Azure WAF Notebook for Microsoft Sentinel
Azure Web Application Firewall (Azure WAF) detects SQLI attacks and applies block mitigations by default. In certain instances, this could be a false positive that requires investigation and creation of Azure WAF exclusions. In order to complete a successful investigation, full context about the attack is needed and a process that guides you through the investigation is required. Such a guided investigation process is automated in this Microsoft Sentinel Notebook and allows you to tune Azure WAF policy with minimal user interaction.
This Notebook analyzes SQL injection attacks on Azure WAF integrated with Azure Front Door premium and implements automated exclusions.
This notebook is released in preview.
You can find step-by-step instructions on how to use the Notebook here: https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/tutorial-get-started-with-azure-waf-investigation-notebook/ba-p/3733438
Published on:
Learn moreRelated posts
How to Build an AI-Powered CRM Using Dynamics 365 and Azure OpenAI
Introduction Customer Relationship Management (CRM) has evolved far beyond storing contact details and tracking sales opportunities. In today&...
Azure Developer Training Live
Shrinking Azure Pipeline task extensions using esbuild
TL;DR We bundled an internal Azure Pipelines task extension into a single bundled JavaScript file using esbuild. The task package dropped from...
Building on Vercel’s eve + Azure Cosmos DB: An Agent That Remembers
Most “AI agent” demos forget everything the moment the process exits. That’s fine for a toy project, but useless for anythin...