WAF Challenges¶
Test your Azure WAF investigation skills! Each challenge requires you to generate specific attack traffic, analyze WAF logs, and find the answer.
Before You Begin¶
Prerequisites¶
- Lab infrastructure deployed (Setup Guide)
- WAF in Detection or Prevention mode
- Log Analytics workspace receiving WAF logs
Tools You'll Use¶
| Tool | Purpose |
|---|---|
| WAF Insights | Visual dashboard in Azure Portal |
| Log Analytics | KQL queries against WAF logs |
| WAF Triage Workbook | Visual triage (if deployed in Lab 03B) |
Challenges¶
| # | Challenge | Difficulty | Skills |
|---|---|---|---|
| 1 | Identify the Attacker |  Easy | KQL, IP analysis |
| 2 | Name the Rule | Easy | Rule ID lookup |
| 3 | The Secret Path |  Medium | URI analysis |
| 4 | Bot Detective | Medium | User-Agent analysis |
| 5 | The Poisoned Parameter |  Hard | Parameter extraction |
| 6 | Count the Scanners | Hard | Aggregation, dedup |
Tips¶
General Approach
- Run the challenge traffic script for the specific challenge
- Wait 10-15 minutes for logs to appear
- Use KQL queries in Log Analytics to investigate
- Submit your answer on the challenge page
Running Individual Challenges
Script: challenge-traffic.ps1