You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
description: Learn how to use Azure Application Gateway WAF insights dashboards to monitor, investigate, and report on web application firewall activity.
4
4
author: halkazwini
5
5
ms.author: halkazwini
@@ -8,7 +8,11 @@ ms.topic: concept-article
8
8
ms.date: 02/20/2026
9
9
---
10
10
11
-
# Azure Application Gateway Web Application Firewall (WAF) insights dashboards
> Application Gateway Web Application Firewall insights dashboard is currently in PREVIEW.
15
+
> See the [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
12
16
13
17
The WAF Insights dashboards for Azure Application Gateway provide a unified experience for monitoring, investigation, and reporting of WAF activity. They help security and operations teams detect attack patterns, validate WAF policy effectiveness, identify misconfigurations, and accelerate incident response through deep drill-down analysis. By combining high-level visibility with detailed request-level insights, the dashboards support both strategic monitoring and hands-on troubleshooting.
14
18
@@ -48,15 +52,12 @@ The WAF Insights experience is divided into two main tabs:
48
52
49
53
-**Triage** - Drill-down investigations of events.
50
54
51
-
52
55
Each tab offers a different perspective and is often used together: monitor overall health in the **Monitor tab**, then use the **Triage tab** to investigate anomalies.
53
56
54
-
55
57
### Monitor tab
56
58
57
59
The Monitor tab provides visibility and reporting through two main views – **WAF logs** and **WAF metrics**.
58
60
59
-
60
61
The **WAF logs** view gives a detailed request-level perspective sourced from the AzureDiagnostics table in LAW. It includes visualizations such as total WAF requests by rule group, WAF actions by type (for example, Blocked), top blocked URIs, top triggered rules, rules over time, and details of triggered rule events with timestamps, hosts, AppGW instances, and client IPs. Analysts can also correlate data by tracking ID, review top offending IPs, and inspect related requests to detect targeted attacks, validate rule effectiveness, and support audits or compliance reviews.
61
62
62
63
:::image type="content" source="../media/insights/insights-dashboard-monitor-tab.png" alt-text="Screenshot of the monitor tab of the WAF insights dashboard." lightbox="../media/insights/insights-dashboard-monitor-tab.png":::
@@ -89,7 +90,6 @@ In **Triage by URL**, investigation begins with a URL path. Analysts select the
89
90
|**Triage by rule**| Investigate by rule ID | Scope → Rule → Hosts → URLs → Requests | Identify noisy rules, analyze blocks, fine-tune rules |
90
91
|**Triage by URL**| Investigate by URL path | Scope → URL → Hosts → Rules → Requests | Investigate attacks on sensitive endpoints, validate rule effectiveness |
91
92
92
-
93
93
## Glossary
94
94
95
95
**Association**: The binding between a WAF policy and an Application Gateway listener or path.
0 commit comments