Added 5 New Analytic Rule Detections for Azure WAF #8784

shabaz-github · 2023-08-14T16:31:15Z

Added new analytic rules for Path Traversal Attack, Code Injection Attack and Scanner Detection Attack

Required items, please complete:

Change(s):

Added the following 5 New Analytic Rule Detections for Azure WAF
- AFD-WAF-Code-Injection.yaml
- AFD-WAF-Path-traversal-Attack.yaml
- App-GW WAF-Code_injection.yaml
- App-GW-WAF-Path-Traversal-Attack.yaml
- App-GW-WAF-Scanner-detection.yaml

Reason for Change(s):

Adding new detection queries for Azure WAF

Version Updated:

Yes

Testing Completed:

Yes

Checked that the validations are passing and have addressed any issues that are present:

Yes

Added new analytic rules for Path Traversal Attack, Code Injection Attack and Scanner Detection Attack

v-atulyadav · 2023-08-16T04:41:14Z

Hi @shabaz-github,
Thank you for raising Pull Request with us! We will review the Pull Request internally and get back to you by shortly.
Thanks

v-rusraut · 2023-08-17T12:56:43Z

Hi @shabaz-github,
Status property is not present in Analytic Rule, please add it.
And we need sample data for testing Analytic Rule.
Please upload sample data into below path.
Path : \Azure-Sentinel\Sample Data\Custom
Thanks

v-rusraut · 2023-08-22T06:59:53Z

Hi @shabaz-github,
Please work on above comment and also provide sample data for testing Analytic Rule.
Thanks.

v-rusraut · 2023-08-24T05:45:28Z

Hi @shabaz-github,
Please add status property in Analytic Rules, refer below image for reference.

And also provide sample data for testing Analytic Rules.
Thanks

Adding status property

shabaz-github · 2023-08-24T07:08:34Z

@v-rusraut Status property has been added - Could you please guide on how to get the sample data added?

Added status property

Added Status Property

Added status property

Updated version

shabaz-github · 2023-08-24T08:21:40Z

@v-rusraut Could you please also help with fixing the check error 'run script on changing detections / add-comment / comment (pull_request)' not sure why this check is failing.

v-rusraut · 2023-08-24T10:26:27Z

@v-rusraut Status property has been added - Could you please guide on how to get the sample data added?
Hi @shabaz-github,
Please upload sample data on below path
https://github.com/Azure/Azure-Sentinel/tree/master/Sample%20Data/Custom
Thanks

v-rusraut · 2023-08-25T06:21:52Z

Hi @shabaz-github,
To resolve the validation error please update your branch from master branch and commit again.
Thanks

v-atulyadav · 2023-08-28T08:15:19Z

Hi @shabaz-github,
Please add sample data as requested earlier. Thanks

Added Sample data for analytic detection validation

shabaz-github · 2023-08-29T00:42:05Z

@v-atulyadav Sample data csv files have been added

Add files via upload

171e87c

Added new analytic rules for Path Traversal Attack, Code Injection Attack and Scanner Detection Attack

shabaz-github requested review from a team as code owners August 14, 2023 16:31

v-atulyadav assigned v-rbajaj Aug 16, 2023

v-atulyadav added Solution Solution specialty review needed Analytic Rules labels Aug 16, 2023

v-atulyadav assigned v-rusraut Aug 17, 2023

shabaz-github added 6 commits August 24, 2023 12:30

Update AFD-WAF-Code-Injection.yaml

a5c3ef8

Adding status property

Update AFD-WAF-Path-Traversal-Attack.yaml

5c604bc

Update App-GW-WAF-Code-Injection.yaml

6afe5d1

Update App-GW-WAF-Path-Traversal-Attack.yaml

d1f6afa

Update App-GW-WAF-Scanner-detection.yaml

f4600d5

Merge branch 'Azure:master' into master

ddcf38f

shabaz-github added 9 commits August 24, 2023 12:40

Update AFD-WAF-Path-Traversal-Attack.yaml

b856aca

Added status property

Update App-GW-WAF-Code-Injection.yaml

f92750a

Added status property

Update App-GW-WAF-Path-Traversal-Attack.yaml

824aa78

Added Status Property

Update App-GW-WAF-Scanner-detection.yaml

fdaa4b0

Added status property

Update AFD-WAF-Code-Injection.yaml

9935d42

Updated version

Update AFD-WAF-Path-Traversal-Attack.yaml

a919b9b

Updated version

Update App-GW-WAF-Code-Injection.yaml

cb33a3c

Updated version

Update App-GW-WAF-Path-Traversal-Attack.yaml

610c810

Updated version

Update App-GW-WAF-Scanner-detection.yaml

872d022

Updated version

Merge branch 'Azure:master' into master

713890f

shabaz-github added 2 commits August 29, 2023 06:07

Merge branch 'Azure:master' into master

82efff4

Add files via upload

ce3e8d6

Added Sample data for analytic detection validation

v-rusraut assigned v-atulyadav Aug 29, 2023

v-atulyadav approved these changes Aug 29, 2023

View reviewed changes

v-atulyadav merged commit 52c84c5 into Azure:master Aug 29, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Added 5 New Analytic Rule Detections for Azure WAF #8784

Added 5 New Analytic Rule Detections for Azure WAF #8784

shabaz-github commented Aug 14, 2023

v-atulyadav commented Aug 16, 2023

v-rusraut commented Aug 17, 2023

v-rusraut commented Aug 22, 2023

v-rusraut commented Aug 24, 2023

shabaz-github commented Aug 24, 2023

shabaz-github commented Aug 24, 2023 •

edited

Loading

v-rusraut commented Aug 24, 2023

v-rusraut commented Aug 25, 2023

v-atulyadav commented Aug 28, 2023

shabaz-github commented Aug 29, 2023

Added 5 New Analytic Rule Detections for Azure WAF #8784

Added 5 New Analytic Rule Detections for Azure WAF #8784

Conversation

shabaz-github commented Aug 14, 2023

v-atulyadav commented Aug 16, 2023

v-rusraut commented Aug 17, 2023

v-rusraut commented Aug 22, 2023

v-rusraut commented Aug 24, 2023

shabaz-github commented Aug 24, 2023

shabaz-github commented Aug 24, 2023 • edited Loading

v-rusraut commented Aug 24, 2023

v-rusraut commented Aug 25, 2023

v-atulyadav commented Aug 28, 2023

shabaz-github commented Aug 29, 2023

shabaz-github commented Aug 24, 2023 •

edited

Loading