Classification:

threat-intel

VIEW RULE IN DATADOG VIEW SIGNALS

Set up the azure integration.

Goal

Detect when an Azure firewall threat intelligence alert is received.

Strategy

Monitor Azure Network Diagnostic logs and detect when @evt.name is equal to AzureFirewallThreatIntelLog.

Triage and response

1. Inspect the threat intelligence log.
2. Investigate the activity from this IP address.