Describe the bug
Block-IPAzureWAF v2 Sentinel Playbook
The AttackerIP variable contains a malformed IP address, causing the Update WAF Policy block to fail due to a BadRequest on the WAF policy.
Reproduce
Steps to reproduce the behavior:
- Deploy the Block-IPAzureWAF playbook with Azure Front Door Resource Id
- Open an alert and run the playbook
- See BadRequest error in "Update WAF Policy"
Expected behavior
The AttackerIP variable contains a valid IP address when passed to the request to update the WAF policy.
Environment- if applicable
Logs- if applicable
Real IP address replaced with mock address.
"matchConditions": [
{
"matchValue": [
"null123.123.123.123"
],
...
{
"error": {
"code": "BadRequest",
"message": "WebApplicationFirewallPolicy validation failed. More information \"Value null123.123.123.123 is not a valid IP Address in rule SentinelBlockIP\"."
}
}
Additional context
We worked around this issue by editing the playbook and changing the initial value of the AttackerIP variable from "null" to "".
Describe the bug
Block-IPAzureWAF v2 Sentinel Playbook
The AttackerIP variable contains a malformed IP address, causing the Update WAF Policy block to fail due to a BadRequest on the WAF policy.
Reproduce
Steps to reproduce the behavior:
Expected behavior
The AttackerIP variable contains a valid IP address when passed to the request to update the WAF policy.
Environment- if applicable
Logs- if applicable
Real IP address replaced with mock address.
...
Additional context
We worked around this issue by editing the playbook and changing the initial value of the AttackerIP variable from "null" to "".