运行Web应用程序防火墙的查询以获取攻击日志 [英] Running a query for Web Application firewall to fetch attack logs

问题描述

大家好，

我需要运行一个查询来检索Azure Web应用程序防火墙上的以下详细信息。结果应包含以下详细信息。

网站的URL，客户端IP地址，安全警报ID，安全警报名称，安全警报说明。

是否可以从单个查询中获取上述详细信息。在检查时，我可以看到网站名称和客户端IP地址在表AzureDiagnostics中，其余参数在表SecurityEvents中。可以帮助一些人。 

解决方案

问候，

感谢您在此处发布。

为了捕获上述参数，您可以直接将数据流式传输到Log-Analytics需要存储帐户，然后您可以在这些日志上运行kusto查询以获取所需数据。

问候，

Subhash

Hi all,

I need to run a query to retrieve the following details on Azure Web application Firewall. The result should contain the following details.

URL of the website, Client IP address, Security Alert ID, Security Alert Name , Security Alert description.

Is it possible to get the above details from a single query. While checking I could see that the website name and client IP address are in the table AzureDiagnostics and the remaining parameters are in the table SecurityEvents. Can some one assist. 

解决方案

Greetings,

Thanks for posting here.

For capturing the above mentioned parameters, You can stream your data to Log-Analytics directly with out need of storage account and sequentially you can run kusto queries on those logs to get the desired data.

Regards,

Subhash

这篇关于运行Web应用程序防火墙的查询以获取攻击日志的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！