I am receiving alerts in sentinel as "Malformed user agent" and its showing me the IP address but no other details.
Can someone help on what exactly is this, I have few confusions below,
1. I am using multiple WAF I am not able to understand on which Application gateway it is received.
2. Is this mean some malware is inside my network on some machine, then how do I get detail of that.
3. Or it was just attempt and blocked by WAF.
4. What action do I need to take in this case.
Thanks in advance.
@AnupamN To check the event details associated with the incident, open the incident details and under Events tab click on the hyperlink shown below:
To investigate follow the steps here: https://docs.microsoft.com/en-us/azure/sentinel/tutorial-investigate-cases
Read upon "Malformed user agent"
Query SecurityAlerts table under Logs: