Kusto queries FW

From UVOO Tech Wiki
Revision as of 19:59, 3 May 2024 by Busk (talk | contribs)
Jump to navigation Jump to search 
AzureDiagnostics
| where Category == "AzureFirewallNetworkRule"
| where OperationName == "AzureFirewallNetworkRuleLog"
| where msg_s contains "TCP"
| where msg_s contains "10.x.x.x" and msg_s contains "Deny"
| project msg_s

AzureDiagnostics
| where msg_s contains "10.x.x.x"
| project msg_s

AzureDiagnostics
| where ResourceType == "AZUREFIREWALLS" and action_s == "Deny" and src_ip_s == "source_ip" and dest_ip_s == "destination_ip"
Retrieved from "https://tech.uvoo.io/index.php?title=Kusto_queries_FW&oldid=5234"