Azure CDN WAF Policy
Introduction
Azure Content Delivery Network (CDN) Web Application Firewall (WAF) policies offer centralized protection against common web threats and vulnerabilities, such as SQL injection, cross-site scripting (XSS), and other OWASP Top 10 risks. Monitoring CDN WAF is essential to ensure the ongoing health, performance, and effectiveness of these security policies across all configured CDN endpoints.
Getting Started
Compatibility
The Azure CDN WAF Policy O11ySource supports Azure CDN WAF Policy Services within standard lifecycle support.
Data Collection Method
vuSmartMaps collects Azure CDN WAF Policy metrics through a data collector deployed within the vuSmartMaps platform, which uses azure_monitor to retrieve performance and health metrics.
Prerequisites
Dependent Configuration
To configure this O11ySource, create a 'credential' of type 'azure' under the 'Definition' tab.
Inputs for Configuring Data Source
- Policy Name: Enter the Policy Name of Azure CDN WAF
- Resource ID: A unique identifier for the Azure resource.
- Credential: Client ID, Client Secret, Subscription ID and Tenant ID associated to the credential.
- Period (in seconds): Time interval for polling data from the Azure App Gateway. Period should be between 60 seconds – 3000 seconds.
Applications
Firewall Requirement
To collect data from this O11ySource, ensure the following ports are opened:
| Source IP | Destination IP | Destination Port | Protocol | Direction |
|---|---|---|---|---|
| vuSmartMaps Collection/Ingress node IP | Service URL | 443* | TCP | Outbound |
*Before providing the firewall requirements, please update the port based on the customer environment.
Configuring the Target
Health and performance metrics of Azure CDN WAF Policy are collected through Azure Monitor service. Thus, Azure Monitor must be enabled in your Azure account. Azure CDN WAF Services should have available instances for which monitoring is enabled.
An IAM role or user with the following permissions to access Azure Key Vault metrics through Azure Monitor:
- Grant the Azure AD application, for which you've obtained the Client ID and Client Secret, the "Reader" role or a custom role specifically assigned with the Microsoft.Insights/metrics/read permission.
Configuration Steps
Metrics Collected
| Name | Description | Data Type |
|---|---|---|
| @timestamp | Original timestamp of the agent in string format | String |
| timestamp | Precise timestamp of the agent with milliseconds | DateTime64(3) |
| resource_group | Resource group in Azure | String |
| subscription_id | Azure subscription identifier | String |
| resource_name | Name of the Azure resource | String |
| name | Metric name of the Azure resource(e.g., capacity, requests etc.) | String |
| minimum | Minimum value of the metric over the period | UInt64 |
| maximum | Maximum value of the metric over the period | UInt64 |
| total | Total value of the metric over the period | UInt64 |
| average | Average value of the metric over the period | Float64 |
| namespace | logical container that organizes and manages related resources | String |
| count | Indicate the number of occurrences or events of a specific type within a given time frame. | UInt64 |
| target | Refers to the specific Azure CDN WAF instance being monitored, accessed, or targeted for operations such as key retrieval, secret access, policy updates, or metric collection. | String |
| resource_region | Specifies the Azure geographic location where the CDN WAF resource is deployed and hosted. | String |
