Azure Frontdoor WAF Logged a Request
Set up the azure integration.
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。
Goal
Detect when an Azure Frontdoor Web Application Firewall (WAF) logs a request from an IP address.
Strategy
This rule monitors Azure Activity logs for Frontdoor Web Application Firewall logs and detects when the @evt.name
has a value of Microsoft.Network/FrontDoor/WebApplicationFirewallLog/Write
and @properties.action
has a value of Log
.
Triage and response
- Inspect whether this request should have been blocked or not.
- Navigate to the IP dashboard and inspect other requests this IP address has made.