Giters

hisashin0728 / AzFirewallIDPSSentinel

This repository provides Analytics Rule of Microsoft Sentinel for Azure Firewall IDPS Alert.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

AzFirewallIDPSSentinel

This repository provides Analytics Rule of Microsoft Sentinel for Azure Firewall IDPS Alert.

Screenshot of Microsoft Sentinel Incident

When you imported exported json file from Sentinel, Analytics Rule will trigger Azure Firewall IDPS alert to Microsoft Sentinel.
image

Preparations

You should enable Structured format of Diagnostic setting from Azure Firewall. image

Analytics Rule

Created three analytics rules for Azure Firewall IDPS Alert

Severity Rule Title Description
High Detect High Severity from IDS Event of Azure Firewall Detected High Severity Non-blocked alert event from Azure Firewall IDPS.
Medium Detect Alert Event from IDS Events of Azure Firewall Detected Non-blocked alert event from Azure Firewall IDPS.
Low Detect Blocked Event from IPS Events of Azure Firewall Detected Blocked Event from Azure Firewall IDPS.

About

This repository provides Analytics Rule of Microsoft Sentinel for Azure Firewall IDPS Alert.