Azure Web Application Firewall
Version: Azure Web Application Firewall.
Azure Web Application Firewall (WAF) on Azure Application Gateway provides centralized protection of your web applications from common exploits and vulnerabilities. Netsurion Open XDR collects all the audit log events for your Azure WAF. You can then drill down into each event to see who accessed it, from where and when.
Netsurion data source integration for Azure WAF allows you to monitor the following components:
- Security: Scanner detected, Invalid HTTP request detected, PHP injection attack detected, SQL Injection attack detected, XSS attack detected.
- Operation: WAF network access and access failure details.
After the Azure WAF is configured to deliver events to the Netsurion Open XDR, the dashboards and reports can be configured into Netsurion Open XDR.
The following are the key Data Source Integration available in Netsurion Open XDR.
Alerts
| Type | Name | Description |
|---|---|---|
| Security | Azure WAF – OWASP ruleset scanner detected | This alert is generated when the WAF OWASP rule is matched or detected for scanner detection. |
| Security | Azure WAF – OWASP ruleset Invalid HTTP request detected | This alert is generated when the WAF OWASP rule is matched or detected for invalid protocol requests on site. |
| Security | Azure WAF – OWASP ruleset path traversal attempted | This alert is generated when the WAF OWASP rule is matched or detected for path traversal attempt on site. |
| Security | Azure WAF – OWASP ruleset PHP injection attack detected | This alert is generated when the WAF OWASP rule is matched or detected for path traversal attempt on site. |
| Security | Azure WAF – OWASP ruleset possible remote file inclusion (RFI) attack detected | This alert is generated when the WAF OWASP rule is matched or detected for remote file inclusion attempt on site. |
| Security | Azure WAF – OWASP ruleset possible session fixation attack detected | This alert is generated when the WAF OWASP rule is matched or detected for session fixation attack detected on site. |
| Security | Azure WAF – OWASP ruleset protocol-attack detected | This alert is generated when the WAF OWASP rule is matched or detected for protocol attack detected on site. |
| Security | Azure WAF – OWASP ruleset remote command execution detected | This alert is generated when the WAF OWASP rule is matched or detected for command execution on site. |
| Security | Azure WAF – OWASP ruleset SQL injection attack detected | This alert is generated when the WAF OWASP rule is matched or detected for SQL injection attack on site. |
| Security | Azure WAF – OWASP ruleset XSS attack detected | This alert is generated when the WAF OWASP rule is matched or detected for XSS attack on site. |
Reports
| Type | Name | Description |
|---|---|---|
| Security | Azure WAF – Application gateway firewall activity | This report will provide detailed information on azure application gateway firewall traffic and detection of OWASP rules and other rules matched or detected, based on the configuration. |
Documentation
The configuration details are consistent with Netsurion Open XDR 9.x or later, and Azure WAF.
Download Integration Guide for configuration instructions and more information.