More Info:

Enable Web Application Firewall recommendations for virtual machines.

Risk Level

Low

Address

Security, Operational Maturity

Compliance Standards

SOC2, ISO27001, HIPAA, HITRUST

Triage and Remediation

Remediation

Using Console

To remediate the “Monitor Web Application Firewall setting is not enabled” misconfiguration in Azure using the Azure console, you can follow the below steps:
  1. Open the Azure portal and navigate to the Azure Application Gateway resource that you want to configure.
  2. Click on the “Firewall” option under the “Security” section in the left-hand menu.
  3. Under the “Web application firewall” section, click on the “Edit” button.
  4. In the “Web application firewall settings” page, scroll down to the “Diagnostic logs” section.
  5. Click on the “Enable” button next to “Send logs to Log Analytics workspace”.
  6. Select the Log Analytics workspace that you want to use for storing the diagnostic logs.
  7. Click on the “Save” button to save the changes.
Once you have completed these steps, the “Monitor Web Application Firewall setting is not enabled” misconfiguration will be remediated and the diagnostic logs for the web application firewall will be sent to the specified Log Analytics workspace for monitoring and analysis.

To remediate the “Monitor Web Application Firewall setting is not enabled” misconfiguration in Azure using Azure CLI, please follow the below steps:
  1. Open the Azure CLI command prompt and log in to your Azure account using the command: az login
  2. Once you are logged in, set your subscription using the command: az account set --subscription <subscription_id>
  3. Enable the Web Application Firewall (WAF) monitoring by running the following command: az network application-gateway waf-policy set --name <waf_policy_name> --resource-group <resource_group_name> --firewall-mode Detection Note: Replace <waf_policy_name> and <resource_group_name> with the actual names of your WAF policy and resource group.
  4. Verify that the WAF monitoring is enabled by running the following command: az network application-gateway waf-policy show --name <waf_policy_name> --resource-group <resource_group_name> This command will display the details of your WAF policy, including the firewall mode which should now be set to “Detection”.
  5. Finally, you can also verify the WAF monitoring status by checking the Azure Security Center dashboard.
By following these steps, you should be able to remediate the “Monitor Web Application Firewall setting is not enabled” misconfiguration in Azure using Azure CLI.
To remediate the misconfiguration “Monitor Web Application Firewall setting is not enabled” for Azure using Python, follow the below steps:Step 1: Import the required libraries
from azure.common.credentials import ServicePrincipalCredentials
from azure.mgmt.monitor import MonitorManagementClient
Step 2: Authenticate and create the MonitorManagementClient object
TENANT_ID = '<your tenant id>'
CLIENT = '<your client id>'
KEY = '<your client secret>'
SUBSCRIPTION_ID = '<your subscription id>'

credentials = ServicePrincipalCredentials(
    client_id=CLIENT,
    secret=KEY,
    tenant=TENANT_ID
)

monitor_client = MonitorManagementClient(
    credentials,
    SUBSCRIPTION_ID
)
Step 3: Retrieve the existing web application firewall settings
resource_id = '/subscriptions/{0}/resourceGroups/{1}/providers/Microsoft.Network/frontDoors/{2}/webApplicationFirewallConfiguration'.format(
    SUBSCRIPTION_ID,
    '<your resource group name>',
    '<your front door name>'
)

waf_settings = monitor_client.metric_definitions.list(resource_id)
Step 4: Check if the “Monitor Web Application Firewall setting” metric is enabled
waf_metric_name = 'Monitor Web Application Firewall setting'
is_enabled = False

for metric in waf_settings:
    if metric.name.localized_value == waf_metric_name:
        is_enabled = True
        break
Step 5: If the metric is not enabled, enable it
if not is_enabled:
    monitor_client.metric_baseline.create(
        resource_id,
        waf_metric_name,
        {
            'enabled': True
        }
    )
The above steps will enable the “Monitor Web Application Firewall setting” metric for your Azure front door using Python.