Azure Firewall / IDS / IPS

I have a high-level requirement - capture payloads associated with suspicious activity.

As Azure Firewall does not do IDS or IPS, without deploying another security appliance, is there a way in which I can meet this requirement? I see that Network Watcher can capture all traffic - and so would meet the requirement (will also include suspicious) - but this is only for VMs?

I think the answer is an IDS/IPS appliance but want to know whether there are any services e.g. Security Centre / Sentinel that I could use instead.

Any advice would be appreciated

submitted by /u/a8ree
[link] [comments]

Read more here: https://www.reddit.com/r/AZURE/comments/lqjkmv/azure_firewall_ids_ips/

Content Attribution

This content was originally published by /u/a8ree at Microsoft Azure, and is syndicated here via their RSS feed. You can read the original post over there.

%d bloggers like this: