Azure WAF Notebook for Microsoft Sentinel
Azure Web Application Firewall (Azure WAF) detects SQLI attacks and applies block mitigations by default. In certain instances, this could be a false positive that requires investigation and creation of Azure WAF exclusions. In order to complete a successful investigation, full context about the attack is needed and a process that guides you through the investigation is required. Such a guided investigation process is automated in this Microsoft Sentinel Notebook and allows you to tune Azure WAF policy with minimal user interaction.
This Notebook analyzes SQL injection attacks on Azure WAF integrated with Azure Front Door premium and implements automated exclusions.
This notebook is released in preview.
You can find step-by-step instructions on how to use the Notebook here: https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/tutorial-get-started-with-azure-waf-investigation-notebook/ba-p/3733438
Published on:
Learn moreRelated posts
Retirement of Global Personal Access Tokens in Azure DevOps
In the new year, we’ll be retiring the Global Personal Access Token (PAT) type in Azure DevOps. Global PATs allow users to authenticate across...
Azure Cosmos DB vNext Emulator: Query and Observability Enhancements
The Azure Cosmos DB Linux-based vNext emulator (preview) is a local version of the Azure Cosmos DB service that runs as a Docker container on ...
Azure Cosmos DB : Becoming a Search-Native Database
For years, “Database” and “Search systems” (think Elastic Search) lived in separate worlds. While both Databases and Search Systems oper...
Announcing Azure DevOps Server General Availability
We’re thrilled to announce that Azure DevOps Server is now generally available (GA)! This release marks the transition from the Release Candid...
Blue-green deployment in Azure Container Apps using Azure Developer CLI
Learn how to implement blue-green deployment in Azure Container Apps using Azure Developer CLI (azd) revision-based deployment strategy. The p...