Azure Front Door Update WAF Policy fails with BadRequest due to malformed AttackerIP (Block-IPAzureWAF v2)

[dmaassen]

Describe the bug
Block-IPAzureWAF v2 Sentinel Playbook

The AttackerIP variable contains a malformed IP address, causing the Update WAF Policy block to fail due to a BadRequest on the WAF policy.

Reproduce
Steps to reproduce the behavior:

1. Deploy the Block-IPAzureWAF playbook with Azure Front Door Resource Id
2. Open an alert and run the playbook
3. See BadRequest error in "Update WAF Policy"

Expected behavior
The AttackerIP variable contains a valid IP address when passed to the request to update the WAF policy.

Environment- if applicable

• Azure Front Door WAF

Logs- if applicable
Real IP address replaced with mock address.

    "matchConditions": [
      {
        "matchValue": [
          "null123.123.123.123"
        ],

...

{
  "error": {
    "code": "BadRequest",
    "message": "WebApplicationFirewallPolicy validation failed. More information \"Value null123.123.123.123 is not a valid IP Address in rule SentinelBlockIP\"."
  }
}

Additional context
We worked around this issue by editing the playbook and changing the initial value of the AttackerIP variable from "null" to "".

[github-actions]

Message that will be displayed on users' first issue