-
Notifications
You must be signed in to change notification settings - Fork 291
What's New
shabaz-github edited this page Jun 21, 2024
·
68 revisions
This page is a timeline of automation artifacts that have recently been added to the Azure Network security repository. For blog posts relating to Azure Network security, please visit the Azure Network Security Blog
For information about our Github repository, go here
For information about TechCommunity, go here
Thank you to all network security contributors for submitting samples and sharing your artifacts to improve the Network security experience.
Find the latest additions, best practices and interesting techniques, in the table below. Ordered by date.
| Artifact | Description | Author(s) | Date |
|---|---|---|---|
| Time Series IP Anomaly detection for Azure WAF | Threat Detection | Andrew Mathu | 06/21/2024 |
| Azure Policy to mandate the enabling of Log Scrubbing Rules for Azure WAF | Governance Policy | David Frazee | 05/27/2024 |
| Azure Policy to mandate Azure WAF Geo Match Custom Rules Should Specify the ZZ Location | Governance Policy | David Frazee | 05/09/2024 |
| Azure Policy to allow only encrypted traffic in Azure Firewall | Governance Policy | David Frazee | 03/26/2024 |
| Azure Policy to mandate Firewall Deployment for VNETs with specified Tags | Governance Policy | Gustavo Modena | 03/19/2024 |
| WAF Workbook with Metrics Tab | The WAF Monitor workbook now includes new tabs containing data from most used Metrics | David Frazee, Shabaz Shaik | 03/08/2024 |
| Hunting Queries for Top IPs and Rule IDs for Azure WAF | These new Hunting queries will give useful information like the Top offender IPs and most hit Rule IDs for Azure WAF | Shabaz Shaik | 03/04/2024 |
| Azure Policy to mandate DDoS Protection for Public IPs with Specified Tags | Governance Policy | David Frazee | 02/28/2024 |
| Azure Policy to mandate DDoS Protection for Azure Firewall public IPs | Governance Policy | Andrew Mathu | 02/28/2024 |
| Queries for DDoS Mitigation Trends | The New DDoS Mitigation Trends queries give important information about the recent DDoS Attacks | Saleem Bseeu | 01/15/2024 |
| Azure Policy for Enabling Rate Limiting on App GW WAF | Governance Policy | Andrew Mathu | 01/15/2024 |
| Playbook - Firewall Malware Detections for Sentinel | Detect common malware found in Azure Firewall logs like Coin-miner, Cl0p and Sunburst using predefined KQL detection queries for Azure Firewall | Shabaz Shaik, Tobi Otolorin | 12/13/2023 |
| Azure WAF - WAF Tuning - Front Door - Postman collection & Deployment template | Learn a high-level overview of understanding Azure WAF diagnostic logs to help identify how to create exclusions and custom rules for the Azure WAF on Azure Front Door. | David Frazee | 9/26/2023 |
| Azure WAF - WAF Tuning - Application Gateway - Postman collection & Deployment template | Learn a high-level overview of understanding Azure WAF diagnostic logs to help identify how to create exclusions and custom rules for the Azure WAF on Azure Application Gateway. | David Frazee | 9/26/2023 |
| Azure WAF - Sensitive Data Lab - Postman collection & Deployment template | Learn how to use the Azure WAF Sensitive data (log scrubbing) feature to hide potentially sensitive information from logs. | David Frazee | 8/8/2023 |
| Detection query for Code Injection Attack for AFD WAF | Query to build Analytic Rule in sentinel for Code Injection Attacks for AFD WAF. | Shabaz Shaik | 8/1/2023 |
| Detection query for Code Injection Attack for App GW WAF | Query to build Analytic Rule in sentinel for Code Injection Attacks for App GW WAF. | Shabaz Shaik | 8/1/2023 |
| Detection query for Path Traversal Attack for AFD WAF | Query to build Analytic Rule in sentinel for Path Traversal Attacks for AFD WAF. | Shabaz Shaik | 8/1/2023 |
