Set up the azure integration.
Detect when an Azure Frontdoor Web Application Firewall (WAF) blocks a request from an IP address.
This rule monitors Azure Activity logs for Frontdoor Web Application Firewall logs and detects when the @evt.name
has a value of Microsoft.Network/FrontDoor/WebApplicationFirewallLog/Write
and @properties.action
has a value of Block
.