Azure Firewall Threat Intelligence Alert

azure

Classification:

threat-intel

Set up the azure integration.

This page is not yet available in Spanish. We are working on its translation.
If you have any questions or feedback about our current translation project, feel free to reach out to us!

Goal

Detect when an Azure firewall threat intelligence alert is received.

Strategy

Monitor Azure Network Diagnostic logs and detect when @evt.name is equal to AzureFirewallThreatIntelLog.

Triage and response

  1. Inspect the threat intelligence log.
  2. Investigate the activity from this IP address.