Azure DDoS Protection solution for Sentinel
Solution: Azure DDoS Protection
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
| Attribute | Value |
|---|---|
| Publisher | Microsoft Corporation |
| Support Tier | Microsoft |
| Support Link | https://support.microsoft.com |
| Categories | domains |
| Version | 2.0.4 |
| Author | Microsoft - support@microsoft.com |
| First Published | 2022-05-13 |
| Solution Folder | Azure DDoS Protection |
| Marketplace | Azure Marketplace · Popularity: 🟢 High (80%) |
The Azure DDoS Protection Solution for Microsoft Sentinel enables you to easily ingest Azure DDoS Protection Standard logs to Microsoft Sentinel. This enables you to view and analyze this data in your workbooks, query it to create custom alerts, and incorporate it to improve your investigation process, giving you more insight into your platform security.
To enable automated response to threats detected, consider deploying the Remediation-IP Playbook.
Underlying Microsoft Technologies used:
This solution takes a dependency on the following technologies, and some of these dependencies either may be in Preview state or might result in additional ingestion or operational costs:
a. Azure Monitor Resource Diagnostics
Contents
Data Connectors
This solution provides 1 data connector(s):
🔶 CLv1: This connector ingests into a table that uses the legacy Custom Log V1 schema format with type-suffixed column names (e.g.
_s,_d,_b,_t,_g). Note: identification is based on column name suffixes which are also permitted in CLv2, so this classification may not always be accurate.
Tables Used
This solution uses 1 table(s):
| Table | Used By Connectors | Used By Content |
|---|---|---|
AzureDiagnostics 🔶 |
Azure DDoS Protection | Analytics, Workbooks |
🔶 CLv1: This table uses the legacy Custom Log V1 schema format with type-suffixed column names (e.g.
_s,_d,_b,_t,_g). Note: identification is based on column name suffixes which are also permitted in CLv2, so this classification may not always be accurate.
Content Items
This solution includes 3 content item(s):
| Content Type | Count |
|---|---|
| Analytic Rules | 2 |
| Workbooks | 1 |
Analytic Rules
| Name | Severity | Tactics | Tables Used |
|---|---|---|---|
| DDoS Attack IP Addresses - PPS Threshold | Medium | Impact | AzureDiagnostics |
| DDoS Attack IP Addresses - Percent Threshold | Medium | Impact | AzureDiagnostics |
Workbooks
| Name | Tables Used |
|---|---|
| AzDDoSStandardWorkbook | AzureDiagnostics |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