Azure Firewall Threat Intelligence Alert
Incident Management is now generally available! Incident Management is now generally available!
<  Back to rules search

Azure Firewall Threat Intelligence Alert

azure

Classification:

threat-intel

Set up the azure integration.

Overview

Goal

Detect when an Azure firewall threat intelligence alert is received.

Strategy

Monitor Azure Network Diagnostic logs and detect when @evt.name is equal to AzureFirewallThreatIntelLog.

Triage & Response

  1. Inspect the threat intelligence log.
  2. Investigate the activity from this IP address.