Malware Detection in Sentinel for Azure Firewall
Malware can have various negative impacts, such as stealing sensitive data, encrypting, or deleting files, displaying unwanted ads, slowing down performance, or even taking control of the device. Azure Firewall IDPS feature automatically detects and denies Malware by default and can prevent the cloud workloads from being infected. We can further enhance this capability by employing automated detection and response using prebuilt detection queries and Sentinel. In this blog, we will explore how to detect some common malware found in Azure Firewall logs like Coin-miner, Cl0p and Sunburst using predefined KQL detection queries for Azure Firewall.Azure WAF Notebook for Microsoft Sentinel
In this blog, we introduce you to the Azure WAF guided investigation Notebook using Microsoft Sentinel, which lets you investigate Sentinel incidents triggered due SQL injection attack detections by Azure WAF. It allows you to investigate if the incident is a true positive, false positive or benign positive. Upon confirmation of a false positive, the Azure WAF exclusions are automatically applied.
