Azure WAF Notebook for Microsoft Sentinel
Azure Web Application Firewall (Azure WAF) detects SQLI attacks and applies block mitigations by default. In certain instances, this could be a false positive that requires investigation and creation of Azure WAF exclusions. In order to complete a successful investigation, full context about the attack is needed and a process that guides you through the investigation is required. Such a guided investigation process is automated in this Microsoft Sentinel Notebook and allows you to tune Azure WAF policy with minimal user interaction.
This Notebook analyzes SQL injection attacks on Azure WAF integrated with Azure Front Door premium and implements automated exclusions.
This notebook is released in preview.
You can find step-by-step instructions on how to use the Notebook here: https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/tutorial-get-started-with-azure-waf-investigation-notebook/ba-p/3733438
Published on:
Learn moreRelated posts
Building Event-Driven Go applications with Azure Cosmos DB and Azure Functions
The Go programming language is a great fit for building serverless applications. Go applications can be easily compiled to a single, staticall...
July Patches for Azure DevOps Server
Today we are releasing patches that impact the latest version of our self-hosted product, Azure DevOps Server. We strongly encourage and recom...
Azure SDK Release (June 2025)
Azure SDK releases every month. In this post, you'll find this month's highlights and release notes. The post Azure SDK Release (June 2025) ap...
Exploring azd extensions: Enhance your Azure developer experience
A deep dive into the introduction of the Azure Developer CLI (azd) extensions and the azd extension framework to build extensions. The post Ex...