Skip to content

Commit 755dace

Browse files
huypubhuypub
authored
Merge pull request #221510 from MicrosoftDocs/repo_sync_working_branch
Confirm merge from repo_sync_working_branch to main to sync with https://github.com/MicrosoftDocs/azure-docs (branch main)
2 parents b2f3d88 + 9fc9848 commit 755dace

File tree

2 files changed

+11
-0
lines changed

2 files changed

+11
-0
lines changed

articles/web-application-firewall/media/waf-sentinel/waf-detections.png

1.36 MB
Loading

articles/web-application-firewall/waf-sentinel.md

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -79,6 +79,17 @@ To enable log analytics for each resource, go to your individual Azure Front Doo
7979
1. Once finished configuring individual WAF resources, select the **Next steps** tab. Select one of the recommended workbooks. This workbook will use all log analytic data that was enabled previously. A working WAF workbook should now exist for your WAF resources.
8080

8181
:::image type="content" source="media//waf-sentinel/waf-workbooks.png" alt-text="WAF workbooks" lightbox="media//waf-sentinel/waf-workbooks.png":::
82+
83+
## Automatically detect and respond to threats
84+
85+
Using Sentinel ingested WAF logs, you can use Sentinel analytics rules to automatically detect security attacks, create security incident, and automatically respond to security incident using playbooks. Learn more [Use playbooks with automation rules in Microsoft Sentinel](../sentinel/tutorial-respond-threats-playbook.md?tabs=LAC).
86+
87+
Azure WAF also comes in with built-in Sentinel detection rules templates for SQLi, XSS, and Log4J attacks. These templates can be found under the Analytics tab in the 'Rule Templates' section of Sentinel. You can use these templates or define your own templates based on the WAF logs.
88+
89+
:::image type="content" source="media//waf-sentinel/waf-detections.png" alt-text="WAF Detections" lightbox="media//waf-sentinel/waf-detections.png":::
90+
91+
The automation section of these rules can help you automatically respond to the incident by running a playbook An example of such a playbook to respond to attack can be found in network security GitHub repository [here](https://github.com/Azure/Azure-Network-Security/tree/master/Azure%20WAF/Playbook%20-%20WAF%20Sentinel%20Playbook%20Block%20IP%20-%20New). This playbook automatically creates WAF policy custom rules to block the source IPs of the attacker as detected by the WAF analytics detection rules.
92+
8293

8394
## Next steps
8495

0 commit comments

Comments
 (0)