Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

Malformed user agent alert received

Copper Contributor

Hi,

I am receiving alerts in sentinel as "Malformed user agent" and its showing me the IP address but no other details.

 

Can someone help on what exactly is this, I have few confusions below,

1. I am using multiple WAF I am not able to understand on which Application gateway it is received.

2. Is this mean some malware is inside my network on some machine, then how do I get detail of that.

3. Or it was just attempt and blocked by WAF.

4. What action do I need to take in this case.

 

Thanks in advance.

 

 

1 Reply

@AnupamN To check the event details associated with the incident, open the incident details and under Events tab click on the hyperlink shown below:

Joseph-Abraham_1-1607067203296.png

To investigate follow the steps here: https://docs.microsoft.com/en-us/azure/sentinel/tutorial-investigate-cases

 

Read upon "Malformed user agent"

 

Query SecurityAlerts table under Logs:

 

Joseph-Abraham_2-1607067938097.png