| Detection query for Path Traversal Attack for App GW WAF | Query to build Analytic Rule in sentinel for Path Traversal Attacks for App GW WAF. | Shabaz Shaik | 8/1/2023 |
| Detection query for User Agent based Scanner Attack for App GW WAF | Query to build Analytic Rule in sentinel for User Agent based Scanner Attack for App GW WAF. | Andrew Mathu | 8/1/2023 |
| Workbook - Azure Monitor Workbook for Azure Firewall - Structured Logs | Gain insights into Azure Firewall events. You can learn about your application and network rules, see statistics for firewall activities across URLs, ports, and addresses. This workbook allows you to filter your Firewalls and Resource Groups, dynamically filter per category with easy to read data sets when investigating an issue in your logs. Import via ARM Template or Gallery Template. | Shabaz Shaik, Gustavo Modena, David Frazee | 2/22/2023 |
| Template - Inspecting traffic to PE with Azure Firewall | Inspect traffic going to a Private Endpoint with Azure Firewall | Gustavo Modena | 1/4/2023 |
| Sentinel Playbook - Block IP in AFD | Add the source IP address passed from the Sentinel Incident to a custom WAF rule for blocking malicious IPs | Shabaz Shaik | 11/30/2022 |
| Template - Firewall Basic with Firewall Policy and Hub Spoke Network | Deploy Azure Firewall Basic using Bicep | David Frazee | 11/16/2022 |
| Template - Firewall Basic with Firewall Policy and Hub Spoke Network | Deploy Azure Firewall Basic using Terraform | Gustavo Modena | 11/3/2022 |
| Template - Azure Firewall Forced Tunnel Lab | Use this template and blog to deploy Azure Firewall in a Forced Tunnel environment and test different scenarios such as forced tunneling monitoring and split tunneled traffic | David Frazee | 9/1/2022 |
| Import Palo Alto Panorama policy into Azure Firewall Policy | This script will export Palo Alto firewall ruleset to be used in creating an Azure Firewall policy | Jose Moreno | 9/1/2022 |
| Migrate from Fortinet config into Azure Firewall Policy | This script provides a way read an existing Fortigate configuration and export commands into an existing Azure Firewall Policy | Jose Moreno | 9/1/2022 |
| Template - Logic App for Azure Firewall Backups | Use this template to create an Azure Logic App that runs every three day to backup your Azure Firewall and Azure Firewall Policy | Lara Goldstein | 8/17/2022 |
| Template - Logic App and Automation Account for Adding O365 Rules | Use this template to create an Azure Logic App and an Azure Automation Account to update an Azure Firewall Policy to allow traffic to Office 365 endpoints | Lara Goldstein | 8/15/2022 |
| Terraform Geoblock Custom IPs | Create a custom rule and apply it to deny or allow an IP list using Terraform | Jon Chancellor | 7/1/2022 |
| Logic app for IDPS signature updates notification | Use this template to create Logic App that sends notification for new Azure Firewall Premium IDPS signature updates | Lara Goldstein, Shabaz Shaik | 6/13/2022 |
| AppGateway WebAppFirewall Policy for Logging Countries | Block Geolocations in a sanctioned and embargoed list using this template | Nathan Swift | 5/13/2022 |
| IP Groups terraform implementation | Use this tool to enable the implementation of Azure Firewall IP Groups and rules in batch. Example application is for Azure Firewall Geo-filtering | Jon Chancellor | 3/15/2022 |
| Create alerts for traffic anomalies with Azure WAF | Detect traffic anomalies and auto-mitigate spikes with Azure WAF on Microsoft Azure Front Door | Sushant Singh | 02/28/2022 |
| View Protected IPs Tool | This script will generate a CSV file containing the DDoS protection standard information for each Public IP Address in your subscription | Camila Martins, Corey Callaway | 2/16/2022 |
| Migrate to Azure Firewall Premium in Secured vWAN hub-Preserve IPs | Migrate Azure firewall from Standard SKU to Premium SKU in Secured vWAN hub while preserving the Public IP addresses during the migration process | Tobi Otolorin | 02/03/2022 |
| Runbook to manage Azure Firewall Back ups | Run back-ups and create schedules/task for your Azure Firewall. Follow the tutorial in our TechCommunity Blogpost for more information on how this script works | Tobi Otolorin | 01/19/2022 |
| Azure Network Security Lab Environment Deployment Template v2.1 | Update to the demo lab to test Azure Network Security components including the new Azure Firewall Premium. If you are looking to test out a migration, please use the old lab with Azure firewall standard. | Tobi Otolorin | 10/28/2021 |
| Workbook - AppGw WAF Triage Workbook | This workbook visualizes Application Gateway WAF rule violations and helps with triaging the violations in order to facilitate tuning the WAF against valid traffic | Christof Claessens | 09/24/2021 |
| Network Security Dashboard for Security Center | Network security dashboard for Security Center provides you a unified view and full visibility to your network security and networking resources in Azure | Mohit Kumar, Lior Arviv | 08/24/2021 |
| Firewall as DNS Proxy in Hub & Spoke topology | DNS proxy puts Azure Firewall in the path of the client requests to avoid inconsistency. You can enable DNS proxy in Azure Firewall and Firewall Policy settings | Paolo Salvatori | 4/19/2021 |
| Firewall Premium Monitor Workbook | Azure Monitor Workbook optimized for Firewall Premium SKU with IDPS features etc. | Chris Boehm | 04/07/2021 |
| WVD Firewall Templates sample | Protect your WVD Host Pools using Firewall Policy Sample with Azure Firewall Premium | Nathan Swift | 02/24/2021 |
| Role Based Access Control (RBAC) for Azure Firewall | Find RBAC templates and create custom RBAC roles for Firewall admins | Tobi Otolorin | 2/8/2021 |
| Azure WAF Attack Testing Lab Environment Deployment Template | This ARM deployment includes everything needed to test and validate Azure WAF Security components | Mohit Kumar | 1/4/2021 |
| WAF Custom Rule Examples | These templates contain various examples of custom rules for use with Azure WAF on either Application Gateway or Front Door. | Anthony Roman | 12/22/2020 |
| DDoS Mitigation Alert Enrichment | Deploy this template for enriched DDoS mitigation alert: Azure Monitor alert rule, action group, and Logic App | Anthony Roman | 11/24/2020 |
| Policy to ensure Virtual networks are associated to DDoS standard protection plan | This policy will detect any virtual networks that do not have DDoS Protection Standard enabled and optionally create a remediation task which will associate the specified DDoS Protection Plan | Anthony Roman | 11/22/2020 |
| List port status via Azure Resource Graph Query | Query to quickly identify network security attack surface by listing ports status | Mohit Kumar | 11/11/2020 |
| Map Public IPs to Azure Assets | Azure Resource Graph query that provides details of all public IPs and the assets associated with them in the selected Azure subscriptions. | Mohit Kumar | 09/29/2020 |
| Find Dangling DNS records | Tool to generate dangling domains in a tenant | AzureDanglingDNS | 09/23/2020 |
| Policy to manage Enabling of DDoS standard on VNets | Restrict creation of Azure DDoS Protection Standard plans with Azure Policy | Camila Martins | 09/17/2020 |
| Get Protected Public IPs | Loop through all VNets for a list of subscriptions and determine which public IP addresses are protected by DDoS standard protection | Azure DDoS | 09/02/2020 |
| Sentinel Playbook - Block IP | This Logic App Playbook for Sentinel will add the source IP address passed from the Sentinel Incident to a custom WAF rule blocking the IP | Anthony Roman | 08/21/2020 |