Automate response to alerts and leverage AI for investigations
Implementation Effort: Medium
User Impact: Low
Overview
Automating incident response and leveraging AI-driven investigations are key to an effective Zero Trust security operation.
In Microsoft Sentinel, configure Analytics Rules to detect key events from Azure DDoS Protection, Azure Firewall, and Azure WAF—such as DDoS attack detections, firewall rule denials, or WAF blocks—and link those rules to Playbooks (Azure Logic Apps) that automatically create block rules (Firewall and WAF), notify stakeholders, or open tickets.
In parallel, use Microsoft Security Copilot to accelerate and enrich your investigations on Azure Firewall logs and Azure WAF logs. Run conversational queries against ingested logs, get AI-generated summaries of incidents, and receive targeted remediation recommendations.
Reference
- Azure DDoS Solution for Microsoft Sentinel
- Connect Azure Firewall to Sentinel
- Azure Firewall with Microsoft Sentinel overview
- Using Microsoft Sentinel with Azure Web Application Firewall
- Onboard Microsoft Sentinel
- Microsoft Security Copilot for Azure Firewall
- Azure Web Application Firewall integration in Microsoft Copilot for Security (preview)