Forum Discussion
Malformed user agent alert received
Hi,
I am receiving alerts in sentinel as "Malformed user agent" and its showing me the IP address but no other details.
Can someone help on what exactly is this, I have few confusions below,
1. I am using multiple WAF I am not able to understand on which Application gateway it is received.
2. Is this mean some malware is inside my network on some machine, then how do I get detail of that.
3. Or it was just attempt and blocked by WAF.
4. What action do I need to take in this case.
Thanks in advance.
AnupamN To check the event details associated with the incident, open the incident details and under Events tab click on the hyperlink shown below:
To investigate follow the steps here: https://docs.microsoft.com/en-us/azure/sentinel/tutorial-investigate-cases
Read upon "Malformed user agent"
Query SecurityAlerts table under Logs:
