Free Trial Book a Demo

Serverless360 to enable your Security Manager to Azure Web Application Firewall(WAF) data

Categories: Microsoft Azure Tags:

Recently we had an interesting use case from our customer for which Serverless360 mapped a perfect solution. We resolved the issue with the new Log Analytics and Application Insights capabilities from Serverless360. This blog will help you better understand the feature set with a real-time use case.

Support to Security Manager

The customer was developing an API and Web Application running on Azure Platform as a Service and Serverless technologies. They were also using Azure Frontdoor and Web Application Firewall to protect the entry to the application estate.

From a governance perspective, the customer’s security manager needs to have visibility of how the application is performing and to be able to see if there are any issues.

The architecture for the application looks like the one below,

Azure web application firewall

We wanted to create an easy way for the security manager and support team to visualize how the WAF rules were helping their application in a simple and easy-to-use manner.

Serverless360 in action

The perfect solution was Business Application in Serverless360. We added some resources to a business app and then added some queries and dashboards to let the team see how things were going.

Dashboard

The first thing we did was to add a dashboard with some common queries that provide an overview of how things are going, almost like a single-pane view of the security of the application Frontdoor.

In this case, the Serverless360 dashboard could combine log queries against Log Analytics with queries against metrics of resources that constitute the application.

Below you can see an example from a dashboard where we added widgets for some common overview queries.

Azure web application firewall

We were able to add multiple dashboards giving views into different aspects of the application and how WAF was protecting it.

Queries

We were also able to save some queries to let the security manager have an easy way to modify a parameter and then investigate some of the data without significant Azure training or experience.

Frontdoor

In the business application, we can add the Log Analytics resource. A library of queries is available to help find some of the things you might be interested in, as shown below.

azure web application firewall on azure front door

Below is an example of a query that shows which callers are accessing my Frontdoor.

azure web application firewall on azure front door

Web Application Firewall

Users can also use queries against the WAF log data. Below is an example showing some of the recent events that triggered a WAF rule.

Web Application Firewall

To see which rules are firing the most, we can also summarize how many events have been logged for the different rule types.

azure web application firewall rules

Summary

There are many valuable ways to provide queries in the Business Application to your security or operator user. Serverless360 aims to provide a simple and easy-to-use way to let these users play their role in supporting your application without needing to be an expert in using the underlying Azure technologies. 

For this customer, their security manager can check on critical things they care about independently without needing to rely on help from the development team. Serverless360 helps provide transparency and democratization of the support of your application.