How do we configure alerts for azure web application firewall.

rohith v 0 Reputation points
2023-11-08T10:38:22.6466667+00:00

Hello,

We are trying to configure alerts for azure-WAF mostly focusing on the blockers when there is a blocker on the firewall due to a request we have to receive alerts and information.

Any suggestions could be helpful.

Thanks.

Azure Web Application Firewall

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. GitaraniSharma-MSFT 49,261 Reputation points Microsoft Employee
    2023-11-08T17:31:31.3+00:00

    Hello @rohith v ,

    Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.

    I understand that you would like to know how to configure alerts for Azure web application firewall.

    You can configure alerts in the Azure portal by going to the alerts section of your Application gateway or Azure Front Door (depending upon which WAF you are using).

    Refer: https://video2.skills-academy.com/en-us/azure/web-application-firewall/ag/application-gateway-waf-metrics#configure-alerts-in-azure-portal

    Steps are as below:

    • In your Azure portal, go to your Application gateway/Azure Front Door profile.
    • Go to Alerts tab under Monitoring section.
    • Select New alert rule for metrics listed in Metrics section.
    • Specify all the conditions, actions and details to create the alert rule.

    Application gateway WAF V2 metrics that are available to configure alerts:

    User's image

    https://video2.skills-academy.com/en-us/azure/web-application-firewall/ag/application-gateway-waf-metrics#application-gateway-waf-v2-metrics

    Azure Front Door WAF metric that is available to configure alerts:

    Web Application Firewall Request Count is the only available metric in Front Door WAF.

    https://video2.skills-academy.com/en-us/azure/web-application-firewall/afds/waf-front-door-monitor?pivots=front-door-standard-premium#metrics

    User's image

    If you want to configure an alert for something other than the available platform metrics, then you have to create a custom log alert.

    A log alert rule monitors a resource by using a Log Analytics query to evaluate resource logs at a set frequency. If the conditions are met, an alert is fired. Because you can use Log Analytics queries, you can perform advanced logic operations on your data and use the robust KQL features to manipulate log data.

    enter image description here

    enter image description here

    Refer: https://video2.skills-academy.com/en-us/azure/azure-monitor/alerts/alerts-types#log-alerts

    https://video2.skills-academy.com/en-us/azure/azure-monitor/alerts/alerts-create-new-alert-rule?tabs=metric

    Kindly let us know if the above helps or you need further assistance on this issue.

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments