Hello Experts,
We are currently reviewing the capabilities offered on Azure WAF, one of the ask is to have Account takeover prevention (ATP) to prevent attacker from gaining unauthorized access to a person's account. Something similar to what AWS currently has https://docs.aws.amazon.com/waf/latest/developerguide/waf-atp.html.
Some other key features that we are looking forward to our:
- Reputation based risk assessment
- Sequence based detection
- Livestream protection
- Model Tuning / Review Cycle
- Data sharing with us (as a company) to understand FP / FN rate
- Most important thing for us is parity with other cloud monitor logs. We HEAVILY rely on those logs for incidents and Bot fingerprinting. Basic Apache
logs will not cut it
- We need to log EVERYTHING including http/ssl versions, cookies, jwts, HTTP status codes, WAF triggers, referrers, and most importantly - the ability to
create custom log extractions (regex) from the POST payload (to log things like username and/or various POST parameters. We HEAVILY rely on this
feature for incidents.
- Essentially logging anything in the HTTP request headers should be mandatory, as well as the response headers, plus more.
If you can direct to my any useful documentations, that would be of a great help!
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(0, 76%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJD%3C/text%3E%3C/svg%3E)
