Skip to main content

Automate response to alerts and leverage AI for investigations

Implementation Effort: Medium

User Impact: Low

Overview

Automating incident response and leveraging AI-driven investigations are key to an effective Zero Trust security operation.

In Microsoft Sentinel, configure Analytics Rules to detect key events from Azure DDoS Protection, Azure Firewall, and Azure WAF—such as DDoS attack detections, firewall rule denials, or WAF blocks—and link those rules to Playbooks (Azure Logic Apps) that automatically create block rules (Firewall and WAF), notify stakeholders, or open tickets.

In parallel, use Microsoft Security Copilot to accelerate and enrich your investigations on Azure Firewall logs and Azure WAF logs. Run conversational queries against ingested logs, get AI-generated summaries of incidents, and receive targeted remediation recommendations.

Reference