From dc9f34df857fbe7db8800d33bac93c414ddf14ad Mon Sep 17 00:00:00 2001 From: "v-visodadasi@microsoft.com" Date: Thu, 6 Feb 2025 18:15:44 +0530 Subject: [PATCH 1/4] Updated Application Gateway WAF - SQLi Detection and Application Gateway WAF - XSS Detection --- .../App-GW-WAF-SQLiDetection.yaml | 9 +++-- .../App-GW-WAF-XSSDetection.yaml | 9 +++-- .../Package/3.0.2.zip | Bin 0 -> 20350 bytes .../Package/mainTemplate.json | 38 +++++++++--------- 4 files changed, 31 insertions(+), 25 deletions(-) create mode 100644 Solutions/Azure Web Application Firewall (WAF)/Package/3.0.2.zip diff --git a/Solutions/Azure Web Application Firewall (WAF)/Analytic Rules/App-GW-WAF-SQLiDetection.yaml b/Solutions/Azure Web Application Firewall (WAF)/Analytic Rules/App-GW-WAF-SQLiDetection.yaml index d87bfd22efe..7a51a79dc01 100644 --- a/Solutions/Azure Web Application Firewall (WAF)/Analytic Rules/App-GW-WAF-SQLiDetection.yaml +++ b/Solutions/Azure Web Application Firewall (WAF)/Analytic Rules/App-GW-WAF-SQLiDetection.yaml @@ -31,13 +31,16 @@ query: | | where Category == "ApplicationGatewayFirewallLog" | where action_s == "Matched" | where Message has "SQL Injection" - | project transactionId_g, hostname_s, requestUri_s, TimeGenerated, clientIp_s, Message, details_message_s, details_data_s + | extend transactionId_g = tostring(parse_json(AdditionalFields).transactionId_g) + | extend hostname_s = tostring(parse_json(AdditionalFields).hostname_s) + | project transactionId_g, hostname_s, requestUri_s, TimeGenerated, clientIp_s, Message | join kind = inner( AzureDiagnostics | where Category == "ApplicationGatewayFirewallLog" - | where action_s == "Blocked") on transactionId_g + | where action_s == "Blocked" + | extend transactionId_g = tostring(parse_json(AdditionalFields).transactionId_g)) on transactionId_g | extend Uri = strcat(hostname_s,requestUri_s) - | summarize StartTime = min(TimeGenerated), EndTime = max(TimeGenerated), TransactionID = make_set(transactionId_g,100), Message = make_set(Message,100), Detail_Message = make_set(details_message_s,100), Detail_Data = make_set(details_data_s,100), Total_TransactionId = dcount(transactionId_g) by clientIp_s, Uri, action_s + | summarize StartTime = min(TimeGenerated), EndTime = max(TimeGenerated), TransactionID = make_set(transactionId_g,100), Message = make_set(Message,100), Total_TransactionId = dcount(transactionId_g) by clientIp_s, Uri, action_s | where Total_TransactionId >= Threshold # The Threshold value above can be changed as per your infrastructure's requirement entityMappings: diff --git a/Solutions/Azure Web Application Firewall (WAF)/Analytic Rules/App-GW-WAF-XSSDetection.yaml b/Solutions/Azure Web Application Firewall (WAF)/Analytic Rules/App-GW-WAF-XSSDetection.yaml index eb30bdac327..1265f869162 100644 --- a/Solutions/Azure Web Application Firewall (WAF)/Analytic Rules/App-GW-WAF-XSSDetection.yaml +++ b/Solutions/Azure Web Application Firewall (WAF)/Analytic Rules/App-GW-WAF-XSSDetection.yaml @@ -28,13 +28,16 @@ query: | | where Category == "ApplicationGatewayFirewallLog" | where action_s == "Matched" | where Message has "XSS" - | project transactionId_g, hostname_s, requestUri_s, TimeGenerated, clientIp_s, Message, details_message_s, details_data_s + | extend transactionId_g = tostring(parse_json(AdditionalFields).transactionId_g) + | extend hostname_s = tostring(parse_json(AdditionalFields).hostname_s) + | project transactionId_g, hostname_s, requestUri_s, TimeGenerated, clientIp_s, Message | join kind = inner( AzureDiagnostics | where Category == "ApplicationGatewayFirewallLog" - | where action_s == "Blocked") on transactionId_g + | where action_s == "Blocked" + | extend transactionId_g = tostring(parse_json(AdditionalFields).transactionId_g)) on transactionId_g | extend Uri = strcat(hostname_s,requestUri_s) - | summarize StartTime = min(TimeGenerated), EndTime = max(TimeGenerated), TransactionID = make_set(transactionId_g,100), Message = make_set(Message,100), Detail_Message = make_set(details_message_s,100), Detail_Data = make_set(details_data_s,100), Total_TransactionId = dcount(transactionId_g) by clientIp_s, Uri, action_s + | summarize StartTime = min(TimeGenerated), EndTime = max(TimeGenerated), TransactionID = make_set(transactionId_g,100), Message = make_set(Message,100), Total_TransactionId = dcount(transactionId_g) by clientIp_s, Uri, action_s | where Total_TransactionId >= Threshold # The Threshold value above can be changed as per your infrastructure's requirement entityMappings: diff --git a/Solutions/Azure Web Application Firewall (WAF)/Package/3.0.2.zip b/Solutions/Azure Web Application Firewall (WAF)/Package/3.0.2.zip new file mode 100644 index 0000000000000000000000000000000000000000..d7c1c6014a615641f3246781807936bc177fbaad GIT binary patch literal 20350 zcmZs>V{oQVus$5y#>U*(wr$&dV%vCPdt=+q#x^&$ZEy15-#O>YTlIeFnz`?5s-`hL zJzbZQEI0%P2nYxah;E{U4#o*xQ5`%82)Q5#2=>3Prq1TZuIB32V&)ds_SUY}4)zQ- zE)Mobx__NFIMBX(S^Xjiw$16h$YnGZD4+Dai<&O;nsgFD61NX?l?nY_c!f#ez0ObV>yG%0y;XzVe6IanUPFk z0%~h%(PDfm=`RP5&;@5;VLFqk@=IKb01>U5y|)88R>9d-l~m?-jQmV!REk6CJdpFC zAl5L?ld)GuFxL}>EZ#)-@7J?f?%4G7P3rK~w7e%{0xm=>`jQdmDvohss1hp!8P0*2 zH3UPfxyT$k9;b{M`8o$m&G*-bpyRIVI!@>T_>}dc%5k&0Os=e7OSuMF+I<|H31!|R zU`}x0u1Po`qcj*gCOjAM-AC^r2KEjx7r^1^#L+B)y$Xu0mx z@XOUl3z@v^6i6#?>kjXD*rgTgXFMB3G<%QQ% zTH#3%i?t)r`(r+Yd9U%_hXgj`oTNQAdNGicvjJ6*|o~-4`|Ntf?qutam~J9Z79B%+=RzIaPNO3M4!zp%)zL6=gB)Ps4)obAb za7P)C5HRp);}G|Jvr`dPWx+VT?q&KQmPV(lf+39!D%g!*{vXZ4A_t7PcwGqO4TUfl zJ#W|bKsiQp4tH888K|k&^N}^1557ylQuSUd)T3tFy?r7{H{m1nU;A(Mw%(R`fv2=9 z`;$)noGoW?549xfvm2Y#>&i^P6c!