Recently we had an interesting use case from our customer for which Turbo360 mapped a perfect solution. We resolved the issue with the new Log Analytics and Application Insights capabilities from Turbo360. This blog will help you better understand the feature set with a real-time use case.
Support to Security Manager
The customer was developing an API and Web Application running on Azure Platform as a Service and Serverless technologies. They were also using Azure Frontdoor and Web Application Firewall to protect the entry to the application estate.
From a governance perspective, the customer’s security manager needs to have visibility of how the application is performing and to be able to see if there are any issues.
The architecture for the application looks like the one below,
We wanted to create an easy way for the security manager and support team to visualize how the WAF rules were helping their application in a simple and easy-to-use manner.
Turbo360 in action
The perfect solution was Business Application in Turbo360. We added some resources to a business app and then added some queries and dashboards to let the team see how things were going.
Dashboard
The first thing we did was to add a dashboard with some common queries that provide an overview of how things are going, almost like a single-pane view of the security of the application Frontdoor.
In this case, the Turbo360 dashboard could combine log queries against Log Analytics with queries against metrics of resources that constitute the application.
Below you can see an example from a dashboard where we added widgets for some common overview queries.
We were able to add multiple dashboards giving views into different aspects of the application and how WAF was protecting it.
Queries
We were also able to save some queries to let the security manager have an easy way to modify a parameter and then investigate some of the data without significant Azure training or experience.
Frontdoor
In the business application, we can add the Log Analytics resource. A library of queries is available to help find some of the things you might be interested in, as shown below.
Below is an example of a query that shows which callers are accessing my Frontdoor.
Web Application Firewall
Users can also use queries against the WAF log data. Below is an example showing some of the recent events that triggered a WAF rule.
To see which rules are firing the most, we can also summarize how many events have been logged for the different rule types.
Summary
There are many valuable ways to provide queries in the Business Application to your security or operator user. Turbo360 aims to provide a simple and easy-to-use way to let these users play their role in supporting your application without needing to be an expert in using the underlying Azure technologies.
For this customer, their security manager can check on critical things they care about independently without needing to rely on help from the development team. Turbo360 helps provide transparency and democratization of the support of your application.
