Skip to content

Commit 839797d

Browse files
v-dihansv-dihans
authored
Merge pull request #114951 from vhorne/fw-ti
update diagram
2 parents 437e825 + f7469d2 commit 839797d

File tree

2 files changed

+5
-4
lines changed

2 files changed

+5
-4
lines changed

articles/firewall/media/threat-intel/threat-intel-ui.png

130 KB
Loading

articles/firewall/threat-intel.md

Lines changed: 5 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -5,23 +5,24 @@ services: firewall
55
author: vhorne
66
ms.service: firewall
77
ms.topic: article
8-
ms.date: 11/19/2019
8+
ms.date: 05/12/2020
99
ms.author: victorh
1010
---
1111

1212
# Azure Firewall threat intelligence-based filtering
1313

14-
Threat intelligence-based filtering can be enabled for your firewall to alert and deny traffic from/to known malicious IP addresses and domains. The IP addresses and domains are sourced from the Microsoft Threat Intelligence feed. [Intelligent Security Graph](https://www.microsoft.com/en-us/security/operations/intelligence) powers Microsoft threat intelligence and is used by multiple services including Azure Security Center.
14+
Threat intelligence-based filtering can be enabled for your firewall to alert and deny traffic from/to known malicious IP addresses and domains. The IP addresses and domains are sourced from the Microsoft Threat Intelligence feed. [Intelligent Security Graph](https://www.microsoft.com/security/operations/intelligence) powers Microsoft threat intelligence and is used by multiple services including Azure Security Center.<br>
15+
<br>
1516

16-
![Firewall threat intelligence](media/threat-intel/firewall-threat.png)
17+
:::image type="content" source="media/threat-intel/firewall-threat.png" alt-text="Firewall threat intelligence" border="false":::
1718

1819
If you've enabled threat intelligence-based filtering, the associated rules are processed before any of the NAT rules, network rules, or application rules.
1920

2021
You can choose to just log an alert when a rule is triggered, or you can choose alert and deny mode.
2122

2223
By default, threat intelligence-based filtering is enabled in alert mode. You can’t turn off this feature or change the mode until the portal interface becomes available in your region.
2324

24-
![Threat intelligence based filtering portal interface](media/threat-intel/threat-intel-ui.png)
25+
:::image type="content" source="media/threat-intel/threat-intel-ui.png" alt-text="Threat intelligence based filtering portal interface":::
2526

2627
## Logs
2728

0 commit comments

Comments
 (0)