Hi,

I have enabled Microsoft Default Ruleset 2.1 for my Azure Application Gateway WAF and I was wondering if there is a place where I can read about the rule description as it was with OWASP CRS 3.2 (https://github.com/coreruleset/coreruleset/tree/v3.3/master/rules).

@mskuratowski Thank you for submitting this question.
Please see the link for DRS 2.1 : https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/application-gateway-crs-rulegroups-rules?tabs=drs21#drs-21

Also per the announcement : https://azure.microsoft.com/en-us/updates/general-availability-default-rule-set-21-for-azure-web-application-firewall/ , the DRS 2.1 uses CRS 3.3.2 and built-in Microsoft Threat Intelligence rules.
Hope this helps?