Home NewsX Azure Firewall and WAF integrations in Microsoft Copilot for Security

Azure Firewall and WAF integrations in Microsoft Copilot for Security

by info.odysseyx@gmail.com
0 comment 4 views


Azure Firewall and WAF are critical security services that many Microsoft Azure customers use to protect their networks and applications from threats and attacks. Azure Firewall is a fully managed, cloud-based network security service that protects your Azure resources. It filters both inbound and outbound traffic, catches threats, and allows only legitimate traffic, while ensuring high availability and scalability. Azure WAF is a cloud-based service that protects web applications from common web hacking techniques such as SQL injection and cross-site scripting. It provides centralized protection for web applications hosted behind Azure Application Gateway and Azure Front Door.

Copilot for Security’s Azure Firewall integration enables analysts to conduct detailed investigations into malicious traffic intercepted by IDPS. [Intrusion Detection and Prevention System] Provides firewall capabilities across the entire fleet. Analysts can investigate threats using natural language queries in the Copilot for Security standalone environment. Azure WAF integration enables security and IT teams to focus on high-value tasks and operate more efficiently. Copilot summarizes data and generates deep contextual insights into the WAF threat landscape. Both integrations simplify complex tasks, allowing analysts to ask questions in natural language instead of writing complex KQL queries.

This blog focuses on how to set up and leverage the integration of Copilot for Security with your network security services to hunt for malicious traffic and remediate issues.

Network security features available in Copilot today:

Azure Firewall:

  • Search for top IDPS signature hits for Azure Firewall
  • Get additional details beyond log information to enrich the threat profile of IDPS signatures.
  • Find the specified IDPS signature in your tenant, subscription, or resource group.
  • Generate recommendations to secure your environment using Azure Firewall’s IDPS capabilities

Azure WAF:

  • Retrieve context details for WAF detections and triggered top-level rules
  • Discover the most malicious IPs in your environment along with the associated WAF rules and patterns that trigger attacks.
  • Get information about SQL injection attacks blocked by Azure WAF
  • Get information about XSS attacks blocked in Azure WAF

Prerequisites for enabling integration:

If you have never used Copilot for Security in another product, you will need to onboard to Copilot for Security by following the steps below.

  • Supply capacity
    • This can be done by logging into Copilot for security reasons.https://securitycopilot.microsoft.com) or through the Azure Portal., It will be displayed as follows:
    • For more detailed setup process information for Copilot for Security, see: here.
    • Here are the pricing details for Copilot for Security: here.

shabazshaiq_0-1723479437667.png

shabaz_shaiq_1-1723479437676.png

  • Use the mentioned guidelines to set up your basic environment. here.

shabazshaiq_2-1723479437690.png

  • Activate the plugin:
    • For firewalls, you only need to activate the plugin as shown in the image. Below.

shabazshaiq_3-1723479437691.png

shabaz_shaikh_4-1723479437698.png

  • For WAF, you need to ensure that the WAF Log Analytics workspace name, Log Analytics resource group name, and Log Analytics subscription ID are configured along with enabling the plugin.

shabazshaiq_5-1723479437707.png

Secure Computing Unit (SCU)S) is provisioned as specified, Azure WAF and Firewall logs appear in your Azure Log Analytics workspace, and the feature is enabled.

Investigate threats on Azure Firewall using Copilot for Security:

  • Detect IDPS hits on Azure Firewall using natural language prompts:

shabazshaykh_6-1723479437712.jpeg

shabaazshaykh_7-1723479437717.jpeg

  • Get additional details beyond log information to enrich the threat profile of IDPS signatures.

shabazshaiq_8-1723479437724.jpeg

  • Find the specified IDPS signature in your tenant, subscription, or resource group.

shabaazshaykh_9-1723479437727.jpeg

Investigate threats on Azure WAF using Copilot for Security:

  • Use natural language prompts to search for contextual details, top IP offenders, and WAF rule matches.
  • Here, local WAF refers to the app gateway WAF and global WAF refers to the front door WAF.

shabazshaykh_10-1723479437734.png

shabazshaiq_11-1723479437739.png

  • Get information about SQL injection attacks blocked by Azure WAF

shabazshaiq_12-1723479437746.png

  • Get information about XSS attacks blocked in Azure WAF

shabazshaiq_13-1723479437752.png

Recommendations for network security:

  • Copilot for Security also provides recommendations on how to use Azure Firewall’s capabilities to protect your environment, including:

shabazshaykh_14-1723479437774.png

For more information on all available prompts that can be used with this integration, please see the respective documentation here. fire door and Warp.

Integrating Microsoft Azure’s powerful network security services with Copilot for Security provides a powerful solution to strengthen your security posture. Leveraging Azure Firewall and Azure Web Application Firewall (WAF) within Copilot, security analysts can efficiently investigate and mitigate threats using natural language queries. This integration not only simplifies complex security tasks, but also provides comprehensive protection for applications and data, freeing security and IT teams to focus on high-value activities.





Source link

You may also like

Leave a Comment

Our Company

Welcome to OdysseyX, your one-stop destination for the latest news and opportunities across various domains.

Newsletter

Subscribe my Newsletter for new blog posts, tips & new photos. Let's stay updated!

Laest News

@2024 – All Right Reserved. Designed and Developed by OdysseyX