Microsoft Azure Front Door Integration Guide

The following instructions are for configuring an integration of Azure Front Door to facilitate ingestion into Secureworks® Taegis™ XDR from Azure Event Hubs.

Configure Azure Monitor Diagnostic Settings

Follow the Microsoft instructions to enable Azure Monitor diagnostic settings: How to configure Azure Front Door logs.

XDR supports the following diagnostic categories for data normalization:

Optimized Log Categories

• FrontDoorAccessLog
• FrontDoorWebApplicationFirewallLog

Note

All other logs will normalize to the Generic schema. A custom parser may be needed to enable normalization of other data sources beyond the Generic schema. It is not recommended to forward metric data to XDR as it will be treated as all other log data and not metrics.

Forward to Event Hub and Enable Integration with XDR

1. Once the desired log categories are selected, choose to Stream to an event hub and enter the desired event hub destination.
2. Follow the integration instructions for an event hub to complete the integration with XDR and to begin data ingestion.

Data Provided from Integration

Normalized data from Azure Front Door will be available in the following schemas.

Azure WAF on Azure Front Door

	Normalized Data	Out-of-the-Box Detections	Vendor-Specific Detections
MS Azure WAF on Front Door		HTTP

Note

XDR detectors are not guaranteed to be triggered, even if a data source's logs are normalized to a schema associated with a given detector. However, you can create Custom Alert Rules to generate alerts based on normalized data from a data source.