Azure Application Gateway

Version: Azure LogForwarder version 1.0 and above.

Azure Application Gateway is a web traffic load balancer that enables managing traffic to web applications. The Azure Application Gateway supports features like SSL/TLS termination, Autoscaling, Zone redundancy, Static VIP, Web Application Firewall, Ingress Controller for AKS, URL-based routing, Multiple-site hosting, Redirection, Session affinity, and more.

Netsurion Open XDR facilitates monitoring events retrieved from the Azure Application Gateway. The dashboard, category, alerts, and reports in Netsurion Open XDR benefit in tracking application vulnerabilities, brute force attacks, scripting attacks, SQL injection attacks, and others.

After the Azure Application Gateway is configured to deliver events to the Netsurion Open XDR , the dashboards and reports can be configured into platform.

The following are the key Data Source Integration available in Netsurion Open XDR.

Alerts

Type Name Description
Security Azure Application Gateway – Application vulnerabilities detected This alert is triggered when vulnerabilities like remote file inclusion, remote code execution, HTTP protocol violations/anomalies, and request smuggling are detected.
Security Azure Application Gateway – Brute force detected This alert is triggered when brute force is detected.
Security Azure Application Gateway – Cross-site scripting attack This alert is triggered when potentially malicious content is detected in the requests through the gateway which may be linked to XSS or PHP scripting.
Security Azure Application Gateway – SQL injection detected This alert is triggered when SQL injection is detected.

Reports

Type Name Description
Security Azure Application Gateway – Access error summary This report provides a detailed summary of access events in Azure Application Gateway. The report includes the client IP, requested URL, response latency, return code, bytes in and out, and more.
Security Azure Application Gateway – Firewall report This report provides a detailed summary of the requests that are logged through either detection or prevention mode of an application gateway that is configured with the web application firewall. The report includes the client IP, requested URL, response latency, return code, prevention/detection method, and more.

Documentation

The configuration details are consistent with Netsurion Open XDR 9.3 or later, and Azure Application Gateway.

Download Integration Guide and How-to Guide for configuration instructions and more information.