security:

 

  • Retrieve contextual details, top IP offenders and WAF rule matches using Natural Language prompts
  • Here, Regional WAF refers to App Gateway WAF and Global WAF refers to Front Door WAF.

ShabazShaik_10-1723479437734.png

 

ShabazShaik_11-1723479437739.png

 

  • Get information on SQL Injection attacks blocked by Azure WAF

ShabazShaik_12-1723479437746.png

 

  • Get information on XSS attacks blocked by Azure WAF

ShabazShaik_13-1723479437752.png

 

Recommendations for Network Security:

  • Copilot for Security also provides recommendations on using Azure Firewall's capabilities to secure your environment as shown below:

ShabazShaik_14-1723479437774.png

 

 

For more details on all the available prompts that can be used with this integration, refer to the respective documentation here for Firewall and WAF.

 

Integrating Microsoft Azure’s robust network security services with Copilot for Security offers a powerful solution for enhancing your security posture. By leveraging Azure Firewall and Azure Web Application Firewall (WAF) within Copilot, security analysts can efficiently investigate and mitigate threats using natural language queries. This integration not only simplifies complex security tasks but also provides comprehensive protection for your applications and data, allowing your security and IT teams to focus on high-value activities.

Published on:

Learn more
Azure Network Security Blog articles
Azure Network Security Blog articles

Azure Network Security Blog articles

Share post:

Related posts

How Azure AI Search powers RAG in ChatGPT and global scale apps

Millions of people use Azure AI Search every day without knowing it. You can enable your apps with the same search that enables retrieval-augm...

2 days ago

Copilot Studio – Solution management in Microsoft Copilot Studio

Microsoft Copilot Studio is announcing its Solution Management feature, which enables the management of copilots and their components such as ...

2 days ago

Episode 388 – Getting Started with Azure Bicep: Infrastructure as Code with a Domain Specific Language

Welcome to Episode 388 of the Microsoft Cloud IT Pro Podcast. In this episode, we dive into Azure Bicep, Microsoft’s streamlined language for ...

3 days ago

How Microsoft Copilot Generates Compliance Records

A recent article about analyzing interaction records for Microsoft 365 Copilot led to the question if it's possible to do the same for Microso...

3 days ago

RAG with SQL Vector Store: A Low-Code/No-Code Approach using Azure Logic Apps

Data is at the heart of every AI application, and efficient data ingestion is critical for success. With over 1,400 enterprise connectors, Log...

3 days ago

Exciting Announcement: Public Preview of Native Vector Support in Azure SQL Database!

Public Preview of Native Vector Support in Azure SQL Database We are excited to share that the dedicated vector data type in Azure SQL Databas...

3 days ago

Scaling Azure Container Apps for Peak Performance

Unlock the full potential of Azure Container Apps with smart scaling! In this final part of our series, explore how to keep your apps responsi...

4 days ago
Stay up to date with latest Microsoft Dynamics 365 and Power Platform news!
* Yes, I agree to the privacy policy