We have an accreditation requirement to prepare some form a report that has charts/metrics of WAF detection examples, as well as recommendations
We essentially want to perform a couple hours of analysis on whats poppin' and present some recommendations about what rules to disable/enable based on insights.
This review is helpful for us to optimize to make our environment more resilient/secure as well as documenting some insights and we can use for this accreditation requirement.
Essentially the report would have something like:
Detections, examples, and how do we remediate vulnerabilities
Is there something on Azure that can provide us this information about WAF events?
Thank you SaiKishor-MSFT. Posting your suggestion as an answer to help other community members.
Once your Application Gateway WAF is operational, you can enable logs to inspect what is happening with each request. Firewall logs give insight to what the WAF is evaluating, matching, and blocking. With Log Analytics, you can examine the data inside the firewall logs to give even more insights. For more information about creating a Log Analytics workspace, see Create a Log Analytics workspace in the Azure portal. For more information about log queries, see Overview of log queries in Azure Monitor.
You can refer to How to analyze WAF rules on Azure? and Back-end health and diagnostic logs for Application Gateway
Related
I have an app in Google's Play Store that had an update rejected recently and the app subsequently pulled. We've corrected the issues, at least I think we have, but Google can't test the app because they keep receiving access errors. I believe these are due to the fact that the application testing is being done from an IP/subnet that we have blocked, perhaps mistakenly, for previous suspected fraudulent activity. I've tried filing appeals and asking for the IP info but have had no success.
Does Google maintain a list of IP addresses they use for testing so I can whitelist them on my servers? If not, is there a better way to contact Google and ask for this information?
Thanks for whatever help you can provide! Apologies if this is the wrong forum to ask this, I am not actually the developer but having to troubleshoot this on behalf of the developer so I'm not as knowledgeable on the community or resources.
I have successfully deployed a Google Cloud Endpoints Developer Portal for my API running on Endpoints. I would like to provide access to testing to people outside my organisation that are not using GCP in their projects.
Login to the portal works correctly if I enable the Service Consumer role for these people (on per-email basis). However, when they open it for the first time, they are being asked to grant some extra permissions to the portal:
This form can create totally unnecessary security concerns. Does anyone know, why is it needed?
I only would like my clients to be able to test my API using a GUI, before they could start connecting their projects (not necessary on GCP) to mine. This seems to be a valid use case for me, however I might be misunderstanding some basic concepts.
Or should I submit a feature request to Google about a new role that only enables the access to the portal, and nothing else, so no such forms are shown?
Since Endpoints APIs must be explicitly shared with customers, the portal needs to verify that the logged-in user has permission to view that Endpoints API. So the short answer is that these scopes are being requested primarily so the portal can check the user's access to this API.
Longer answer is that we (the Endpoints team) are looking into if it's possible to build narrower OAuth scopes that would correspond to the access checks we perform. We agree that it's unnecessarily broad of an access request and are hoping to improve this in the future. Thanks for your comment!
I am after some help.
I have a mobile application that I would like the ability to log all network requests made to our internal APIs.
For our websites we use Splunk to log all network activity and this is great for doing investigations. my issue is that I need to engage with other teams to get these logs to do my investigations. We have App Dynamic, but this doesn't give me what i want.
For example. we might have an issue with users not being able to log into out sign on API. I would like to be able to have a tool that would allow me to tack the user in question and see what was sent to the API and what the response was.
Could you please let me know a tool that would help me with this? is there a way to create a server that all requests pass though, that i could install Splunk on? is there a better approach?
Thanks in advance
AppDynaics logs every network request and crash if you implement the mobile component. Did you test the Mobile components for AppDynamics?
I use APIGee for both API Proxy and Documentation, using a customized documentation site.
Following the recent APIGee outage this weekend, when I access my registered application list using my personal login on the documentation portal, I can no longer retrieve my application keys.
I get the error
STATUS: 404 - Not Found; Communication with the Apigee endpoint is
compromised. Cannot get API Products List.
The strange thing is that if I use my admin login at accounts.apigee.com, I can see 2 of my 3 applications listed... but one has disappeared. And more worryingly, this portal provides different application keys to the ones that were initially provided though the documentation portal.
I haven't been able to find any good documentation on this. How are these two sites linked together? Why are the keys different on both sites? What has caused my data to go missing?!
Tadhg -
This sounds like an issue that needs investigation by Apigee Global Support.
Would you please create an Apigee Support case? Please provide any applicable details, including your Organization name, the API call(s) you are making, the 3 applications you expect to see, and any other details you think might be helpful to diagnose.
Thanks!
I have an existing asp.net application that is currently in production for more than 3 years now. That application was developped based on internal and user requirements. That application is also using Google Analytics to detect different usage metrics to understand more what users are doing and which part of the system is most requested. But... we understand now that we are not so well connected to client's need's and more importantly, we don't receive a lot of feedback from them and when we receive feedback, that feedback is sent to many different people so most of the time they are lost or missing some valuable informations. Here is my question: is there some free (or paid) products that can be incorporated into an existing asp.net application that can provide the following functionnalities:
For my users:
Send feedbacks
Log bugs
Submit feature request
Ask questions
Be able to follow an issue, bug or feature and subscribe to it
Be able to rate answers
Be able to include attachments
Be able to vote for issues to prioritize them
Etc.
For me:
Respond to all of these issues and be able, in some way, to see and analyze all of this data to properly populate our product backlog with what user needs
My real need will be to have something like Telerik has implemented. Is there something that can be incorporated into an existing application?
Thanks in advance
What about User Voice? It's a great system to collect user feedback. Not sure if you'd get the integration you're looking for. For the rest of your requirements it seems it would work really well.