Merge pull request #102948 from teresayao/Magnese

Magnese

Author: v-shils

articles/web-application-firewall/afds/waf-front-door-monitor.md

@@ -38,16 +38,66 @@ AzureDiagnostics
 
 ```
 
+Here is an example of a logged request in WAF log:
+
+``` WAFlogQuerySample
+{
+    "PreciseTimeStamp": "2020-01-25T00:11:19.3866091Z",
+    "time": "2020-01-25T00:11:19.3866091Z",
+    "category": "FrontdoorWebApplicationFirewallLog",
+    "operationName": "Microsoft.Network/FrontDoor/WebApplicationFirewallLog/Write",
+    "properties": {
+        "clientIP": "xx.xx.xxx.xxx",
+        "socketIP": "xx.xx.xxx.xxx",
+        "requestUri": "https://wafdemofrontdoorwebapp.azurefd.net:443/?q=../../x",
+        "ruleName": "Microsoft_DefaultRuleSet-1.1-LFI-930100",
+        "policy": "WafDemoCustomPolicy",
+        "action": "Block",
+        "host": "wafdemofrontdoorwebapp.azurefd.net",
+        "refString": "0p4crXgAAAABgMq5aIpu0T6AUfCYOroltV1NURURHRTA2MTMANjMxNTAwZDAtOTRiNS00YzIwLTljY2YtNjFhNzMyOWQyYTgy",
+        "policyMode": "prevention"
+    }
+}
+
+``` 
+
 The following example query obtains AccessLogs entries:
 
 ``` AccessLogQuery
 AzureDiagnostics
 | where ResourceType == "FRONTDOORS" and Category == "FrontdoorAccessLog"
 
+```
+
+Here is an example of a logged request in Access log:
+
+``` AccessLogSample
+{
+    "PreciseTimeStamp": "2020-01-25T00:11:12.0160150Z",
+    "time": "2020-01-25T00:11:12.0160150Z",
+    "category": "FrontdoorAccessLog",
+    "operationName": "Microsoft.Network/FrontDoor/AccessLog/Write",
+    "properties": {
+        "trackingReference": "0n4crXgAAAACnRKbdALbyToAqNfSHssDvV1NURURHRTA2MTMANjMxNTAwZDAtOTRiNS00YzIwLTljY2YtNjFhNzMyOWQyYTgy",
+        "httpMethod": "GET",
+        "httpVersion": "2.0",
+        "requestUri": "https://wafdemofrontdoorwebapp.azurefd.net:443/",
+        "requestBytes": "710",
+        "responseBytes": "3116",
+        "userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4017.0 Safari/537.36 Edg/81.0.389.2",
+        "clientIp": "xx.xx.xxx.xxx",
+        "timeTaken": "0.598",
+        "securityProtocol": "TLS 1.2",
+        "routingRuleName": "WAFdemoWebAppRouting",
+        "backendHostname": "wafdemouksouth.azurewebsites.net:443",
+        "sentToOriginShield": false,
+        "httpStatusCode": "200",
+        "httpStatusDetails": "200"
+    }
+}
 
 ```
 
 ## Next steps
 
-- Learn more about [Front Door](../../frontdoor/front-door-overview.md).
-
+- Learn more about [Front Door](../../frontdoor/front-door-overview.md).

articles/web-application-firewall/afds/waf-front-door-policy-configure-bot-protection.md

@@ -1,5 +1,5 @@
 ---
-title: Configure bot protection for WAF with Azure Front Door (Preview)
+title: Configure bot protection for Web Application Firewall with Azure Front Door (Preview)
 description: Learn Web Application Firewall (WAF).
 author: vhorne
 ms.service: web-application-firewall
@@ -10,9 +10,7 @@ ms.author: victorh
 ---
 
 # Configure bot protection for Web Application Firewall (Preview)
-This article shows you how to configure bot protection rule in Azure Web Application Firewall (WAF) for Front Door by using Azure CLI, Azure PowerShell, or Azure Resource Manager template.
-
-A managed Bot protection rule set can be enabled for your WAF to take custom actions on requests from known malicious IP addresses. The IP addresses are sourced from the Microsoft Threat Intelligence feed. [Intelligent Security Graph](https://www.microsoft.com/security/operations/intelligence) powers Microsoft threat intelligence and is used by multiple services including Azure Security Center.
+This article shows you how to configure bot protection rule in Azure Web Application Firewall (WAF) for Front Door by using Azure portal. Bot protection rule can also be configured using CLI, Azure PowerShell, or Azure Resource Manager template.
 
 > [!IMPORTANT]
 > Bot protection rule set is currently in public preview and is provided with a preview service level agreement. Certain features may not be supported or may have constrained capabilities.  See the [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) for details.
@@ -23,10 +21,9 @@ Create a basic WAF policy for Front Door by following the instructions described
 
 ## Enable bot protection rule set
 
-1. In the basic policy page that you created in the preceding section, under **Settings**, click **Rules**.
-2. In the details page, under the **Manage rules** section, from the drop-down menu, select the check box in front of the rule **BotProtection-preview-0.1**, and then select **Save** above.
-    
-   ![Bot protection rule](.././media/waf-front-door-configure-bot-protection/botprotect2.png)
+In the **Managed Rules** page when creating a Web Application Firewall policy, first find **Managed rule set** section, select the check box in front of the rule **Microsoft_BotManager_1.0** from the drop-down menu, and then select **Review + Create**.
+
+   ![Bot protection rule](.././media/waf-front-door-configure-bot-protection/botmanager112019.png)
 
 ## Next steps