Azure Web Application Firewall (WAF)
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
| Attribute | Value |
|---|---|
| Connector ID | WAF |
| Publisher | Microsoft |
| Used in Solutions | Azure Web Application Firewall (WAF) |
| Collection Method | Azure Diagnostics |
| Connector Definition Files | template_WAF.JSON |
| Custom Log V1 Tables | Yes 🔶 — ingests into tables with type-suffixed columns |
Connect to the Azure Web Application Firewall (WAF) for Application Gateway, Front Door, or CDN. This WAF protects your applications from common web vulnerabilities such as SQL injection and cross-site scripting, and lets you customize rules to reduce false positives. Follow these instructions to stream your Microsoft Web application firewall logs into Microsoft Sentinel. For more information, see the Microsoft Sentinel documentation.
Tables Ingested
This connector ingests data into the following tables:
| Table | Selection Criteria | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|---|
AzureDiagnostics 🔶 |
ResourceType in "APPLICATIONGATEWAYS,CDNWEBAPPLICATIONFIREWALLPOLICIES,FRONTDOORS" |
? | ✗ | ? |
Permissions
Resource Provider Permissions: - Workspace (Workspace): read and write permissions.
Setup Instructions
⚠️ Note: These instructions were automatically generated from the connector's user interface definition file using AI and may not be fully accurate. Please verify all configuration steps in the Microsoft Sentinel portal.
1. Connect Azure WAF to Microsoft Sentinel
Go to each WAF resource type and choose your WAF. - Configure Web Application Firewall - Configure Azure Front Door - Configure CDN Profile
Inside your WAF resource:
- Select Diagnostic logs.
- Select + Add diagnostic setting.
- In the Diagnostic setting blade:
- Type a Name.
- Select Send to Log Analytics.
- Choose the log destination workspace.
- Select the categories that you want to analyze (recommended: ApplicationGatewayAccessLog, ApplicationGatewayFirewallLog, FrontdoorAccessLog, FrontdoorWebApplicationFirewallLog, WebApplicationFirewallLogs).
- Click Save.
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