*RxRg;+ltwGC0nIq~GiLJ(q$;!DjT)v!MikDS zl>q`~-Gf3L5sh6egI8ogYr4JJqGQkKH3*1cy~L}awLSs5HZfh)GS3zm+bURcMnHYs zviH;`go}2t&|JN)$+|S0F+1oEJz*((_s8BNf0&*!PGO?CUn8h6c1OYaSDxnv)wTq* zRhCZ`I6jrZ$&gD99ns(Bd3(-8eWPq!1Z+PseN&fowLCSDtL8_-5fksC2jV(BwL1^) zEC$H4k>Um;5<=&T_6~PSIP5ko(k=6d-#JY+wZrl5B-?t{L=ms^U-IRT4nCUXeTewn>7)(hpoz+;TFC^EMAV(Bww$ES=lE%;T z=V&86fX;2jzL~dW7b*PTPTn7VO$k%%qT~DZ<0Bu#F{OhF?EXf<5$1#^S89P|#0H7n z-W4pZZ`-v=PtBK$%LNV!QA-4qq$68&>5+$$vK=WG_~)F2lSozG{@cctx$5>RGJw@+pTJXAB)q zmir#8SG*N27tdKg5_wf))fy`jxD)JQwDmJmkR8vfZ&;?QrksINlfybTxp}~p?70P| zWzOi)Z|aivUo(*&}ZDZpyfw4?IeVDzN|*j^ckoAt1#JY_|B(4McsWWiJ6w@ zwe};$G8wy8dP;40=2n4;SO}PI40do@(?u{XXCO^!kSD_iZbou411SD{tI$~Cc(FgN zl9=^cpCAJnyd2-(KnVE|0%g^kh=okA;YUKgZE-kVeW2-V5fT)cT}2NK^r2RQgdE@R zp8x)6`9&+V=@bx_mEm5dT^58we=tyuyEjV&wPzFMy*;2sQl9q>Dm+ar0?Y!+*yU4l z@>)eSW*77tboY4TbYn(r?QKthzU;??v@dkXXCBkA8o^ko8L?}lfYSn(bZCow!v|NB zIHo8fyt$7RSxAV5P0K;GNgw}9cT{;K!XR zSnTis17#&IPS|o@>(dkR#W*9%iXod{F7b&cw4e68?GF`gHehsuPib4F%Q@cZ49~oZ zJ(Jws7Zq*$m&`fd**ynI>~pxFaLH;+=fm4td(Qk}-dzd6Ab)~(Jb5^zgenc%3`N=-j-JkM?s?C>S=D<3Eres3R z$R;Z?;wdwkLfw)<;V$drEL+9cR_(5GyDZVd`=*8>W4*d>{l*_F#>1~-)wJy-fiwy_ zTHMz%np0|<>YMVD5H9s$+pJQ^)q|oT$!2i9$chV+S(w7qv+leY?Z>%7P}X47co@IV zopF#mf5mi#Th-Fb($)a7L4njkx)yZs1UY<;HAqLy)ACg&ILVT?dmND`5$hlGB2qN z#Qg#9e?JFx-&{Zw3lY>GW9pR9g}Ee&AqhnNE(eICU;M`tXm;h$B7-x=BR3lgZmRDO zb0&cn9nxlaoaMQ@oiz#_UqHV6_!=cBtJVSppv{QfIW55xl6vRz4dTb_EY#nAjkf*Y zZ3aRDhS00@v}q(geA$ZiG3)wqk903i&7ob_fCxx{pd!{Q-_{QM8n+q?=1oz z1$W8K{Wa?E5pfC2nmmc3XYa($3Fkpahql1dXx`MjnjhJWgn4xU83a=a0%gmFVF*P2ezF7^mdL9nervK2Hjdrt&%-J0AHA-*6k7@XrCEp@96$E4k5Ig8lt+ zrLp#+JGKO9GTIYAp@RXxfL@x&Y!%B=Iw+R%-T7I;qbOxLRdxWt@i?@Ib*4aNpc=bs zXOmImrj6loda)9opF>U{DR@rf+kn}#w@Z~~CUUiUD? z$mM4H=d=3&_RmPGz=H;IGRfBP+h#UD!6$|3K#D_q75C9SW|ymcnG@ug{=rXkE4{r6 zL!-yINurvOls9wQtR}OT`|FIwvogls*T*C5Z*ZmmPmPZ-!Y4Q{0s^wL1qOopug14C zwzgL@w{ryitMvb;y1(+fa6aH_JpKk|c=Vm;XzLOb%5Rlay5F>4Iky$+tJ_bqUpJM& zA&QBhl~SvSsv`ZEOgQW}<^Unm{1bm^3lzh83 z|IFN5z*o!ayx#P3@f^$hF;x$wGLw*d0r|EyP6nUO0(#6C%h$MLwiJ{vi~gEIyg-`J zPh8vVW8i*`FwOi{uB?Y*n{)-9eZ{UKwa8hOdFKy&4}IV|HN@$k_Ir2+D#0>tR+x*< zzo<3QkK%Pn3D1}av;kh~SZ{D$Bhihgr}E*Emd*hx&^^j2>+=H;aFGPHJjhiODfl(LhAWd^PA+E%ye z1>n~UcxWwbVd(){HMshr0_^)ojd_6Eu@+g>pXuJBji1YP=p1JHN{DmiAYcdw{0)O>&4`A3o`30}vx3dO3*);|VWzKZ>cxNQg0s zmHP7jXdj}4Slwl1622)knyFb;^+YhDCwI zK}*P&KTYFa&j%-$YL%kx70FnhEbf7vt4r z|63;o07t^=X(rMyIsKElorjzrxFip`?_q-uJz=y|fq5(rw;Nxy0s~N7U^N|J{^m8~o19(pEnYp)s%Q7rRkaZ%V*s+uaxoDI2B zjDr_GTZ*P?ewatb3qY=f#xW3>- z@TWd_w54|8)JXlTc`2=sQ^&4mU3s)Pi(#PUN}NmfV@O!Yy{xnAQAFv0;(psVz_`iW+DC=Ew5DcdV&~Xrb?_37eLfoy;qp}7`xjAlK1@FpTzW<=JQf=9y zOI&T!exaUjz(Nvu6fIW)UUtUXgdR9ks-u4~J? zrYHf*`e&@YzNSRwwpy0m0-lE(L9#oqdT91Wv}4+HQ?%nlq8JxGwr!;2!<{%6x*~q0 zqirfoTO%!6wN;zW;PQ-?s?M^8sx_MqS;?Y(xlCD)2Ez9a%Pczi&p&Q(%1Gww6 z3YrIX2yHQEhKBJ-H@(2B9IOUqOM!X z2Em^ci7ts0Ww#~udX9lucfTbYPP~71oi@gtne%r?y%t!Z$pQZ7R5YS^-k}aDpy-|b=#KgCmTQ5&Vpkj{F%8R_FcrM zhM2+3RW0ZprMy5lE_hX1$Tb%Wm;(oO*xpAOu{md!q)h}qM(~>x-eWD7D{dJvY5It5 z5iU-Q_}#@jq_70*o2Q~c+qNR}c4w1W(Q@y5qsew}v{@WD*CN6C9 zM=oTTTleNWggZ0(IBP0IErgjkg^)21U^fx4Mm&LaI(_ zg^EwGYDuee<*h;8u0Y7)N^bSxiiWJcYX)iE1@6j=cjuu$hC!(8P)lxE`wA=2_AhLd ztzSv|{r|w*SMsXcS2Uw-|AXV>4z(mQ)c(7qG(B7zoq=|TKbvCZST;O^SvItOHg*4@ zZJ#A>ilw4$id|;G$EU38r%uObI>W(dJqx=U%8W@x^zxD53xae>Vr(KBQ1%WHaLGNm z-q7aPKt5@86LmA;jWB8d1TXWA%26F>?kHV3=hKnN+#uf{X819&=%;9U5_lV=4ww1U zPa#LfUroNfP~muJ=~ui36W!(80q={qb7V`M=fG*PbO?sl1H~@DUf0E>OYPY}@jhyH z-zjcamw5UE=QOQzk+}XcJirXYncq@=nu)!K5&L==Tx{zNak%J4WtfhOTS{agf)xYS zgUBBj4kNN#Hp6qfcg{2Pq~G0VBFleQ1=_@=wX*zai2Fiw&EyV-x1MTl+tuI$;5y#7pl1_GfO!u#a_mI z%D@8NE#Zct+eI2;!z&gF7z{H@W*QWh22Bsv$vzxU6aAuiS(>?Kf_YK$A~N);jSKkzY^H-pUbXpF+HxyJH8#N_|TME(p-1F$s#tjqyxtQu{> zKL$eN1*t+w&eK{0-Qp$3u6-^}hInAY$Oz&b5N-VVbBMkeU!|XlbZRslICQ=rR`@fl zMJtKC?gRn9ZYlKJ*et16rVA|aM5p`XBqpJM-m^8_`M!Syud-SHdibJHz|#nj(93R& zB^bJ$aBk>-`H^h}5p12jVeW>=LgJf56!$d{ew>S(AE~)n>1OD%h;ylj zx1mB75XG4#za6*fG8C-fI^*^}wiyXBozkk6X;(JZmookrpF4UDVWS=^&vcZ(jWT^- zwup>vaOb)1H0D#p=*k0V5Vw-MfmQui$^?yInEG$%?a;cz#m}ze_nh&@Z&I8I;*I!8 zOT28u);y>B-+fX5wn;vHevXw7>5sXj8+DfY0};8rQD6IPmG_7c#gsGKyXSIK9mj2# z8?8HM`zrr;Vkq9#+6ab?6#sWJcjtHGKcX$mCJjZXayd755e?3X(DRIU{IemodHKYH zK;C7Uw6@f~$qzI*DyTtHsfpjLoK~wkxX4g-mjvO{4F2WsTQCmk-nvAT1)~C`?@4cm1eV{aEk0z}XWG+4y zzG@pY$t@mty#!WHW2Eqt*74IVns$f0V-@Ip?C&ZXqC!eKWJy!|98ntQ?>kXNMXf_1 zHNRAK>W_?Rr#s$0+9(Q7Ql%SiMhX%crCWMJEKSrsGgTZ)5+>Y+I_E4)FQpc+#(yzI zU=ESpZd5`R7pq#@?{>+f&5a?3-8C*DjsA!!{9C$#rsY8*H}0MS&xN(~%n3G}yUUS> zltWLI3Zrfpvt44M$Eeu0>MySK&&fri#ivNLuHp2qVNY(MbH9_S(W@6A8!tc#MpT|Z z)qVc*_~>&uaf~!04!`*05fFpU7vO8u zQVoa%=hOZ8<{(P~oCH`u|22PLBvZ+?A25uKVH6!QBt-i%LAk|_^$i#o5Y_M@t#xVl zN&4D@o!{^|3Mna=44d?1U^uvG5N5Zb&$&2g5^xGMw>%Z+GzAaePGnFG>@`f8e6<;W zs5Xl~5GTy5#btq{8_d+a&rSL!PLA->SGJwJv)@rGln4H1Ntx$ z8fcdI3{`wo$3mua#S+{5jUnJP^bB$0#^ex#Ap0TXDkeXjrR)+67y#@2!PW`BG2#o_ z3agPrPhususVgGaTWCmFjlDNRkO%2d@$(YhU+_5q3XW4DpkE}55!cN>oR$b-%9O1n zxxy;tr{q*%$b9HF3c58EMQOA*cJ)@pQTwG0CL(_LAY2@FD=!5{;W46<9?u@QS*+j8 z+I)f=e3wBTjg%qEZ293FPu62&$Tu_+{ zd73^W1_OWO*AQ*S=#Wx@?j`YktQGt&h9Z+zHHwA!50jk)vj}h#uwEv{%)hi1V}d>C zk-~aIUm57xI{A-kPi^4ngtLKHWW_s~o)Rs8XMN=0fJm^6uNY+S+v$ze^vE506{VGQ zqTxDQRhP?4P?P6Kv(H(#qXxhJw)Gous;iTZ9bH=56q2cFS~@^msD=E<$c4jQxDL&w zY*0s%@y6>5n+p-z+w|Gt?f6{%_H=i<-P>Az8lBvEUVRbhXUNogCg6E@Xr`hk93b7L zCplROO^*;CVu=92-3;C~xD!me8v}1Gw&#Rb=V?p~o{zV8j0x+Dgw0DkPNgo7_TeA( z0WOHkt@aUZOG`By1vqu}g}RA?_K@n!+K^W_vh?5aWDr$dkL7w$lh?nObnE19VTdJ1 zvg%wTcwc9hR55O3iVuM;O!}^&Y_A=LNb$*h5~+vG2_rCg@3EWxtE^ch1!xi7E?3bH|qwBs<4iHdtu`UEB>LA3W|r_!A52SLEm{m{w`m&~j@upS(Q& z{YC`ErpYEf@35SEF`VBi*QybDSHjBRF{XP6ZqM^a&~o7=()!OEF^HT9Mq=k8MVOV8 zH(MW|*608syP9)3OvaLk@0KBp)5^5)1RK zjvnzjA<<_mlmlaBf4c`Xp0T@?jXn>dBH%=4au=K4$MV!R2~yKnF;T0}<+D+z(&lg( zUJbWNQ(`mhqr=FnD#(?i9)$H%kg-6EC+GbzAyOo6%#%N?Gdo4`2-xEf!_^LHw=q~Z z-EYLEVc=*~lQpV6m z$ETIJMlFk;$GNLcuCPnZ`Fn#=95M{P)KvoF1X^5^V~V5p2xs;S1@m#7kXzI z+y~PiPDXJbhWCvp{K5t*U<3UFr>gpni<~-9kYI$KD&H?E?