![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(156.8, 55.00000000000001%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EYS%3C/text%3E%3C/svg%3E)
Azure Firewall
An Azure network security service that is used to protect Azure Virtual Network resources.
741 questions
Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.
I understand that you would like to know more information about the IDPS Signature that was triggered.
The only information available with respect to a Rule signature is it's "Description" and "Group".
To investigate further on it, you must make use of the
- Source IP
- Destination IP &
- Destination Port
You should then check which source is the malicious actor and what destination VM and port is the malicious actor targeting.
If this is some application, you must verify it's behavior from the OS level.
This can be done by collecting a packet capture and see what application/service is initiating this malicious traffic.
Should you feel this is a legitimate traffic, then you can use the Bypass List feature of IDPS to allow only this traffic flow
Refer : https://learn.microsoft.com/en-us/azure/firewall/premium-features#idps-signature-rules
Kindly let us know if this helps or you need further assistance on this issue.
Thanks,
Kapil
Please don’t forget to close the thread by clicking "Accept the answer" wherever the information provided helps you, as this can be beneficial to other community members.