Azure Firewall and WAF are critical security services that many Microsoft Azure customers use to protect their network and applications from threats and attacks. Azure Firewall is a fully managed, cloud-native network security service that safeguards your Azure resources. It ensures high availability and scalability while filtering both inbound and outbound traffic, catching threats and only allowing legitimate traffic. Azure WAF is a cloud-native service that protects your web applications from common web-hacking techniques such as SQL injection and cross-site scripting. It offers centralized protection for web applications hosted behind Azure Application Gateway and Azure Front Door.
The Azure Firewall integration in Copilot for Security enables analysts to perform detailed investigations of malicious traffic intercepted by the IDPS [Intrusion Detection and Prevention System] feature of their firewalls across their entire fleet. Analysts can use natural language queries in the Copilot for Security standalone experience for threat investigation. With the Azure WAF integration, security and IT teams can operate more efficiently, focusing on high-value tasks. Copilot summarizes data and generates in-depth contextual insights into the WAF threat landscape. Both integrations simplify complex tasks, allowing analysts to ask questions in natural language instead of writing complex KQL queries.
In this blog, we will focus on setting up and leveraging the integration of Network Security services with Copilot for Security for hunting and troubleshooting malicious traffic.
Network Security Capabilities Available today in Copilot:
Azure Firewall:
Azure WAF:
Prerequisites for enabling the integration:
In case you haven’t used Copilot for Security for other products, you need to onboard to Copilot for Security by following the process below:
Once the Security Compute Units (SCUs) are provisioned as specified, the Azure WAF and Firewall logs are present in the Azure Log Analytics workspace, and the respective plugins are enabled, the capabilities will be ready for use.
Investigation of Threats in Azure Firewall using Copilot for Security:
Investigation of Threats in Azure WAF using Copilot for Security:
Recommendations for Network Security:
For more details on all the available prompts that can be used with this integration, refer to the respective documentation here for Firewall and WAF.
Integrating Microsoft Azure’s robust network security services with Copilot for Security offers a powerful solution for enhancing your security posture. By leveraging Azure Firewall and Azure Web Application Firewall (WAF) within Copilot, security analysts can efficiently investigate and mitigate threats using natural language queries. This integration not only simplifies complex security tasks but also provides comprehensive protection for your applications and data, allowing your security and IT teams to focus on high-value activities.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.