The script in this repository, aggregates the triggered rules from a directory of Azure WAF logs. It reports the total count of each triggered rule and the number of rules triggered by each client IP address.
python3 analyse-waf-logs /path/to/waf/logs
The following sample shows the type of output produced by running the script.
rule id, description, count
920320, Missing User Agent Header, 101
920300, Request Missing an Accept Header, 89
client ip, count
X.X.X.X, 1012
X.X.X.X, 320
az storage blob download-batch -s insights-logs-applicationgatewayfirewalllog -d . --pattern *.json