How to analyze WAF rules on Azure?

Question

We have an accreditation requirement to prepare some form a report that has charts/metrics of WAF detection examples, as well as recommendations We essentially want to perform a couple hours of analysis on whats poppin' and present some recommendations about what rules to disable/enable based on insights.

This review is helpful for us to optimize to make our environment more resilient/secure as well as documenting some insights and we can use for this accreditation requirement.

Essentially the report would have something like:

Detections, examples, and how do we remediate vulnerabilities

Is there something on Azure that can provide us this information about WAF events?

Answer 1

Thank you SaiKishor-MSFT. Posting your suggestion as an answer to help other community members.

Once your Application Gateway WAF is operational, you can enable logs to inspect what is happening with each request. Firewall logs give insight to what the WAF is evaluating, matching, and blocking. With Log Analytics, you can examine the data inside the firewall logs to give even more insights. For more information about creating a Log Analytics workspace, see Create a Log Analytics workspace in the Azure portal. For more information about log queries, see Overview of log queries in Azure Monitor.

You can refer to How to analyze WAF rules on Azure? and Back-end health and diagnostic logs for Application Gateway