How to analyze WAF rules on Azure?
We have an accreditation requirement to prepare some form a report that has charts/metrics of WAF detection examples, as well as recommendations We essentially want to perform a couple hours of analysis on whats poppin' and present some recommendations about what rules to disable/enable based on insights.
This review is helpful for us to optimize to make our environment more resilient/secure as well as documenting some insights and we can use for this accreditation requirement.
Essentially the report would have something like:
Detections, examples, and how do we remediate vulnerabilities
Is there something on Azure that can provide us this information about WAF events?
Thank you SaiKishor-MSFT. Posting your suggestion as an answer to help other community members.
Once your Application Gateway WAF is operational, you can enable logs to inspect what is happening with each request. Firewall logs give insight to what the WAF is evaluating, matching, and blocking. With Log Analytics, you can examine the data inside the firewall logs to give even more insights. For more information about creating a Log Analytics workspace, see Create a Log Analytics workspace in the Azure portal. For more information about log queries, see Overview of log queries in Azure Monitor.
You can refer to How to analyze WAF rules on Azure? and Back-end health and diagnostic logs for Application Gateway
- logs not appearing in Application Insights for Azure Functions v4 with .NET 8
- Application Insights Logging Exceptions as Trace
- Native Node.js Metrics in Application Insights
- How to find non distinct/duplicate messages in Azure Application Insights?
- Application insights misunderstanding sampling data
- Some Azure function logs are missing from Application Insights
- Application Insights KQL query - not in sub query
- Using LogMetric in an Azure Function 8.0 isolated mode
- Logging BeginScope with Azure Application Insights
- Terraform Hidden Links for Azure Function App
- What additional benefits can Sentry.IO provide over Application Insights for ASP.NET Core?
- Isolated function app does not log traces but only information
- Logs logging twice in application insights when used Serilog in Azure Function app .NET 6
- Using Application Insights with Unit Tests?
- Using Azure AppInsights in a Nodejs Express Azure WebApp Application
- How do I create an Azure workbook that accepts a time range in UTC?
- Use Application Insight with ASP API Core
- How to monitor a Windows Service on an Azure VM?
- Live Metrics Displaying <Empty Role> in Application Insights
- NLog not writing to ApplicationInsightsTarget in ASP.NET Core
- Azure AKS with Managed Identity can not write to Application Insights
- How to connect Rust Web App to application insights?
- ExceptionFilterAttribute may not be logging exceptions in ApplicationInsights
- Is Application Insight logging, happening in background?
- Unable to see my log messages below than Warning on Azure Monitor
- Azure Function Serilog Not Writing to App Insights
- Given an Applications Insight Instrumentation key, get the name of the service in Azure
- Azure Application Insights does not show C# ILogger logs
- Kusto query to project json data
- Query Azure Application Insights CustomEvents in Azure function in C#.Net