Fellow Azure Buddies, As discussed with @KapilAnanth-MSFT in the comments, currently it is not possible to make an exception/filter in IDPS with both signature ID + traffic. If you stumble across this question, kindly provide your support by upvoting below feedbacks/threads for this feature to be implemented, thank you in advance. https://feedback.azure.com/d365community/idea/8f823272-04b5-ee11-92bc-0022484c4141 https://techcommunity.microsoft.com/t5/azure-network-security/granular-filtering-in-azure-idps/m-p/4031469#M158
Disabling/bypassing particular signature for a particular traffic in IDPS
Hello,
There is a false positive alert in the IDPS logs and I am looking to bypass that particular signature ID for that particular traffic (source, destination and port), but it seems like there is not a way to do this in IDPS currently.
I noticed there are two options now,
- Bypass list - which filters all IDPS signatures for that traffic OR
- Disabling that signature ID - which disables it for the entire firewall.
Both seems to be less secure.
Kindly suggest how to proceed on this.
Thanks in advance.
2 answers
Sort by: Most helpful
-
-
KapilAnanth-MSFT 48,741 Reputation points Microsoft Employee
2024-01-17T09:32:28.5166667+00:00 Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.
Since the Microsoft Q&A community has a policy that "The question author cannot accept their own answer. They can only accept answers by others", I'll repost your solution in case you'd like to "Accept" the answer.
I understand that you would like to look at the options for fine tuning IDPS Rules in Azure Firewall.
Currently, the only methods available are the ones you had specified. Creating Exceptions with the tuple - source, destination and port is not available.
I see you have created a feedback item for this,
Thanks for your continued contribution on Q&A and appreciate much for taking the time to share your feedback.
Thanks, Kapil
Please Accept an answer if correct. Original posters help the community find answers faster by identifying the correct answer.