xss-attack took place in our webapp hosted in Azure. How to find the IP address of the attacker Machine?

Our webapp had a XSS attack today and i work in the monitoring team. My client want to confirm the IP address of the attacker. How to find the IP address of the attacker machine.

Solution

Look for the access logs. Something like the apache access logs. Once you have identified the request, take the corresponding IP address.

Bear in mind and check following:

That the IP address is external and not e.g. of your load balancer.
If the IP belongs to your load balancer, check the logs on your log balancer or check the X-Forwarded-For header value.
Most probably the IP address will not help at all, because if the attacker was not stupid, he used TOR or proxy himself to hide his real IP address. All you will get will be the exit TOR node IP address or proxy address.

Deploy filtered metrics on Azure dashboard with Bicep
IAsyncEnumerable JSON streaming is not streaming on azure web app running on IIS
node-fetch azure document translator
Need help getting Azure AD B2C SSO with Azure AD
Unable to get all users from Microsoft Graph using Python SDK
You need to ensure that WebApp1 uses the ASP.NET v4.7 runtime stack
MS Graph API - How to query additional pages
how to hash users into random values in azure databricks
How can I manage Azure SQL user/login/credentials
How to connect secrets value stored in Azure key vault to Azure app service env variables directly
AVD Insights Host Performance Blade Empty after vhange to new Azure Monitoring Agent
How to get a list of users from azure graph API
Azure App Service Flask Deployment Error: "Failed to Respond to HTTP Pings on Port 8000; Site Start Failed. Check Container Logs for Debugging."
Azure Function App - No continuous deployment setting for "Flex Consumption" hosting plan?
Az-GetRoleAssigments Not returning Data for DisplayName, SignInName & Object Type - Azure Powershell Runbook
Can you publish a new standalone Angular project (esproj) directly from VS2022 to Azure?
Cors configuration
Publish error: Found multiple publish output files with the same relative path
remove event subscriptions from system topics
Is it possible to use .env in a React Web project?
Sign in to Azure Account from VS Code
How to copy blobs from azure to aws using python?
AKV10032: Invalid issuer error when connecting to Azure Key Vault from App Service
how to mask hash users into random values [email protected] in azure databricks
Can we use PostgREST API with Azure
Bicep adding DNS Records saying already exists when it doesn't
Issue in sending personal message in MS Teams with Graph API
import files to databricks workspace
Create an Api connection to log analytics workspace via bicep
az funcapp publish .net8 Isolated breaking Azure configuration runtime settings on Sync