{73{qiW@;&`n&LV0xb( zv9pcRS2b00_)rQbmX|1JmRJJ2vsO_#x-w{dLn=V^rHi3OW$X$gx=mFML{v5(zyotX zNo6*rXI5@Rjj@5dRF{)r^K#T1;W z1gzhO@e`>LHhL+I6a6l*;YMi%5eVTh6xMPtNqTl*muJg017sZ1i>M79GMWlw^pn36 zFB+RIx(8cVM8;pS-^jzYA>fj^#Yx(7Y9hv3 zCPE>Z2BaoHku^g7rDS)u1@qOVrZ4Y7THD>dQg78v0-N>d{Z;Pl+h2iO10?)T6H!c3 zd`_171252Om;WegB^^QRrQ7u9ZWQaKjVkC=aJCPlql<@rwI61C-JwbRkemq)U4GGz zO;`TGs6KCTehYOGJPy#jrBaZfKuDx%;I#gF1$Qg6q%Jncn#-zzlpP0IPDqfK^vDop zsYDLvST@fJz56kA8b5b;jvxTdZ#~s=*FmM(iefz6?+JlGiImxKi%i@G2Y+1 zZ+~nkDB;BIibm8$+yD=DVLM27^w_9-ph-x1z;su$g<*lcdy1zc5vpv|1w?cChXeVD zxN`ySZ+HBBzk?-j#dndZDc39#ZB4Ie*{Ob`1SY16GGk)2?n~z9f`nB-Y&P06PkLE_ z(4b<`3YXEaFk1JmiTcV~&=aQMjUnm|vS4b})$ryxNDdY@+znt!Vsu~5Dj?F7&$A?U;nZ*FhX z&TW-Y|hZ^8(JxJzJ;8PQ4 zfffGzKk)})-b`2%ER<4Fu4G+$RNlshpMcYP1%9)*Pabab&~2A;9^6i`PLRW1We1H@ z+Q`~=)2yfI#@;bGrWIPa^*<1~Mn#`|E|-0h+plpVPHFaK07!PR(_V6U9ddTHENg`M zQ%N6XEM~oQQJ}nYh&%{G5C&>c@5cp{Twx;>%>?O-323s!xygUZflx-4c*7TJ5r20P zf-1$$D&&dX!hujaehdv1UvH7z6uH14AoxKw5|a@M%7ngcHYB_!4~Z1#V@hGCsU61P zF)?H{fQ&OHB!hAP{7;~U!5tnhlTtBKwwJ7(0>Fm&E<$x6QIdsxAk2^`=v8VU%!)rE$2(^Lxh`}e=2qaR6g4{n zz>)X4$xb#GEh$5|#|1sm9ya(>3eD3aurAf3i4o%9Ri(Jhy=ONvCS_C%O!IM{1{gV3 zH_Z6PZypq!48pNI!da9cP^fSL@CyWL zgdJC&C>Zb`NWNMHbcxR?pYnny8CAuH8~x}Ln`e-}%RV8jRu#s#N@ zg-dozw+-%AJfvw=>T@N_ri3gm=3Ow52a)!R0U`=GTC5DkH*Jq4ve6WTaodIq+Q z4U%m|e~p)(!f@9jx`SKK9Wv8KG-TEoWA@UPp-NFa!b0YtN%D2qrQqV;3GTnQM#GGC%+Mf6u4kRg%|@{y+cU#?v*>%z}Nd z5?hFGyAjayF?8b}+~A+;KFdco*`Xmou^ z-Tg_Y)~#i2MEG>p4zOweg{)TNcE1Owk+j5M2(fM;1*8^Qm0BQ$;t#riA$tg(c1fy5 z9t)l)=HoYI_RrmP6^xLqXVrajJdhSioE8gzn6#ELdfMXzq`}0+wQmjR3>KvIXNoR+ zk-Ej?5Se766B5Hj0ijewu6ZQh_ibUIQ2VItI_V|0qbx86V#6(K4k0a3=eFYpEwy zLe2SIDQFv2@@XI|(LOZuX}W~e8H5#CnB9H=Y!27JX{PO22>{m3|8pwf>W|n1>F0|a z6>s=BRu|UL0RLsAdh;ID2m8LX7!7#g*8k2Ag+>L4ZZ6mAzl^ko1Q@s9Sp%_?HtnaH z*Cw*lPPag^J(m^M?WCPcvkz)LjBEY$SNOa3*qNAC{s@d}oa@mlF3IjplUxg+kea+X zQ8B44L#))(eyH^JtX_#=Z_z-!za+4aEcmy~11_H~UL+CmF=Rmn-tV3sKhs23WG5XP zo#P{t0FQv=kF#ETAmmIB67GOXQ$Y1aO5L}m(Tn2*wDL!b7)$-9Whs{0&l`m3wPU;# z`rok-d4~e0jQr;%LP~HD6rXiMO1Y+_wK^?XNY-p!*?r_TWl{_3LL`tF_dNLtr`j!L z9z^(XXZEmR|HT1D<935Pr;?OJQ!ugaf1rPHAVi}01Ma^#fDJ3ovgYU$UUsHnq}lRJe<$|4~1qf2=Lh>@0B^5=*AU2R>+3?&9rdi{?CO&(^vIkh?ATim-IP* zgS{#h6pQh{Vhnv$qOlJTlr4!WL;1>;6ZodYJM9gsg%KzYs?`nEN9tZ0y0~O2ily!* zJ4KpURihm3rkLN=PtT$Y3b6;)L7fn-RRY%Gxj!cU+(IdNNxJOb2__)K)t5*%pmzrkWk7pggZu*i*^SPS<&M2zZ*PPt@p_~gDD1jL2mWDH9P$kG| zvVl{^PeKGKG$Cki<5RdP+rD1{Mk0dLJrx>I+jIo~=0qt*cuniycSIyld_0dP^-v`r z6M^!O8sii@dd2ybaI+yAo%0%p_FvD62LqU=VKhWywp0$`30+n4E!YZ7Vybspl z!HPkV530`wcs>X_wQb#PX+As{BOihAw;0`@0@U0?#98psqdS4YquP-Y`b+TwH>G@a z?kWaLy4LJ?u_>If-t$N3MeME7uRcY%|Rq8brTg|n9@Rrq*?sp}3*sFd? ztarJ0O=qj#^r}Ho0B}~W#{ac;GhcUKs^d@ud)DSEYrHk*@#*EQo3rFgs@im;wgGCo zTRQNZSx<;VH~(G%Slv2NyVF?VvLA9$!4cnjS`1~4qgJOw`K;$6&uyHS!dA}1j&(u& zkyJ+DviRVQQ2)PeROI-cD9|WZFpz1~2x}aM1LcP(9gag+{H?nrnAWT)Ll|Sp2RLsj z;%v&(F-BG46DA)pPg+kS^;WOENh+%=}W7MxPcM+;g zki6N^@c#Gl2<+`GA2OstF6tg-T5v;2)Oe_p-CY1A4Sj4?a|l|p>}U_G=P)-r0@Z6J zcMFNEY5g-PGxG4w z6e*f}qZqv3qWsja^T*3AK{R2DCb&PBRw4R>WF!hL9xC`T9y zzD>l}Bs%y#A|0#dN|ys3GZ-jgO2!1F3dDe-K8d0r)tO-7R1DMBbN1^>L0Gbbvv4Bo zM%LS;-au(qQS(4|=?vH-iH6)1e4%{9m9z26Dw@B%o5#fV3K=bfhpDns8_JE?9a89m z-jqZ_lxms+kY4E{1}32B_Br-EPwbaQ1CBR z$Wdk%;XQ`LW=mEa_P&UZF%Hf$IX2(H|4L#uz_HJl`6lj}qI$b=2WEuq1T@qPccXO$6z)TVtKm=uS$aWoqXh2L z^+1`*AwIWV<}qxzeY!0)>T9*5#j(6qM`N-X;DrCFJE_9jvgB4O3(<=zEGE_pOLSS| zL5ZTkLy-9)l)pVI2R;+!|8DPT23a(lwBcib!5F!dC|=$!x!es9sx zf`iNWP7!M{f+rJ6E095fk|Pu1LMMP3KP3s-po?p2SpB-2+6SFjv#?)pBDI>6{^5#t z>Xr}o>m)Q|5cZVfjU|t|PZt)GnVC!QNJdR#$C={uE8TbejloqeY|0NVN2}>=KzHGR z)P@nE_6`n&im`KVb;{RTm*bZbI)1NCTsG?&iHFxzCQXCgB%w{3g1gA7p#7nY?#l0b zcCvTLe1e3Y`pa%}QdhZ2pX(=|HN4;)0m`gCwFtGdf!JFIpJq}6*_T3jv@ENK za27tPy9gd}XO1+qWV1em<83B?iFGsx{4wYEz@Jp1Fp>nj z4jp1T`Agk8bGRLRaFl?5Y->Qt_o6qW=7K$7jAR7)Ivfibd_p3jDg$st=!7Rzua)Op zg1@y7NB=~iezb(;2J=4L_>ujd%8nfc?m@7>&EiDelM0W7#LdM2lJMd;w&h{DkGuTb z8(}o@aj)y@83|w{poRby4OixCw1;6SKOnWe90Xbk9&Y?(vbQ=nlhLl6&L0OyB-Gbw zL$cjV7Ih`Am8YL1fg$72BiV;*1S;4ScEtTbyhGYjsNfK9Tisjcn~nJc|NP**VD*7Z zAj%*z4(Z#D8znWnCiz+Ie>ZV_ESeFO$|ydrEvSu%Om_11_tuc(=014F{P1&)mw~cl zw`Ec97LRf5gpwzE;15P^%vW-c8Y%jK2hlh)1d6w0&$fCu67kn`ZX;hUrspz7L9^*b zmKRViRFWHKsazU?Le?Kk!oW=ZE;cej!(3$R%w(vs{B=zniNZN5-CFF9rJE~)Y!HuN zrv3m;x7grrF`=HEw!VG!=bCkiocOZietGK8rB7jmrL^WL^eiruCJ1tqoPBBLsO~7f zy22OpMO7N_y!4XjaaN~&!(N}_05T6rZSu8?OI@iC`(Mf-M}oYa!v`dMT#ojX4v9+> z%85wF^!Kc=d5r*#p(Sdkxb~_E&{>4%H+V)YGY$g-4Jk_psLt{iT(k)wY=9bnIbpd2 zs%~F=@KOM+vjxq(D}%$|O_lV^dLL1SdfsVrZh)P4bk1<32bkyX1MBJR-ypjDi^CHH z`9$_6M&$F68$(L(OF2ZRhb+4nUjdbE9u=C z16p3K!FJJ^e6q&NG(9+#L6Ctav;}cvVBWf5XK0}EMU1c-GLrp4V>s8DoKdH@AX*3QQORQO>LgzkTh+ehU7b@RY%xn}dNw((^)7@a1wpiIp_LPT~2Y0Wzp^qmon{KA281>Z;7=ZcMTsuPXj+fqnY3eiIE^zu$lib%nbW z7?%L|0!bMrabXUj1@nGgNA8e;J<1OVSP(Tie;IQc*YoFUU}nD={EJPD(~NBn_tw7z z7k zWve|JPCPrvj8XDT@!)J;ov!9T`Kna!=zu|!X|Yt??jDxop23J>RCvFPuid*H+d0YD zsZ>Y{m!|kqkEH$D$&wHc^2{%_ZjqK8ck!?ZHaui)8~zbY>KVvTWXn=6(Vm7_LI54& zC6|&vHxU&+BU?Oru7MeHp7vvHa+OsFrdMl2#i#ed6D zRR#W5GL5fG1#Sx?WctBvdBc&!_P1++ybLS-XyZuZeiYo)+l(Gg_+XBohRhOG#3~H< zyk^U3i$Tg~F;G#;yBh*6y@!lDT?}#@C>J-NEg!79s{C1gk=I8)uS;qb^tP%9M%cvK zJA|O`>uSOiK=u~HR#bXw^*l9P02BM+Rx12a!dL`5QbQcwuS{JaO#WoPRGq-E)@z`z zPpmNFWe58^84)Cwejx2WgW(~JpR+ZaX?j%l@cT64=GHec+2w~gi(Bz*CIt;$QJ@jq zDeKty>mik#jKpONWlUH7cSn7BQ!@9W-=2%b8W44X*7h>~(8ZF%dW2qiOo>96q^kJB z{b#nm`C4@?1avIf*;qdimMW@9DGTo_s%(%uiS&sqa|&N8mrMGZL>ip>PRJ?nPu_4826s#PaLaVmq^qH7IkU(Y6koAt0ibQ zW}ka2gS0@y+{@S%!Q9gXcblX}5i?d8pdPA2c-f&Js&A+#XwvTx*R5j-8#HvYJ79PeQ__+=PMfTfvd zL_~L5`THZkYI-0SY{|$PL#;^G=D?z*lC7(yVPS5=w1jn~p|FjoCQgUw&(r*CLt*}* zQVuE7`O%QDI@sM}He$_sr3Yru{6dOE)tXwTcUQ^jv_#8tO^aiZ_KwhJZTzfRe^m+0 zHo&+&#ZnA`@XN&*_TY`Mr~n-t;SdbA;u0?