All Apps and Add-ons
Highlighted

Azure Aplication Gateway Webapplication Firewall

New Member

Hi,

i was hoping you can help me out, im trying to parse the Azure Aplication Gateway Webapplication Firewall files within splunk but im not getting it right, the json is in the following format;

{
"resourceId": "/SUBSCRIPTIONS//RESOURCEGROUPS//PROVIDERS/MICROSOFT.NETWORK/APPLICATIONGATEWAYS/",
"operationName": "ApplicationGatewayFirewall",
"time": "2016-09-20T00:40:04.9138513Z",
"category": "ApplicationGatewayFirewallLog",
"properties": {
"instanceId":"ApplicationGatewayRoleIN0",
"clientIp":"108.41.16.164",
"clientPort":1815,
"requestUri":"/wavsep/active/RXSS-Detection-Evaluation-POST/",
"ruleId":"OWASP973336",
"message":"XSS Filter - Category 1: Script Tag Vector",
"action":"Logged",
"site":"Global",
"message":"XSS Filter - Category 1: Script Tag Vector",
"details":{"message":" Warning. Pattern match "(?i)(<script","file":"/owasp
crs/baserules/modsecuritycrs41xss_attacks.conf","line":"14"}}
}

I all ready downloaded and installed the Splunk Add-on for Microsoft Cloud Services but the logsource is not included and the other are not working.

the link below gives more information about the Azure Aplication Gateway Webapplication Firewall
https://docs.microsoft.com/en-us/azure/application-gateway/application-gateway-webapplicationfirewal...

0 Karma
Highlighted

Re: Azure Aplication Gateway Webapplication Firewall

Explorer

Run it thru xpath! Works great.

0 Karma