Monitoring Azure WAF and firewall

97 views
Skip to first unread message

Lee Williamson

unread,
Dec 1, 2022, 6:24:09 AM12/1/22
to Wazuh mailing list
Hi

Relatively new to Wazuh and have most of it configured as required and very impressed with it.

Looking to finalize this by monitoing azure WAF/Application gateway and Azure firewall.

Read some of the documentation and seems less explanation compared to AWS. Wondering if anyone has any experience with this and can assist. Can see some info regarding logs for output and reading, is there any other way or gotchas people have come across

thanks

HA

unread,
Dec 2, 2022, 5:09:25 AM12/2/22
to Wazuh mailing list
Hi,

This my config...
Getting logs (every 2 minutes) from 2 AWS WAF (2 regions)...

<!-- AWS WAF LOG -->
  <wodle name="aws-s3">
    <disabled>no</disabled>
    <interval>2m</interval>
    <run_on_start>yes</run_on_start>
    <skip_on_error>yes</skip_on_error>
    <bucket type="waf">
     <access_key>xxxxxxxxxxxxxxxxxxx</access_key>
     <secret_key>xxxxxxxxxxxxxxxxxxxxF</secret_key>
     <name>s3-aws-waf-logs-f</name>
     <path></path>
     <regions>eu-central-1</regions>
    </bucket>
    <bucket type="waf">
     <access_key>yyyyyyyyyyyyyyyyyyyy</access_key>
     <secret_key>yyyyyyyyyyyyyyyyyyyyyyy</secret_key>
     <name>s3-aws-waf-logs-p</name>
     <path></path>
     <regions>eu-west-3</regions>
    </bucket>
  </wodle>

HA

Federico Damian Lo Iacono

unread,
Dec 2, 2022, 7:21:19 AM12/2/22
to Wazuh mailing list
Hi Lee, thanks for choosing Wazuh! It's great you are impressed with it.

As for monitoring Azure WAF/Application Gateway, it is true there are no "in-depth" guides detailing an integration process with Wazuh. On the bright side, since Wazuh already integrates with Azure Log Analytics, a very powerful analytics tool, there are some steps you can follow.

Microsoft offers great documentation on integrating all their resources with Log Analytics, in the case of Azure WAF, you can find it here. After piping all event and monitoring logs through Log Analytics, you can check the prerequisites for integration of Wazuh with Log Analytics, and follow the cloud security guide in our documentation.

If there is great interest in adding a complete, in-depth guide for Azure WAF/Application Gateway monitoring with Wazuh, you can always open an issue in our documentation GitHub repository (remember to check for already existing issues first!).

Please let me know if you need more help with this issue, and I'll follow up with you.

Thanks!
Reply all
Reply to author
Forward
0 new messages