@nkPs$BO?!li~p0X{TyYF7-z_3&}R=oEm632pIqk`A>rJvnB$nqb%_ezbi>YR zhf+hgBlirjJg3RX(BVYo{ZxpCAts>Fvh1{;uD+mO+3akTUSs^#1h|Lz)o#?s65y%s zAnt>$>@O8TN9!G1i%V{WHYw=9`dnIvyI-w=Do7uCw71Bt77p3FY&gPcruYM$*;_)* z5Ai8gl16UeWg5#nLxQ9so`L$0Ws4cd+~MBaKw7?C=exiv!EWdrszJrEE4#M2fuf;f9lyLGaNhqKcVm7p1CEh%AUEHxt0wwVJDetb+>%9e6y{0d{s9S57oJK zC)$4SvrSrC?CvG$M_wz`e6#N7UhaOrP|>%vGIWG#<=FfFSe7l*%s-x&YKNa=uD;=XRIwkSkNb2nZWo{Xa@7jeYnv>< zGjIIJTai}=LsS1*e$)lMyIU=XR>!I;HQn|KwsU&@GdA@?HC>$=VV);@)vY0H8NDJJ z53^Np5*G1mC2OJN98It$?lwhHC)dXvE5@n@H^!V~j&owP-^M;q2@(XnDUkyPczO6#UM^{)LNMV7|;=azR_L5!|x&kD{# z?KYm>E%4BREFfv+`V$BS0AWE06%%d$!n7NK|wS^Rat zi6V-1b>}JgnFYJ@VovJQt0^2~I^>HwaRDE5V*k!PB5kX-471`|vR12^D$!L$^UJBN zWNFD=@=sSy!?v9h-bNRhe2s2@Y2LZJ3lll=+Q_nwOLYZ-xtLDp0*;%6OqslmOm=zJ zwq5I!vMD+vcmH8a+Yi2(b#xtXzJ90?PVK(*8m{8czJ|*M)Fp*1O@XF5RrwEsNk;d|iN*XAltH9N-3o`z14kN%rAbx(8k0=S1{@KiX2kT|w;A&)i&aAPC3uSCU9yD!x4=@3F6?;q11I zpWpL(UF$<;dYl3mJv&2ZP6gM`Lg9xV~3`>0lBiMb{bJ+ikd`vkJK zbSxrsBj*yUc)S)LfefvrDhIgHc5t6Q{l>D9 z4)!}MsujLz6;{*V4s{kfAr)7l&Y?b%17SIq#9F;HQq^_|P<-ubYANto>|X2-j2SY) zM{CfgPQ?j|AC@6&C$y(2?VBi{;f!8WF0ddEj`MIP2ZxFAxuFNm+F_SsfA0b}Ug=bS zMD?hz;cL&^{x*82_{;g(p;^%#)A#~icZDbdW=ul3y%@tR)?NRDPYv7R!W13f18|p? zkIJYA6KB%>fpothU#CVZqOp0o4jFI8Q#3T^m5&ZTc~_^uTjvMnkLv$S);UDNNOO57 zj1@%mdANRam|qciv!q2+s>JWDr5ao0eMi2tEK>EeIZLF<3s6(4WNVPF^KhvK@ijbX z_NfpGKaSm$PZVGxp82h$wzC*>Q26l0_odmW274z5Jr}K*9uVnf`a2yklBw}{K$6V`KPXG~qy(41 zS17wo%uJZa;4`ZWxqcn@y6PCFvS8NJX7i7E{i|Bq0nOga%eifm(`z6nv}$|JT*y-( z);Cv(M$h*5u!qUS|EuFXqv7DXJx=rzU9?f7hA~R?7RI9uG7=IkdWqhn^AK&c$!O7A z5F&aoMD$7Yi9QH}QKLogyq_FQ@Fh` z=Sa{A%-;CTvLkC+8R1t+#dQrA!S@<{Uwpes>l%e-$yC?WQubkbae-uFue?V}UxdDY zU&Ba}waoP#U>E;(Xi%|Fv8Lzy!f9>jZWy%|`Mr$10}j%gP7PrlAk-(Y|0nG2XhOyx zC#A&*n%5MdN3T(-SErZ>?t$Cn9R-pN!kn_zVp>&sKa71UNr+&eE!cJLOy3THua^GV z5Q+wvP>3@LPkN)~L{~E@ z%=TO|^yp-5ZrS6%$Qhixi@fM4IK>n{S9Q)J`YmrqYG8XATyV})+6e~*uac*HYIx~E zI4FS@&&XqurnGtJ?2V$0LL|@dIc~EQQ+3N^)_=Bel|7qu_U~H~0m>18Z4XA9S(Gkx z@_#?$sL@@=ma)PuR!A&lLwaHtA5DVup)4IHlt<_*^VVUd0U?3(i{InRaY@kGyh6|P zW3<18XEDT~gSPtK?LSQ>+NRjHRqOQeTG!JLvVD`x_)Y6NLxg!ufuk!uF?)q1yKJXs zG9CJBP0mY5gIvn^R8=ntL49IW|Ds7gWwGv|Xl-R1POl39 z+tbD0xPo$>%6o4DKV@a@ciL{gR`7y;`6hLtKilF6U0kM)~d3Xb&$xW`4JJN z^_9?`dt2oKy|WrQpl>PtE35fTTen6BgR_6p8>XAF8jUScKtg`4Mn};UyQII_Hd{|Y zVav8a!sLzP=c_H_b1ZltY}9HQCfI;q86%DKPHacBkT>)XAKTE!_#b3!Lok2R_UboC zQBCXQk?ev+gxHV5q~4hVZEI|Ah^`+sIr~OMzWN$@F=77<&G7y;4ZF&F^%36CCW}9c zoA@(atke?vfgO^Z8H;EN#ORl0^aS}OZ$98)w>ReDkeL`oM6FEk&G|t6E7=2)Z`Ax- zo7yW34B)K6V^;K``j?5QZhcHY=}XF~VHy z`5G^peg=05SO>aZQ`crCU+N}SMz^*_C$nW{z#aD~V(k5iRdON)1p_5{O>+oP8^*jw z8Pz?95~7kzs{?p*P}_V;FZi|Oi|h@$`#D^mkxOcz>_B6cxKd@B;?p+VAb`8Q=i`zs zRd_Jx){Xt8rf1-6Zw|-RL;bpIsea9S-aCAOkA1K(9Jqqpfvwb%c&veZtz!uhv5QrV+=Qwa3(bSv;%zD4p=KN(@( ze@ZnPQ7zpl65H8m?ukb+YV=Oe*SW!Uy_jT~y*2NdTfBQ+Pi5D$4Jp%&Az{BYzz!h# z;#D~|8vp#<1#57)xHaM8zn9dd%?YcbRi?*2Je1^hoUR+clC>jnniv^yGD_L0+INQi zzHH^!ukIIEaJeRAJQh*rU!QWr6t}9uEI+k3JViSPTm%>Liy2*JRUBjZ1GIHg^t0o0 z(MiYA@#f`y(H3SKjnO9O_JU2(CV}sNH**E?Jvdl!>U?cC?3nY!w=vvwZL?A8m@v4h z#D?T;eJZBSs;^We&?}UAmpgZvty`4IFuV zxz_>#Fgo=lC&F%o`D+r!3EQBEk$JQ|U(vy~;`j#|?LSU9JTkBz??+D$trdKPCReZb zVsLx+9c<>=N$}}|LN}@$i!Zx}a_-9MhuCY=*BW76WvJ1u$qy{iJx{&b1e2Li`^BU} zp=6Gcz>qj;dG(ducf1k2`MUiy+ET;_*A!&!C!Sqd!U2c9d+eZo4EC!rqEw=T&YKR6->aRSZ5pu89?S65h-$=`8A zac6X@y(PLvXeMJ3n(y6&&`dmX`pyP0vka<`{IG{2hWGTeJvg#=@Z1LVItqLKI7Jj4 z;3u})@HfA$fmM6FTT;Q@w|o~~pId`9N@7X+`oDv|23%bT+WHUt=!Jw^{MHa9z& zM%ah?QEA3V$>&=C;5*?K=>JY(!SP4L;*=oRD&x_eS2zCZaHOPErrb~oN}mu=lnh-v zyx$~5+1Svr9-hj@>Rofihlt{j;?N4{F^tdnO09x~(_C->(IYcYMmfs~Eay5kK%(-o zK8URmxm;SN9#;B2H!}1lHd3{sqA|Pp#nP=$&M&BU4wR@jDk&NH#&LI;DKPD1ApP57 z4#yF!skS0`{nV$1$9XT%^2JOg7lFcplro|ymQLwgSKn^>;A%+`XxJ@NPn1u8Q!j*& z_EE&-Oxe&8A>iuxtLBA_w||=IyKn97f5k}ES&^h)RmRPh4E)67euPNhCN@Pkj6o5M~8#wu@TviJ8W;0di5k-R5EzyAz19 z7#YL2m9Pi14AyYcaU0t5x^gr`Z20*yGuh4&UPN_oK>ArEeX;?I=tEMp!B;VBHn#_IjTJBn@n zhCV*CvjrYU@#QM;`uPgAymvSkBz&w@>W8O~*TL92x+9GbZg#Wm7i(c}tzn^t6P7aZ z^GK;O?MiJGoT{IYJ{!wxlh=B+VfLNJEwh9X8q!kADI2XmD=q1(J{}Sbn@)0PNMyA@ zJ|EP#AKa<|Q3&PnNa`jT!!hGh@;H&TLWa_l@1?yXV>!k(qcD3kuzj^^`HAmxO+<02 zNkf_ru~df|`%__BKWa5U>W2CnNP^C9X3r{kX#LoJ?08zTle8a9&ujDkMXn*2s-9Lp z!l1{}JGe*)PhLhujLh|8UAso?UE4#?9i+YE@EimhH-vY**%yRB+SInl6=M!TBZ)UuHr1WUJb}uov*x{OPT!k zUw##Zf~|5LGDcQ%5mKQEkSoOU^`Ja6ka_wD5{QV z7KB75_GM!Eej_nr$XF@Wg_5vC+|t#@h;!W4$J^8J8&InqR>BbPI&O4=ANQdbEW^fs zV~N7;{cI%Lr@}0}^a?2In3!;pxPa)TYaD~5CfTO%;*JUVyAleo@S_Hi;V3fws2nZ| zk5U67F&{Xo_n#JxSc>;xDY0GG4f__jnlr04K+w7qTxGq|X+C?x>w%TXIqW+6tl;Op zd$8UKI~*|>!oIR^sCszThh8QKTl7D4)=_i|ZF#l_S2jOmW#SHN^2*$6bK!Q@kHZyP zg=_qZ?!?!1$naIK?E4`nOP-e-w)n9xz*hBC>D)Hc%9A`rz0OqCf*ZTY^Ua;GMo9(e z0Hj1f-`@G3c?fdbKyrfDzWTLp2MRv>eWpk<^IG`1M_N(|2+&%}hd3>jr|Gsgo2oAr z3dQZq(*iTCvHj*oxWOg3ue54%m3EH}ZjL~Cbcqm1T8a)7pC=GzQ#t0yH>1B}q@ZlE z$>M_Zk=*;FLve>5f8%H|h^vn9fpXcBNX>CwnY>yfGRJ5a{8#Ms(#IP$bRuxo!~NlOQmXlQ~oiA zKAQVQw_@a5tZ=0_A*ZIsP1DvS3Gq;PPWz`j3sKP(rpD~m+a9~tgXi!afi7QQ`sVBl z-RYF9Y9+F=tqR@gW}DXhA>V6lv3V`~);h-VB)c-Ur;(cukH&|qGTr$l=R@dpo1bO5 zyP0A>W?7|njJE;#j{D%6$=_y3?8PzVw6KUePE?WntRMgO1ZUuUv(MF0Q* literal 0 HcmV?d00001 diff --git a/Solutions/Azure Web Application Firewall (WAF)/Package/mainTemplate.json b/Solutions/Azure Web Application Firewall (WAF)/Package/mainTemplate.json index 738f87afbd9..ea0beb32e49 100644 --- a/Solutions/Azure Web Application Firewall (WAF)/Package/mainTemplate.json +++ b/Solutions/Azure Web Application Firewall (WAF)/Package/mainTemplate.json @@ -65,7 +65,7 @@ "email": "support@microsoft.com", "_email": "[variables('email')]", "_solutionName": "Azure Web Application Firewall (WAF)", - "_solutionVersion": "3.0.1", + "_solutionVersion": "3.0.2", "solutionId": "azuresentinel.azure-sentinel-solution-azurewebapplicationfirewal", "_solutionId": "[variables('solutionId')]", "uiConfigId1": "WAF", @@ -184,7 +184,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "Azure Web Application Firewall (WAF) data