Front Door Premium WAF - SQLi Detection

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Content Index

---

Identifies a match for a SQL Injection attack in the Front Door Premium WAF logs. The threshold value in the query can be changed as per your infrastructure's requirements. References: https://owasp.org/Top10/A03_2021-Injection/

Attribute	Value
Type	Analytic Rule
Solution	Azure Web Application Firewall (WAF)
ID	16da3a2a-af29-48a0-8606-d467c180fe18
Severity	High
Status	Available
Kind	Scheduled
Tactics	DefenseEvasion, Execution, InitialAccess, PrivilegeEscalation
Techniques	T1211, T1059, T1190, T0890
Required Connectors	WAF
Source	View on GitHub

Tables Used

This content item queries data from the following tables:

Table	Selection Criteria	Transformations	Ingestion API	Lake-Only
AzureDiagnostics 🔶	Category == "FrontDoorWebApplicationFirewallLog"	?	✗	?

---

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Analytic Rules · Back to Azure Web Application Firewall (WAF)