The Default Rule Set 2.1 (DRS 2.1) on Azure's global Web Application Firewall (WAF) with updated rules against new attack signatures is now available to Web Application Firewall customers. This ruleset is available on the Azure Front Door Premium tier.
DRS 2.1is baselined off the Open Web Application Security Project (OWASP) Core Rule Set (CRS) 3.3.2 and includes the Microsoft Threat Intelligence (MSTIC) rules that are written in partnership with the Microsoft Intelligence team.
As with the previous DRS 2.0, the MSTIC team analyzes Common Vulnerabilities and Exposures (CVEs) and adapts the CRS ruleset to provide increased coverage, patches for specific vulnerabilities, and better false positive reduction. Also, Azure Front Door WAF with DRS 2.1 uses anomaly scoring mode, hence rule matches are not considered independently.