Skip to content

What's New

shabaz-github edited this page Dec 11, 2024 · 75 revisions

What's new in the Azure Network Security GitHub community?

This page is a timeline of automation artifacts that have recently been added to the Azure Network security repository. For blog posts relating to Azure Network security, please visit the Azure Network Security Blog  

For information about our Github repository, go here
For information about TechCommunity, go here

Acknowledgements

Thank you to all network security contributors for submitting samples and sharing your artifacts to improve the Network security experience.
 

Recent additions

Find the latest additions, best practices and interesting techniques, in the table below. Ordered by date.

 

Artifact Description Author(s) Date
Azure Policy to Mandate enabling of Request Body Inspection and Upload Size Limits on App GW WAF Governance Policy Andrew Mathu 11/30/2024
AFD WAF Triage Workbook The WAF Triage Workbook is now available for AFD Shabaz Shaik, David Frazee 09/17/2024
Azure Policy to Mandate enabling of resource specific logs for Azure Firewall Governance Policy Andrew Mathu 09/09/2024
Azure Policy to mandate enabling of DDoS Protection for Public IPs associated with Application Gateway Governance Policy Gustavo Modena 09/09/2024
Cross Product KQL query basing on Source IP Hunting Query Saleem Bseeu 08/26/2024
Azure Policy to mandate the enabling of JS Challenge to protect against Malicious bots Governance Policy David Frazee 08/06/2024
WAF Workbook V3 with JSChallenge Action The WAF Monitor workbook now includes JSChallenge Action David Frazee, Shabaz Shaik 08/06/2024
Time Series IP Anomaly detection for Azure WAF Threat Detection Andrew Mathu 06/21/2024
Azure Policy to mandate the enabling of Log Scrubbing Rules for Azure WAF Governance Policy David Frazee 05/27/2024
Azure Policy to mandate Azure WAF Geo Match Custom Rules Should Specify the ZZ Location Governance Policy David Frazee 05/09/2024
Azure Policy to allow only encrypted traffic in Azure Firewall Governance Policy David Frazee 03/26/2024
Azure Policy to mandate Firewall Deployment for VNETs with specified Tags Governance Policy Gustavo Modena 03/19/2024
WAF Workbook with Metrics Tab The WAF Monitor workbook now includes new tabs containing data from most used Metrics David Frazee, Shabaz Shaik 03/08/2024
Hunting Queries for Top IPs and Rule IDs for Azure WAF These new Hunting queries will give useful information like the Top offender IPs and most hit Rule IDs for Azure WAF Shabaz Shaik 03/04/2024
Azure Policy to mandate DDoS Protection for Public IPs with Specified Tags Governance Policy David Frazee 02/28/2024
Azure Policy to mandate DDoS Protection for Azure Firewall public IPs Governance Policy Andrew Mathu 02/28/2024
Queries for DDoS Mitigation Trends The New DDoS Mitigation Trends queries give important information about the recent DDoS Attacks Saleem Bseeu 01/15/2024
Azure Policy for Enabling Rate Limiting on App GW WAF Governance Policy Andrew Mathu 01/15/2024
Playbook - Firewall Malware Detections for Sentinel Detect common malware found in Azure Firewall logs like Coin-miner, Cl0p and Sunburst using predefined KQL detection queries for Azure Firewall Shabaz Shaik, Tobi Otolorin 12/13/2023
Azure WAF - WAF Tuning - Front Door - Postman collection & Deployment template Learn a high-level overview of understanding Azure WAF diagnostic logs to help identify how to create exclusions and custom rules for the Azure WAF on Azure Front Door. David Frazee 9/26/2023
Azure WAF - WAF Tuning - Application Gateway - Postman collection & Deployment template Learn a high-level overview of understanding Azure WAF diagnostic logs to help identify how to create exclusions and custom rules for the Azure WAF on Azure Application Gateway. David Frazee 9/26/2023