connector with template version 3.0.1", + "description": "Azure Web Application Firewall (WAF) data connector with template version 3.0.2", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('dataConnectorVersion1')]", @@ -383,7 +383,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "MaliciousWAFSessions_AnalyticalRules Analytics Rule with template version 3.0.1", + "description": "MaliciousWAFSessions_AnalyticalRules Analytics Rule with template version 3.0.2", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('analyticRuleObject1').analyticRuleVersion1]", @@ -487,7 +487,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "AFD-Premium-WAF-SQLiDetection_AnalyticalRules Analytics Rule with template version 3.0.1", + "description": "AFD-Premium-WAF-SQLiDetection_AnalyticalRules Analytics Rule with template version 3.0.2", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('analyticRuleObject2').analyticRuleVersion2]", @@ -606,7 +606,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "AFD-Premium-WAF-XSSDetection_AnalyticalRules Analytics Rule with template version 3.0.1", + "description": "AFD-Premium-WAF-XSSDetection_AnalyticalRules Analytics Rule with template version 3.0.2", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('analyticRuleObject3').analyticRuleVersion3]", @@ -722,7 +722,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "AFD-WAF-Code-Injection_AnalyticalRules Analytics Rule with template version 3.0.1", + "description": "AFD-WAF-Code-Injection_AnalyticalRules Analytics Rule with template version 3.0.2", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('analyticRuleObject4').analyticRuleVersion4]", @@ -840,7 +840,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "AFD-WAF-Path-Traversal-Attack_AnalyticalRules Analytics Rule with template version 3.0.1", + "description": "AFD-WAF-Path-Traversal-Attack_AnalyticalRules Analytics Rule with template version 3.0.2", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('analyticRuleObject5').analyticRuleVersion5]", @@ -960,7 +960,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "App-GW-WAF-Code-Injection_AnalyticalRules Analytics Rule with template version 3.0.1", + "description": "App-GW-WAF-Code-Injection_AnalyticalRules Analytics Rule with template version 3.0.2", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('analyticRuleObject6').analyticRuleVersion6]", @@ -1078,7 +1078,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "App-GW-WAF-Path-Traversal-Attack_AnalyticalRules Analytics Rule with template version 3.0.1", + "description": "App-GW-WAF-Path-Traversal-Attack_AnalyticalRules Analytics Rule with template version 3.0.2", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('analyticRuleObject7').analyticRuleVersion7]", @@ -1198,7 +1198,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "App-GW-WAF-Scanner-detection_AnalyticalRules Analytics Rule with template version 3.0.1", + "description": "App-GW-WAF-Scanner-detection_AnalyticalRules Analytics Rule with template version 3.0.2", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('analyticRuleObject8').analyticRuleVersion8]", @@ -1319,7 +1319,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "App-GW-WAF-SQLiDetection_AnalyticalRules Analytics Rule with template version 3.0.1", + "description": "App-GW-WAF-SQLiDetection_AnalyticalRules Analytics Rule with template version 3.0.2", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('analyticRuleObject9').analyticRuleVersion9]", @@ -1336,7 +1336,7 @@ "description": "Identifies a match for a SQL Injection attack in the App Gateway WAF logs. The threshold value in the query can be changed as per your infrastructure's requirements.\nReferences: https://owasp.org/Top10/A03_2021-Injection/", "displayName": "App Gateway WAF - SQLi Detection", "enabled": false, - "query": "let Threshold = 3; \nAzureDiagnostics\n| where Category == \"ApplicationGatewayFirewallLog\"\n| where action_s == \"Matched\"\n| where Message has \"SQL Injection\"\n| project transactionId_g, hostname_s, requestUri_s, TimeGenerated, clientIp_s, Message, details_message_s, details_data_s\n| join kind = inner(\nAzureDiagnostics\n| where Category == \"ApplicationGatewayFirewallLog\"\n| where action_s == \"Blocked\") on transactionId_g\n| extend Uri = strcat(hostname_s,requestUri_s)\n| summarize StartTime = min(TimeGenerated), EndTime = max(TimeGenerated), TransactionID = make_set(transactionId_g,100), Message = make_set(Message,100), Detail_Message = make_set(details_message_s,100), Detail_Data = make_set(details_data_s,100), Total_TransactionId = dcount(transactionId_g) by clientIp_s, Uri, action_s\n| where Total_TransactionId >= Threshold\n", + "query": "let Threshold = 3; \nAzureDiagnostics\n| where Category == \"ApplicationGatewayFirewallLog\"\n| where action_s == \"Matched\"\n| where Message has \"SQL Injection\"\n| extend transactionId_g = tostring(parse_json(AdditionalFields).transactionId_g)\n| extend hostname_s = tostring(parse_json(AdditionalFields).hostname_s)\n| project transactionId_g, hostname_s, requestUri_s, TimeGenerated, clientIp_s, Message\n| join kind = inner(\nAzureDiagnostics\n| where Category == \"ApplicationGatewayFirewallLog\"\n| where action_s == \"Blocked\"\n| extend transactionId_g = tostring(parse_json(AdditionalFields).transactionId_g)) on transactionId_g\n| extend Uri = strcat(hostname_s,requestUri_s)\n| summarize StartTime = min(TimeGenerated), EndTime = max(TimeGenerated), TransactionID = make_set(transactionId_g,100), Message = make_set(Message,100), Total_TransactionId = dcount(transactionId_g) by clientIp_s, Uri, action_s\n| where Total_TransactionId >= Threshold\n", "queryFrequency": "PT6H", "queryPeriod": "PT6H", "severity": "High", @@ -1438,7 +1438,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "App-GW-WAF-XSSDetection_AnalyticalRules Analytics Rule with template version 3.0.1", + "description": "App-GW-WAF-XSSDetection_AnalyticalRules Analytics Rule with template version 3.0.2", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('analyticRuleObject10').analyticRuleVersion10]", @@ -1455,7 +1455,7 @@ "description": "Identifies a match for an XSS attack in the App Gateway WAF logs. The threshold value in the query can be changed as per your infrastructure's requirements.