You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/web-application-firewall/afds/automated-detection-response-with-sentinel.md
+16-2Lines changed: 16 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -5,7 +5,7 @@ author: vhorne
5
5
ms.author: victorh
6
6
ms.service: web-application-firewall
7
7
ms.topic: how-to
8
-
ms.date: 09/19/2023
8
+
ms.date: 09/27/2023
9
9
---
10
10
11
11
# Automated detection and response for Azure WAF with Microsoft Sentinel
@@ -68,6 +68,20 @@ Repeat this procedure for the WAF policy resource.
68
68
1. Select **Create**.
69
69
1. Select your workspace, and then select **Add**.
70
70
71
+
## Configure the Logic App Contributor role assignment
72
+
73
+
Your account must have owner permissions on any resource group to which you want to grant Microsoft Sentinel permissions, and you must have the **Logic App Contributor** role on any resource group containing playbooks you want to run.
74
+
75
+
1. In the Azure portal, select the resource group that contains the playbook.
76
+
1. In the left pane, select **Access control (IAM)**.
77
+
1. Select **Role assignments**.
78
+
1. Select **Add** then **Add role assignment**.
79
+
1. Select search for **Logic App Contributor**, select it, and then select **Next**.
80
+
1. Select **Select members**.
81
+
1. Search for your account and select it.
82
+
1. Select **Select**.
83
+
1. Select **Next**.
84
+
1. Select **Review + assign**.
71
85
72
86
## Configure detection and response
73
87
@@ -85,7 +99,7 @@ There are detection query templates for SQLi and XSS attacks in Sentinel for Azu
85
99
1. Select **Rule templates**. It may take a few minutes for the templates to appear.
86
100
1. Select the **Front Door Premium WAF - SQLi Detection** template.
87
101
1. On the right pane, select **Create rule**.
88
-
1. Accept all the defaults and click through to **Automated response**. You can edit these settings later to customize the rule.
102
+
1. Accept all the defaults and continue through to **Automated response**. You can edit these settings later to customize the rule.
89
103
> [!TIP]
90
104
> If you see an error in the rule query, it might be because you don't have any WAF logs in your workspace. You can generate some logs by sending test traffic to your web app. For example, you can simulate a SQLi attack by sending a request like this: `http://x.x.x.x/?text1=%27OR%27%27=%27`. Replace `x.x.x.x` with your Front Door URL.
0 commit comments