Azure WAF - Sensitive Data Lab - Postman collection & Deployment template Learn how to use the Azure WAF Sensitive data (log scrubbing) feature to hide potentially sensitive information from logs. David Frazee 8/8/2023
Detection query for Code Injection Attack for AFD WAF Query to build Analytic Rule in sentinel for Code Injection Attacks for AFD WAF. Shabaz Shaik 8/1/2023
Detection query for Code Injection Attack for App GW WAF Query to build Analytic Rule in sentinel for Code Injection Attacks for App GW WAF. Shabaz Shaik 8/1/2023
Detection query for Path Traversal Attack for AFD WAF Query to build Analytic Rule in sentinel for Path Traversal Attacks for AFD WAF. Shabaz Shaik 8/1/2023
Detection query for Path Traversal Attack for App GW WAF Query to build Analytic Rule in sentinel for Path Traversal Attacks for App GW WAF. Shabaz Shaik 8/1/2023
Detection query for User Agent based Scanner Attack for App GW WAF Query to build Analytic Rule in sentinel for User Agent based Scanner Attack for App GW WAF. Andrew Mathu 8/1/2023
Workbook - Azure Monitor Workbook for Azure Firewall - Structured Logs Gain insights into Azure Firewall events. You can learn about your application and network rules, see statistics for firewall activities across URLs, ports, and addresses. This workbook allows you to filter your Firewalls and Resource Groups, dynamically filter per category with easy to read data sets when investigating an issue in your logs. Import via ARM Template or Gallery Template. Shabaz Shaik, Gustavo Modena, David Frazee 2/22/2023
Template - Inspecting traffic to PE with Azure Firewall Inspect traffic going to a Private Endpoint with Azure Firewall Gustavo Modena 1/4/2023
Sentinel Playbook - Block IP in AFD Add the source IP address passed from the Sentinel Incident to a custom WAF rule for blocking malicious IPs Shabaz Shaik 11/30/2022
Template - Firewall Basic with Firewall Policy and Hub Spoke Network Deploy Azure Firewall Basic using Bicep David Frazee 11/16/2022
Template - Firewall Basic with Firewall Policy and Hub Spoke Network Deploy Azure Firewall Basic using Terraform Gustavo Modena 11/3/2022
Template - Azure Firewall Forced Tunnel Lab Use this template and blog to deploy Azure Firewall in a Forced Tunnel environment and test different scenarios such as forced tunneling monitoring and split tunneled traffic David Frazee 9/1/2022
Import Palo Alto Panorama policy into Azure Firewall Policy This script will export Palo Alto firewall ruleset to be used in creating an Azure Firewall policy Jose Moreno 9/1/2022
Migrate from Fortinet config into Azure Firewall Policy This script provides a way read an existing Fortigate configuration and export commands into an existing Azure Firewall Policy Jose Moreno 9/1/2022
Template - Logic App for Azure Firewall Backups Use this template to create an Azure Logic App that runs every three day to backup your Azure Firewall and Azure Firewall Policy Lara Goldstein 8/17/2022
Template - Logic App and Automation Account for Adding O365 Rules Use this template to create an Azure Logic App and an Azure Automation Account to update an Azure Firewall Policy to allow traffic to Office 365 endpoints Lara Goldstein 8/15/2022
Terraform Geoblock Custom IPs Create a custom rule and apply it to deny or allow an IP list using Terraform Jon Chancellor 7/1/2022
Logic app for IDPS signature updates notification Use this template to create Logic App that sends notification for new Azure Firewall Premium IDPS signature updates Lara Goldstein, Shabaz Shaik 6/13/2022
AppGateway WebAppFirewall Policy for Logging Countries Block Geolocations in a sanctioned and embargoed list using this template Nathan Swift 5/13/2022
IP Groups terraform implementation Use this tool to enable the implementation of Azure Firewall IP Groups and rules in batch. Example application is for Azure Firewall Geo-filtering Jon Chancellor 3/15/2022
Create alerts for traffic anomalies with Azure WAF Detect traffic anomalies and auto-mitigate spikes with Azure WAF on Microsoft Azure Front Door Sushant Singh 02/28/2022
View Protected IPs Tool This script will generate a CSV file containing the DDoS protection standard information for each Public IP Address in your subscription Camila Martins, Corey Callaway 2/16/2022
Migrate to Azure Firewall Premium in Secured vWAN hub-Preserve IPs Migrate Azure firewall from Standard SKU to Premium SKU in Secured vWAN hub while preserving the Public IP addresses during the migration process Tobi Otolorin 02/03/2022
Runbook to manage Azure Firewall Back ups Run back-ups and create schedules/task for your Azure Firewall. Follow the tutorial in our TechCommunity Blogpost for more information on how this script works Tobi Otolorin 01/19/2022
Azure Network Security Lab Environment Deployment Template v2.1 Update to the demo lab to test Azure Network Security components including the new Azure Firewall Premium. If you are looking to test out a migration, please use the old lab with Azure firewall standard. Tobi Otolorin 10/28/2021
Workbook - AppGw WAF Triage Workbook This workbook visualizes Application Gateway WAF rule violations and helps with triaging the violations in order to facilitate tuning the WAF against valid traffic Christof Claessens 09/24/2021
Network Security Dashboard for Security Center Network security dashboard for Security Center provides you a unified view and full visibility to your network security and networking resources in Azure Mohit Kumar, Lior Arviv 08/24/2021
Firewall as DNS Proxy in Hub & Spoke topology DNS proxy puts Azure Firewall in the path of the client requests to avoid inconsistency. You can enable DNS proxy in Azure Firewall and Firewall Policy settings Paolo Salvatori 4/19/2021
Firewall Premium Monitor Workbook Azure Monitor Workbook optimized for Firewall Premium SKU with IDPS features etc. Chris Boehm 04/07/2021
WVD Firewall Templates sample Protect your WVD Host Pools using Firewall Policy Sample with Azure Firewall Premium Nathan Swift 02/24/2021
Role Based Access Control (RBAC) for Azure Firewall Find RBAC templates and create custom RBAC roles for Firewall admins Tobi Otolorin 2/8/2021
Azure WAF Attack Testing Lab Environment Deployment Template This ARM deployment includes everything needed to test and validate Azure WAF Security components Mohit Kumar 1/4/2021
WAF Custom Rule Examples These templates contain various examples of custom rules for use with Azure WAF on either Application Gateway or Front Door. Anthony Roman 12/22/2020
DDoS Mitigation Alert Enrichment Deploy this template for enriched DDoS mitigation alert: Azure Monitor alert rule, action group, and Logic App Anthony Roman 11/24/2020
Policy to ensure Virtual networks are associated to DDoS standard protection plan This policy will detect any virtual networks that do not have DDoS Protection Standard enabled and optionally create a remediation task which will associate the specified DDoS Protection Plan Anthony Roman 11/22/2020
List port status via Azure Resource Graph Query Query to quickly identify network security attack surface by listing ports status Mohit Kumar 11/11/2020
Map Public IPs to Azure Assets Azure Resource Graph query that provides details of all public IPs and the assets associated with them in the selected Azure subscriptions. Mohit Kumar 09/29/2020
Find Dangling DNS records Tool to generate dangling domains in a tenant AzureDanglingDNS 09/23/2020
Policy to manage Enabling of DDoS standard on VNets Restrict creation of Azure DDoS Protection Standard plans with Azure Policy Camila Martins 09/17/2020
Get Protected Public IPs Loop through all VNets for a list of subscriptions and determine which public IP addresses are protected by DDoS standard protection Azure DDoS 09/02/2020
Sentinel Playbook - Block IP This Logic App Playbook for Sentinel will add the source IP address passed from the Sentinel Incident to a custom WAF rule blocking the IP Anthony Roman 08/21/2020