\n References: https://owasp.org/www-project-top-ten/2017/A7_2017-Cross-Site_Scripting_(XSS)", "displayName": "App Gateway WAF - XSS Detection", "enabled": false, - "query": "let Threshold = 3; \nAzureDiagnostics\n| where Category == \"ApplicationGatewayFirewallLog\"\n| where action_s == \"Matched\"\n| where Message has \"XSS\"\n| project transactionId_g, hostname_s, requestUri_s, TimeGenerated, clientIp_s, Message, details_message_s, details_data_s\n| join kind = inner(\nAzureDiagnostics\n| where Category == \"ApplicationGatewayFirewallLog\"\n| where action_s == \"Blocked\") on transactionId_g\n| extend Uri = strcat(hostname_s,requestUri_s)\n| summarize StartTime = min(TimeGenerated), EndTime = max(TimeGenerated), TransactionID = make_set(transactionId_g,100), Message = make_set(Message,100), Detail_Message = make_set(details_message_s,100), Detail_Data = make_set(details_data_s,100), Total_TransactionId = dcount(transactionId_g) by clientIp_s, Uri, action_s\n| where Total_TransactionId >= Threshold\n", + "query": "let Threshold = 3; \nAzureDiagnostics\n| where Category == \"ApplicationGatewayFirewallLog\"\n| where action_s == \"Matched\"\n| where Message has \"XSS\"\n| extend transactionId_g = tostring(parse_json(AdditionalFields).transactionId_g)\n| extend hostname_s = tostring(parse_json(AdditionalFields).hostname_s)\n| project transactionId_g, hostname_s, requestUri_s, TimeGenerated, clientIp_s, Message\n| join kind = inner(\nAzureDiagnostics\n| where Category == \"ApplicationGatewayFirewallLog\"\n| where action_s == \"Blocked\"\n| extend transactionId_g = tostring(parse_json(AdditionalFields).transactionId_g)) on transactionId_g\n| extend Uri = strcat(hostname_s,requestUri_s)\n| summarize StartTime = min(TimeGenerated), EndTime = max(TimeGenerated), TransactionID = make_set(transactionId_g,100), Message = make_set(Message,100), Total_TransactionId = dcount(transactionId_g) by clientIp_s, Uri, action_s\n| where Total_TransactionId >= Threshold\n", "queryFrequency": "PT6H", "queryPeriod": "PT6H", "severity": "High", @@ -1554,7 +1554,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "WebApplicationFirewallFirewallEvents Workbook with template version 3.0.1", + "description": "WebApplicationFirewallFirewallEvents Workbook with template version 3.0.2", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('workbookVersion1')]", @@ -1642,7 +1642,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "WebApplicationFirewallGatewayAccessEvents Workbook with template version 3.0.1", + "description": "WebApplicationFirewallGatewayAccessEvents Workbook with template version 3.0.2", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('workbookVersion2')]", @@ -1730,7 +1730,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "WebApplicationFirewallOverview Workbook with template version 3.0.1", + "description": "WebApplicationFirewallOverview Workbook with template version 3.0.2", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('workbookVersion3')]", @@ -1818,7 +1818,7 @@ "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]" ], "properties": { - "description": "WebApplicationFirewallWAFTypeEvents Workbook with template version 3.0.1", + "description": "WebApplicationFirewallWAFTypeEvents Workbook with template version 3.0.2", "mainTemplate": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "[variables('workbookVersion4')]", @@ -1902,7 +1902,7 @@ "apiVersion": "2023-04-01-preview", "location": "[parameters('workspace-location')]", "properties": { - "version": "3.0.1", + "version": "3.0.2", "kind": "Solution", "contentSchemaVersion": "3.0.0", "displayName": "Azure Web Application Firewall (WAF)", From 0ff5db5c5ea90fa04a3d7aee341f4b22bbf62e92 Mon Sep 17 00:00:00 2001 From: "v-visodadasi@microsoft.com" Date: Thu, 6 Feb 2025 18:26:34 +0530 Subject: [PATCH 2/4] Version Updated --- .../Analytic Rules/App-GW-WAF-SQLiDetection.yaml | 2 +- .../Analytic Rules/App-GW-WAF-XSSDetection.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Solutions/Azure Web Application Firewall (WAF)/Analytic Rules/App-GW-WAF-SQLiDetection.yaml b/Solutions/Azure Web Application Firewall (WAF)/Analytic Rules/App-GW-WAF-SQLiDetection.yaml index 7a51a79dc01..e8845bb1c66 100644 --- a/Solutions/Azure Web Application Firewall (WAF)/Analytic Rules/App-GW-WAF-SQLiDetection.yaml +++ b/Solutions/Azure Web Application Firewall (WAF)/Analytic Rules/App-GW-WAF-SQLiDetection.yaml @@ -52,5 +52,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: clientIp_s -version: 1.0.0 +version: 1.0.1 kind: Scheduled diff --git a/Solutions/Azure Web Application Firewall (WAF)/Analytic Rules/App-GW-WAF-XSSDetection.yaml b/Solutions/Azure Web Application Firewall (WAF)/Analytic Rules/App-GW-WAF-XSSDetection.yaml index 1265f869162..8dca6e11779 100644 --- a/Solutions/Azure Web Application Firewall (WAF)/Analytic Rules/App-GW-WAF-XSSDetection.yaml +++ b/Solutions/Azure Web Application Firewall (WAF)/Analytic Rules/App-GW-WAF-XSSDetection.yaml @@ -49,5 +49,5 @@ entityMappings: fieldMappings: - identifier: Address columnName: clientIp_s -version: 1.0.0 +version: 1.0.1 kind: Scheduled From 76226fd4df072ca5c9a436385ec03452a8055594 Mon Sep 17 00:00:00 2001 From: "v-visodadasi@microsoft.com" Date: Thu, 6 Feb 2025 18:35:08 +0530 Subject: [PATCH 3/4] Version Updated --- .../Package/3.0.2.zip | Bin 20350 -> 20344 bytes .../Package/createUiDefinition.json | 2 +- .../Package/mainTemplate.json | 8 ++++---- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/Solutions/Azure Web Application Firewall (WAF)/Package/3.0.2.zip b/Solutions/Azure Web Application Firewall (WAF)/Package/3.0.2.zip index d7c1c6014a615641f3246781807936bc177fbaad..760d1a7f182d4a1c28971e666d370b06f69c7c06 100644 GIT binary patch delta 4650 zcmV+_64mYgo&ort0UJ^f7(&) zI+q!zms)Pz8{6Z7$Q6ki1Q-C6;`TCg&vK7;Pja*1he%7d<5ZUI-am;&fQ#M5Z$Ge0 z{Ql(^0N!6s5M#o;ZSZ1iQ?uRcs_31$t_pXf0GHz-zEO9e@4l_cpbM^%w#A~(^_wMpp{V*>kl368iiu=6t&?> z(&WZs#c;|rOVFY=-ZuPBj{v+t$qA3<4*)!Fj`(j(hu$_!m@wF>M#jwWp!T+V7@`R@ zPi?XC-*^&%(ZS1;N;{g({D|8)8)pV}prj=Yk#3wM`M=!}O3NjRUc!t;f89G$`h2X^ zx#_)5ScImxuOel7Gd4LBDpJ0gMkn5khc9fVHYq)I6jwZCV?B1)p=y+%uh_u6g-tO88w3%i^}QW?twc!O5+z`#VSq_NH`W^u+YIj`PjUU1k~VC@C?pN*hAdRtGjWE1=SoXY^z!nYbV>4l;rH#6HnD-bbb-B%~NN zR+(M0*uus*Pg3qqe;fVo;lwV?{yxl<@?*kt3n5!cKcz|&|{rUQJd)s%<1 z`#7%8fVy+~M~d2M+PtZ}VXs=bzUoykGVxj(vSZVmDSd8I7NF^+HNpXy2^yg0kxp61T71hWtRuYf1C3#MCT>{&O@@Ll1K+; z2oYM~Hb*RZ7oj3x1(FO@s%UUmXNe*JH+(Fx^xRjlUT)|st+I51e`i@geBj1%NrA!Y ztWK!>v-qPVJdX_(H0nV@vV^$uBDDL%qe_%ISN0-xQ|8-J!P+0{WSH_DC9PJX`Ib`R zkdqYNA$g?J#;D+gpNH;>jv(*QQw{*mV!Yj%dfBgc~a&ojr3HZ`gmiZRBJOpA3D!yDQ z^(o1h5C2pd1WdY+^hxPjkQu8I7qZ-vfO1Xq(Y8Lrg{BH8>+zgNyR%IVO%m<9Ta*6@h(yBmXt3O{&=0T=RZzA zJ@70fbInk)IBc@W`W=l~a5N<|Ez_o>Sd1cd$FhiVNH@zRBKgsZv}&EOR$oA%L>^(Cr7oVjZgLOC zGHoF<*uLW!D* zN^PJfH#=yDvYVm5Uc5cKAG{TZ-QnKK0r%|BlbHu^AYnVW^{KaN0xUoEmffb+oO+io z_6JYB%Q?L5skh?nA(JQw9Dm_acCO7o{ZTeVOLZz6leSGauT_3`bm%9+84q8+RoXJq ztt35jPVB7yeZ}gJzNPwCdGsAZs_4@S&V;xC%1i_2rOBrkjVPEg1NZ@hjOs3oYBa{R zRdDQ_IqH=KzDmM-3w*n7-wk9^jg8frt2Nz_0lwtXsBCeV1MR5qaf2g8tzpm zPc8$MkWCl5bxp@WC28ggt~A~C<6w+-hA68StNCR2P3DGs^U=I5WpK_%%jsllMw!dZ z4jgqVrtzTdpU5G^Jc^4&T{p*-{24@iin4z4kRim%SlTKGoIj(9W!U3#ipKINS5Of@ ziM6t{@0w=?R~-m57k@*YXXBCN6CN;W#YN7I%#tx`qOw$c1{0h$l^|49bZmzC1} zy!^7ew!5<$MNr1CTfc0YW>s4YgP2tti zdVJ#7kJBfThKj2D!^Pu$`o`yXg~#={$LEjJJw6Ip-lv;wB3bKz@$WdhsT>2 z4-c26(0}u)4E1GzMO3_cd?Ov0< zlMkdIwAH^;4Bl-iXsiDyYC-FV-UBWIE$g*kx_Y8An`X`HJo5`q-P$!j?|8zsv8~U% z)x%^+cX2-VW={v-XH1y#4R@6aWAK2mtewMq1JwJQ&Qg_X}MHKxWs4S<#U`s%d(w zu5`QOn$l?3h%%~+1-ieI;2Z zSfvYO*8xI}rR@2u_WE`9__g--_4oAqm8;}qA(ww^AeOs8DmP!d(vivZWo;!Axebz- z2|+B7!vZBeTJ;|L|o@^_ayzp6QZ~G$_GnBmkXEiTwKQAV}okcS~%CoXMN%T%g)e?ZpH=- zy(3+w0Dr$Im+{q-=UK@f$BR5ZT{C0~ScWsN_7#WuKmFS3?nl+>5 z1lfcIemQ7#2eys*0&EkkI9o!{h`6_en0`gSJXkNnojX1Y-cnQ8C;Wcw{|ppvoc@A^ zG+#36{0vt<7?{UsN+(m%C{vD@0SBWAy&)#j3`$HF^)6VuQ_FGL)hZe`42KmQFKmBz zN^C^U8{)Wh!UxD2`<%0*A?p@)yVjVY@tikf1+?6np-d#DK?BdiB~X>iJ?Nb*g@nQ(H6ido?x(8A)K+eh-D7h6yAs7W9>SY?ZOh_&Ag$5u%lJPyzI@r zzr#FWM}x{tbJ3C5%f%PyyV&L$s%_m4Z>gzUw?i>rVMVthf7}YHs=GBw z%~0?k7BvxUljsOh()`?6(;kZWzFb)P;XWD^yLAEBNZzAdW^P(W=0&L#G^?A5uw4BE+v3L#I42%g8dl zK2_vaWI|~RhPP8E%gez*f_Six%X#7)S~i_f6C0O&?fzubYwAvq?TI58Fcvd&NXO(G zbzEnEP+C@DP^zFoX;3OxIB~w(i*J)mE?mSX5Spf(m{23e3xj`4Mr00(COg8X_Qza%zR) z&sh6POuf&BPOcsv%n$*HG#_H~E_uyJSlz@7*konnvYNDF{*?R`rR6Y5XFN)xb?90) z!Nz_f!O#wtL=t~=?-UNaJxmx^6q{H!?6@h5a^iSq8#30_O7f6YlDb_9$w5UH-%65f zR;1}LNOa=kD%BYicvEA#)kXC*z2pU3$d?s!$PIy$Av-S;oh}mn0GU^T%}3*OAsi5Z z>Q(jERpsBURuo;EPA0_WW)Xht=`S|HF0rqsIC&sMm8*ZLO`NG^0C_dBBW!jtRrm%| z1G`8(-GsOu$F%~AlGd?K}rsRS~sipR# z)H5lZAGoxavJxfQl;7B)bl_fQ%DKVHKEquuzl`9X`xF}_ngXa{>s)4>UTV29`4c~3l0}%Hv_AVa)942(DaK5%?{E2oZmMz0an{?>$SnT&b{8jHa?6$U z-(|w`4~hS?e^K&JUdOE!GZ_lhwAMQwXl2yI`a?&%MxmHIMQyl}G`X=@F`P2Z611p| zw++A1BLFW@a>Aqe0|1YkBmOJXp|=eaCJc6}kuftosJ-nThG+uKQ(LV37oJ35bnyD5 z(vD^`KjJpd#+gAKC}~MUq#Gwm{%?1L(sGHSmoQ^dfA@}*J|8P}ZhCJM7NP0wt4NvN zj7`pjij;4r(TO+Xp^aakcrU+7Kc09HBadQR{r>hup2*G3@0G>v%}sbOkQoGx6VzZ8 z*cf4=gitdsBN*dEX#_5fWkS#s8aGO0B-%C*t^fY}KXBl5+8Bi61I%gDQs%T(N}fx7 zwWwAjf0pu&3SuUo^lZ>S!tt{~f0(9%2aJZE4f=arXqrHRWOMK91`%pzfUhk)n2* zHt#BL*sE5quX@#sOuUtb?AY{XN}rpQ1!#I{xq6QY)YfVC8fpy^Zg;Mkyssi2xS10| zl~x=KrN^%LCZpB+2sN9f95<4(Rs%IBzu!&4BWj1yz21*9Zw(7>&YWqCwY}Bmbwg&W9mhx_q zA-o>+2mNmURky#j(LVK-?QZ9~e_fp2aszi%k|^o#YL)J)nQY7!Y>a}YFGoWvSb(t- zVV?Yq-2MQonZb1^2(?N>3U)It1PI!9B}EMqHAI*@Lc&x!@pn0zE(Phvq_JQj9&+orxppQB7q=E7-DQWqoU^U2#gBF& z-dt%PhxpO{O{m~};T7eKe|`aKIXPOR1bpc#%Y2Jm9s;oi6<;oux=r%s!#`C90h2By z-6~xRGGkTZLY7;UOG?d_W^R=Y`Y@bW)K_KP9pZe#BU+sjG?Z*C$Z*NNn}UrmYI%H= z@sP=YQcuWJka;pmnY-Tzpf#U&8M?RK?ylhSd~n~}O^YlWsDpnYe=#hWB(*q|?NE&Fe?nPzANTS^Y)8bfQ&``I`z<za;% zO47^~Txq)N$H5rw3{h4uR`bd3o6HUO=A(IA%HW)jmea}9j53#*9XRS#Oyfb@KaoR- zc@!6mx^9ju`7?<46lMM7Aw!6jv9whXIDbYH%dp4g6piIkuAm}*5^H5?-!;z)t~wBA zE`NqP&&DIkCp=)%ii?~ZnI&V?L}jV?3??{hDnY2I=-3t?uFR1<&Md@iijXp6kd&9( zHd27rDvRQhSD(Ipp|pe)wWC6GIg4|#A$@X%w5!bKZ4yU=WVJDu=LWa|R=zvQ1XUVs zW*{Ik?l>2#OoYT5qsAPqu3*A*YAB~%D}U*}0$WecTw2;Hs}Qvm?!Cr@XNf~V7e+tq zbI2`g8G+yHEgr7e@HQmZIdP|XNSF=c!g@wO?8966a{-Z}3{~`uuTT>~I7c7_9YcNW z!XS(He#ww3;7k&Tf|$vO+_9nWtn%cX%ZX;WNn{!~sGi`utxmcAi9Dc>txyJNwtt}v ziE747>MI@f4pq9!w-}`np!7U5m0e=x@F34PTzo|J@xrPIgD!;@K$w#zjVFt)E7t_Ii=J%5uYSZ?}M^ zi#wI^tsI*#9-pslN(^I0QM!rMQhz-U?IQ`Bfl880a(mG$N((&_;B3BSYX#v~_X5KA z%*Jr28GZZ31Pq;^E63tjj}MEN1b=#1BmvGU0oIGfuUCo1G=(=u>+y+SKTV%V8Y-&p zj~9;*=^J0(7arH+9$!99_xL1W`H*h%)v94x({>j|0h1E-JsxjfJw9BPLVwSzGSrs= z7E$r)>7n#PCa5Qye{68(grhUgp;E%E7pvdgFIMljF7(aQstY|fOg@r=&{qFmF?heF zpsoIss0FPbdXKmWw5->D>FSBfY??K%^UN`); zC1b*rZ@8;DZu~kijMSAP19R-rQ03Xlt#No zlu>omRj@X~jdp$1YBw6GBHYbk70%Fpb`kDA)+(Hdi#0^J`vg|uEIdgftY#FmlM>?v zf61LNhZV#l@Y|{dq@+`4Zs5C3641yEh4He~4#ymfqWz}Z5?FU3Ov!eX3pf_v_BR5> zp5Qj04xB9~l?YXBjNYYUTrW?z*nUM=sY`65L!