question

VishalGoyal-4290 avatar image
0 Votes"
VishalGoyal-4290 asked VishalGoyal-4290 commented

Insecure form data transmission detected

We have a Azure bot service running on our subscription and is integrated with App Insights. We have recently seen Smart Detection Alert "Insecure form data transmission detected".

We looked at the query it runs and it is checking for a POST call using a Non-HTTPS URL.
But we are unable to get any further details for this alert to check what happened during that time.

Is there a way to get more details on the events which led to this so that we can investigate ?

azure-monitor
· 4
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@VishalGoyal-4290 Thanks for reaching out. Can you please try to query your results by executing below query in your Application Insights resource Logs Blade . You might get the relevant details for investigation.

 requests
 | where timestamp > ago(7d)
 | where isnotempty(user_Id) and isnotempty(name) and isnotempty(url)
 | where name startswith 'POST'
 | where url !startswith 'https'
 | where name == 'POST /data'
 | summarize count() by url

0 Votes 0 ·

@SwathiDhanwada-MSFT : Thanks for your response. I ran the query and it says no results found. below query which is used by smart detection behind the scenes does give results. But as i said, this does not help with further investigation. Please check and advise.

let startTime = datetime(2021-05-06 00:00:00);
let endTime = datetime(2021-05-07 00:00:00);
requests
| where timestamp > startTime and timestamp < endTime
| where isnotempty(user_Id) and isnotempty(name) and isnotempty(url)
| where name startswith 'POST'
| where url !startswith 'https'
| make-series NumberOfRequests = count() on timestamp in range(startTime, endTime, 1h)
| mvexpand timestamp to typeof(datetime), NumberOfRequests to typeof(long)
| render barchart


0 Votes 0 ·

@VishalGoyal-4290 I recommend engaging our technical support team to investigate further. Please file a support case using these steps.


1 Vote 1 ·
Show more comments

0 Answers