Skip to content

Commit 9fc9848

Browse files
Jak-MSJak-MS
authored
Merge pull request #102602 from shabaz-github/main
Updated waf-sentinel.md with new section of Automatically detect and respond to threats
2 parents 9f05dd7 + a542788 commit 9fc9848

File tree

2 files changed

+11
-0
lines changed

2 files changed

+11
-0
lines changed

articles/web-application-firewall/media/waf-sentinel/waf-detections.png

1.36 MB
Loading

articles/web-application-firewall/waf-sentinel.md

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -79,6 +79,17 @@ To enable log analytics for each resource, go to your individual Azure Front Doo
7979
1. Once finished configuring individual WAF resources, select the **Next steps** tab. Select one of the recommended workbooks. This workbook will use all log analytic data that was enabled previously. A working WAF workbook should now exist for your WAF resources.
8080

8181
:::image type="content" source="media//waf-sentinel/waf-workbooks.png" alt-text="WAF workbooks" lightbox="media//waf-sentinel/waf-workbooks.png":::
82+
83+
## Automatically detect and respond to threats
84+
85+
Using Sentinel ingested WAF logs, you can use Sentinel analytics rules to automatically detect security attacks, create security incident, and automatically respond to security incident using playbooks. Learn more [Use playbooks with automation rules in Microsoft Sentinel](../sentinel/tutorial-respond-threats-playbook.md?tabs=LAC).
86+
87+
Azure WAF also comes in with built-in Sentinel detection rules templates for SQLi, XSS, and Log4J attacks. These templates can be found under the Analytics tab in the 'Rule Templates' section of Sentinel. You can use these templates or define your own templates based on the WAF logs.
88+
89+
:::image type="content" source="media//waf-sentinel/waf-detections.png" alt-text="WAF Detections" lightbox="media//waf-sentinel/waf-detections.png":::
90+
91+
The automation section of these rules can help you automatically respond to the incident by running a playbook An example of such a playbook to respond to attack can be found in network security GitHub repository [here](https://github.com/Azure/Azure-Network-Security/tree/master/Azure%20WAF/Playbook%20-%20WAF%20Sentinel%20Playbook%20Block%20IP%20-%20New). This playbook automatically creates WAF policy custom rules to block the source IPs of the attacker as detected by the WAF analytics detection rules.
92+
8293

8394
## Next steps
8495

0 commit comments

Comments
 (0)