Analytic Rules errors with Front Door Premium WAF - SQLi Detection and Front Door Premium WAF - XSS Detection

[cyb3n3tic]

Describe the bug
It appears that it is not possible to create analytics rules for either Front Door Premium WAF - SQLi Detection or Front Door Premium WAF - XSS Detection. (I assume these can be used with only Application Gateway?)

When defining the rule logic, the pre-populated rule query throws errors as indicated below.

The name 'details_msg_s' does not refer to any known column, table, variable or function.(KS142)
The name 'trackingReference_s' does not refer to any known column, table, variable or function.(KS142)
The name 'details_matches_s' does not refer to any known column, table, variable or function.(KS142)
The column 'trackingReference_s' must exist on both sides of the join.(KS145)

To Reproduce
Steps to reproduce the behavior:

1. Go to Configuration/Analytics
2. Select Rule Templates
3. Search for sqli or xss
4. Click on template
5. Click on Create Rule (Bottom right)
6. Click Next: Set rule logic
7. Rule query will display errors as above

Expected behavior
The rule query generated should be valid with no errors

Screenshots
Screenshots attached

Additional context
Running Application Gateway with WAF, FrontDoor not in use but assume this should work as Data sources listed are Application Gateways and appear valid in that respect, I have not found any application gateway WAF specific templates?

I have used some other templates such as App GW WAF - Path Traversal Attack without problem but not seeing App GW WAF - SQLi or XSS - I assume those templates lised for Front Door Premium should work, or is that not the case?

Appreciate some guidance.

[v-rusraut]

Hi @cyb3n3tic,
Thanks for flagging this issue, we will investigate this issue and get back to you with some updates by 24 May 2024. Thanks!

[cyb3n3tic]

Great, thank you @v-rusraut

[v-rusraut]

Hi @cyb3n3tic,
We are working on investigating the issue, we will update you.
Thanks

[v-sudkharat]

Hey @cyb3n3tic, Based on your provided issue description and screenshots, it looks the required columns does not get created, which defined into the Rule.
Just tried to repro the issue and found that in our workspace the required columns get created and due to that it not getting issue while creation of rule :

So, can you check the AzureDiagnostics table schema or share schema with us, to check those columns are get created or not. Thanks!

[cyb3n3tic]

Thanks @v-sudkharat - I will follow up on this shortly. Not sure why columns would be missing/not created though?
I will review and see what I can make of this.

[v-sudkharat]

@cyb3n3tic, Great. Please let us know once it done. Thanks!

[v-rusraut]

Hi @cyb3n3tic,
We are waiting for your response.
Thanks

[cyb3n3tic]

Sorry @v-rusraut , I am currently away so won't be able to follow up for another two weeks