{^qD|Ch}bcOYGgwVc{tP`x#1+wb^ zp~h17{8fAXI(z(Dd;9u(`u)mP^0AQ1e>D)xT_Ba4uU+ZLWcsqU5{cXfNz8;G7RX_N z9Oi)>u0Raq#+MD?p|z30og#v(?MvISxD4^z1=6=`eiD(q2So6~$J59nn2sBy`}Ay# z6Fh%>V707lhyy%Z`~Nm0l5FRHY4-hP^DiS(o^HZljf^it#9tl~{$ddD7ma*>f5|>W zR(m3@bGUnw{^1GH+k54MrJ>7(%Xls>*KRNae!rK=tVbU1BTv_E>nQN zUzE%EYRU7gWRK%T9-pomG6gKdnOE|jlK&u+hk0F5Ys>L&-&CSaiM}wB4-VUUim$}0 zBa`5ia5Kchv_|}dPxMt54=i*Re?;NF6h3jp_5|m3FmH?uOZ!T6L`}__QFDT9!UDe> zG`a)Z#(V*`309mfA!tP0TS82~qF)}Y7vatwp9OEJDeMz|KlXnH3O7!F!9toZ8FhY! zD<2HZV>G3csc4ibN6dhO(S+U*6KMt|ri*$Ptlg>Qxa?{b4I75T3XT`He>){MqUH^8 zTsq+cWQ~2!+0l@73%g#gDo9@t_kiAl#)!=`K8@!pt=*@)OcC6RrM#^g3U2+W?s znwa4`G$Lr`EoSVtpeeo~?4lq7gQv4^47UeOZEG=^dVK|R6ajM*4AhCG6MvyaIvG=w zz*ogCE6!=Ki*=^d{OZ6Je=^vsJ6;&bak0B_5ZpJ!I_I1kM&n2Zz~#+}3~n8(CWpBHsw_i>THUMc)zk*d>JHELn()V7o&C4LUN==$BFN?JXKJD&R99zj2WC`* z9GIR88Pe{Ao+hzX4oZ3&z=hC*K;hhb-#fYd*#CHTb@1Wc)%C~A-}cz|KEW=TSoR${ z`fs!+Egr%m;4LBNf7XPThegCPhinS(!|<_o9m{rMiSTCL&_USIDq>#t=HB079Za$Y8IBlyE(DO`#N@s3+HAi_z#Pk z2)0Rdgs5o}d!L^@;<5}+v&*wwdWD?wL>Ru5?o)@K?LkokjAP*pb@tKa2TX>gNnQ5a zj14yoU_|Odf1?$uCdn0ib!-qvBa&!U;Mbv34$Tj#q$CmI*NdT39++ihnO>hNaw{^S zv<1W4sgvd9;2=Rf*vI8OaSkn;PN<2EOTKo0vgtK-r^oih5eyiMnK`6m@{KyKvp*;; zt1u{4(4aIZl`EV$U+u-WNhTLA;u8o>Q%+2%5#xoyeZoEK2mSl*o5fx0|^ZgkVQGQ!tiITeI=&e zXG14f4-aOD07RM(v3ZxgW+bd`Vg_uovT<2WS}}i0{)*Can4~ivCDA%`Et_CtKapT) z2TLLef4X-H2i_hgj4O&wEE{&*ltnplJhKfM>uM!=NGeI)u7u>EB8zV&Nj59ebQmN$ z@o|;vj0wD{G2QB-dYWGHf-U6BiaF$lz{!xE7l}?6iGG00tH9=?ak>x=2tf6!`s=Fl z?^Y{{u1zNsVsosNu&ou zN^PQtykk=1LQ>rG1Aw0UrGzf8TR-+B!JL`m1fLiSli(Sj6bDmsL8H`C`%&td6wVJ^ z+Dlo95^c(JmZZ|Xs#d#dR(f!Taqr&a`J9@QwZF@l5<_2Ac?khVgzC_Vv2fZs)^!l@ zK&4?=eE;;$V!_Ii8q<^*%#aqoQVNz)Orxk^_~$g?RQ!7mA0kw#h+=PaYIlk-kIA6t<|S`5ZKKhZ(}0N>pL01*HH a00000000000002wlTJ@02INiv0001q1@2M+ diff --git a/Solutions/Azure Web Application Firewall (WAF)/Package/createUiDefinition.json b/Solutions/Azure Web Application Firewall (WAF)/Package/createUiDefinition.json index b893f102b8b..d3dcfeaa473 100644 --- a/Solutions/Azure Web Application Firewall (WAF)/Package/createUiDefinition.json +++ b/Solutions/Azure Web Application Firewall (WAF)/Package/createUiDefinition.json @@ -64,7 +64,7 @@ } }, { - "name": "dataconnectors-link2", + "name": "dataconnectors-link1", "type": "Microsoft.Common.TextBlock", "options": { "link": { diff --git a/Solutions/Azure Web Application Firewall (WAF)/Package/mainTemplate.json b/Solutions/Azure Web Application Firewall (WAF)/Package/mainTemplate.json index ea0beb32e49..e3b208d2782 100644 --- a/Solutions/Azure Web Application Firewall (WAF)/Package/mainTemplate.json +++ b/Solutions/Azure Web Application Firewall (WAF)/Package/mainTemplate.json @@ -134,18 +134,18 @@ "_analyticRulecontentProductId8": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','9b8dd8fd-f192-42eb-84f6-541920400a7a','-', '1.0.2')))]" }, "analyticRuleObject9": { - "analyticRuleVersion9": "1.0.0", + "analyticRuleVersion9": "1.0.1", "_analyticRulecontentId9": "bdb2cd63-99f2-472e-b1b9-acba473b6744", "analyticRuleId9": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'bdb2cd63-99f2-472e-b1b9-acba473b6744')]", "analyticRuleTemplateSpecName9": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('bdb2cd63-99f2-472e-b1b9-acba473b6744')))]", - "_analyticRulecontentProductId9": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','bdb2cd63-99f2-472e-b1b9-acba473b6744','-', '1.0.0')))]" + "_analyticRulecontentProductId9": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','bdb2cd63-99f2-472e-b1b9-acba473b6744','-', '1.0.1')))]" }, "analyticRuleObject10": { - "analyticRuleVersion10": "1.0.0", + "analyticRuleVersion10": "1.0.1", "_analyticRulecontentId10": "1c7ff502-2ad4-4970-9d29-9210c6753138", "analyticRuleId10": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', '1c7ff502-2ad4-4970-9d29-9210c6753138')]", "analyticRuleTemplateSpecName10": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('1c7ff502-2ad4-4970-9d29-9210c6753138')))]", - "_analyticRulecontentProductId10": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','1c7ff502-2ad4-4970-9d29-9210c6753138','-', '1.0.0')))]" + "_analyticRulecontentProductId10": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','1c7ff502-2ad4-4970-9d29-9210c6753138','-', '1.0.1')))]" }, "workbookVersion1": "1.1.0", "workbookContentId1": "WebApplicationFirewallFirewallEventsWorkbook", From 290a029149d9112c57f7d465629d4977eec20c0d Mon Sep 17 00:00:00 2001 From: "v-visodadasi@microsoft.com" Date: Fri, 7 Feb 2025 11:47:58 +0530 Subject: [PATCH 4/4] Update ReleaseNotes.md --- Solutions/Azure Web Application Firewall (WAF)/ReleaseNotes.md | 1 + 1 file changed, 1 insertion(+) diff --git a/Solutions/Azure Web Application Firewall (WAF)/ReleaseNotes.md b/Solutions/Azure Web Application Firewall (WAF)/ReleaseNotes.md index bc0bedbe672..d7122cf05c7 100644 --- a/Solutions/Azure Web Application Firewall (WAF)/ReleaseNotes.md +++ b/Solutions/Azure Web Application Firewall (WAF)/ReleaseNotes.md @@ -1,5 +1,6 @@ | **Version** | **Date Modified (DD-MM-YYYY)** | **Change History** | |-------------|--------------------------------|---------------------------------------------------------------------------| +| 3.0.2 | 06-02-2025 | Extracting transactionId_g and hostname_s from the AdditionalFields column using parse_json and Removing the now unavailable details_message_s and details_data_s fields from **Analytic Rules** App Gateway WAF - SQLi Detection and App Gateway WAF - XSS Detection.| | 3.0.1 | 10-06-2024 | Added new **Analytic Rules** [App Gateway WAF - SQLi Detection and App Gateway WAF - XSS Detection] | | 3.0.0 | 21-12-2023 | Added ResourceProvide condition as it is standard for Application Gateway WAF logs |