Quick Start Security for Azure Firewall
Thank you!
We got your information.
Coralogix Extension For Azure Firewall Includes:
Dashboards - 1
Gain instantaneous visualization of all your Azure Firewall data.
Alerts - 8
Stay on top of Azure Firewall key performance metrics. Keep everyone in the know with integration with Slack, PagerDuty and more.
An Attempt Was Made to Delete a Locked Firewall Policy
This alert detects when a user attempted to delete a Firewall policy that was locked to prevent deletion. Locks are an Azure feature to prevent the accidental deletion of resources. Impact An attempt to delete a Firewall policy should be inspected and validated if the action was legitimate as it could be an indication of an attacker attempting to delete legitimate resources. Mitigation Validate that the deletion attempt was authorized and intended, revert and further investigate if not. If this alert is followed by a successful deletion alert, pay close attention to the performing user and quickly validate it as it might mean an attacker has managed to disable or circumvent the lock. MITRE Tactic: TA0040 MITRE Technique: T1531
An Attempt Was Made to Delete a Locked Firewall
This alert detects when a user attempted to delete a Firewall that has been locked from deletion. Locks are an Azure feature to prevent the accidental deletion of resources. Impact An attempt to delete a Firewall should be inspected and validated if the action was legitimate as it could be an indication of an attacker attempting to delete legitimate resources. Mitigation Validate that the deletion attempt was authorized and intended, revert and further investigate if not. If this alert is followed by a successful deletion alert, pay close attention to the performing user and quickly validate it as it might mean an attacker has managed to disable or circumvent the lock. MITRE Tactic: TA0040 MITRE Technique: T1531
A Firewall policy was deleted
This alert detects when a Firewall policy was deleted. Impact An adversary may delete a firewall rule to impair network defenses, allow or deny access and create a business impact on the company environment. Mitigation Validate that the action was authorized and revert changes if not. Ensure the firewall and the network range are scoped properly. Ensure the user who deleted the rule has the correct privileges to delete a firewall rule. MITRE Tactic: TA0005 MITRE Technique: T1562 MITRE Sub-Technique: 007
A Firewall Policy Was Created or Updated
This alert detects when a Firewall policy was created or updated. Impact Custom firewall rules can be manipulated by attackers to have an entry point into various services in Azure. Mitigation Validate that the action was authorized and revert changes if not. Ensure the firewall and the network range are scoped properly. Ensure the user who created the rule has the correct privileges to create or modify a firewall rule. MITRE Tactic: TA0005 MITRE Technique: T1562 MITRE Sub-Technique: 007
A Firewall Was Deleted
This alert detects when a Firewall was deleted. Impact An adversary may delete a firewall in order to impact the network operations and expose the relevant network to outside attacks. Mitigation Validate that the action was authorized and revert changes if not. Ensure the user who deleted the firewall has the correct privileges for the action. MITRE Tactic: TA0005 MITRE Technique: T1562 MITRE Sub-Technique: 007
A Firewall was created or updated
This alert detects when a Firewall was created or updated. Impact Changes to firewall configuration can be manipulated by attackers to have an entry point into various services in Azure. Mitigation Validate that the action was authorized and revert changes if not. Ensure the firewall and the network range are scoped properly. Ensure the user who created or modified the firewall has the correct privileges. MITRE Tactic: TA0005 MITRE Technique: T1562 MITRE Sub-Technique: 007
Azure Firewall Policies Certificate Added,Modified or Deleted
The "Azure Firewall Policies Certificate Action" use case involves monitoring and recording actions related to certificate management within Azure Firewall policies. This includes activities such as certificate additions, modifications, or deletions within the firewall policies. The use case aims to provide visibility into certificate-related changes, ensuring the integrity of secure communication and compliance with organizational security policies. Impact Custom firewall Policies certificate rules can be manipulated by attackers to have an entry point into various services in Azure. Mitigation Validate that the action was authorized and revert changes if not. Ensure the firewall and the network range are scoped properly. Ensure the user who created the rule has the correct privileges to create or modify a firewall rule. MITRE Tactic: TA0005 MITRE Technique: T1562
Azure Firewall Network Configuration Changes
The "Azure Firewall Configuration Changes" use case involves monitoring and recording modifications to the configuration settings of Azure Firewall within an Azure environment. This includes changes to rule sets, network rules, application rules, threat intelligence settings, and any other configuration parameters related to Azure Firewall. The use case aims to provide visibility into administrative actions and ensure the security and compliance of the network infrastructure. Impact Unauthorized or incorrect changes to Azure Firewall configurations can lead to deviations from the organization's security policies. This may result in misconfigured rules, exposing the network to security vulnerabilities or allowing unintended traffic. Improper configuration changes may disrupt network traffic, impacting the availability and performance of applications and services relying on Azure Firewall. This can lead to service outages or degraded network performance. Mitigation Validate that the action was authorized and revert changes if not. Ensure the firewall and the network range are scoped properly. Ensure the user who created or modified the firewall has the correct privileges. MITRE Tactic: TA0005 MITRE Technique: T1562 MITRE Sub-Technique: 007
Integration
Learn more about Coralogix's out-of-the-box integration with Azure Firewall in our documentation.