🛡️ Azure Application Gateway WAF policy bot protection is not enabled🟢

Contextual name: 🛡️ Application Gateway WAF policy bot protection is not enabled🟢
ID: /ce/ca/azure/application-gateway/gateway-waf-bot-protection
Tags:
- 🟢 Policy with categories
- 🟢 Policy with type
- 🟢 Production policy
Policy Type: COMPLIANCE_POLICY
Policy Categories: SECURITY

Logic

🧠 prod.logic.yaml🟢
- 📗 Azure Application Gateway
- 🔌 Azure Application Gateway WAF Policy - object.extracts.yaml
- 🧪 test-data.json

Description

Description

This policy identifies Azure Application Gateways whose Web Application Firewall is not configured with a Bot Manager Rule Set. Enable bot protection on the Web Application Firewall to block or log requests from known malicious IP addresses identified through the Microsoft Threat Intelligence feed.

Rationale

Internet traffic from bots can scrape, scan, and search for application vulnerabilities. Enabling bot protection stops requests from known malicious IP addresses and enhances the overall security of your application by reducing exposure to automated attacks.

Impact

May require monitoring to identify false positives.

Audit

This policy flags an Azure Application Gateway as INCOMPLIANT if:

it has no WAF Policy configured, or

the WAF Policy has no managed rule set with the ruleSetType of Microsoft_BotManagerRuleSet, or

the Microsoft_BotManagerRuleSet has ruleGroupOverrides for the KnownBadBots ruleGroupName in Disabled state.

Default Value

Bot protection is disabled by default on Azure Application Gateways with Web Application Firewall.

... see more

Remediation

Open File

Remediation

From Azure Portal

Go to Application gateways.

Click the name of an application gateway.

Under Settings, click Web application firewall.

Under Associated web application firewall policy, click the policy name.

Under Settings, click Managed rules.

Click Assign.

Under Bot Management ruleset, click to display the drop-down menu.

Select a Microsoft_BotManagerRuleSet.

Click Save.

Click X to close the panel.

Repeat steps 1-10 for each application gateway and firewall policy requiring remediation.

From Azure CLI

For each firewall policy requiring remediation, run the following command to enable bot protection:
az network application-gateway waf-policy managed-rule rule-set add 
--resource-group {{resource-group}} 
--policy-name {{firewall-policy}} 
--type Microsoft_BotManagerRuleSet 
--version {{0.1|1.0|1.1}}

policy.yaml

Open File

Linked Framework Sections

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance
💼 CIS Azure v5.0.0 → 💼 7.15 Ensure bot protection is enabled in Azure Web Application Firewall policy on Azure Application Gateway (Automated)			1		no data
💼 Cloudaware Framework → 💼 Threat Protection			48		no data

Logic​

Description​

Description​

Rationale​

Impact​

Audit​

Default Value​

Remediation​

Remediation​

From Azure Portal​

From Azure CLI​

policy.yaml​

Linked Framework Sections​

Logic

Description

Description

Rationale

Impact

Audit

Default Value

Remediation

Remediation

From Azure Portal

From Azure CLI

policy.yaml

Linked Framework Sections