Hello @Yang, Steven ,
I discussed the above queries with the Azure Firewall Product Group team, and below are the responses:
Out of all the IDPS signatures, is there a way for us to tell which one requires SSL decryption to be enabled? Meaning the signature won't be able to properly inspect the traffic if it is encrypted.
Majority of the signatures requires TLSi to take effect, the signatures that are applicable for encrypted traffic relate to L3 and L4 protocols, they are basically related to the connection establishment part until the encrypted tunnel is constructed.
I noticed that some signature rules would get deleted. Last week the signature rule count was 62K something, this week the count dropped to 61K something. How does that work and how can I get notified about it?
Signatures rules that are not seen in use for long period (years) are being cleaned out.
Kindly let me know if you've any follow-up questions.