Add more operations and more efficient parsing in IPEntity_AzureFirewall.yaml

[ep3p]

I have added more operations to compare, and I think clients should select which events they want this rule to trigger. Azure Firewall might add more operations in the long run. The clients can uncomment a specific line to exclude certain operations.

Please, could you check this query against a big dataset?

Change(s):

• Changed the parsing of msg_s
• Filter by Category, not by OperationName.

Reason for Change(s):

• Azure Monitor has some queries for Azure Firewall events, with a more efficient parsing (I think).
• With new capabilities, more operations might be added in Azure Firewall and we might want check those events, we don't want to limit ourselves.

Version Updated:

• Yes

Testing Completed:

• Yes

Checked that the validations are passing and have addressed any issues that are present:

• Yes

[v-spadarthi]

@aprakash13 : Please review the detections.

[v-spadarthi]

@aprakash13 : Please review the detections.

[v-spadarthi]

@aprakash13 : Please review the detections.

[v-spadarthi]

@aprakash13 : Please review the detections.

[shainw]

@aprakash13 - We will not want to take these changes without chatting with our TI folks. Please discuss the changes with them.

[v-spadarthi]

@shainw /@aprakash13 : Could you please review the detections and provide your signoff. Thanks!!

[shainw]

@shainw /@aprakash13 : Could you please review the detections and provide your signoff. Thanks!!

@v-spadarthi - We will talk with our internal TI feature PMs on this one as stated above your request for review.

[v-spadarthi]

@shainw /@aprakash13 :Could you please update the status if any ?

[v-marimanda]

@shainw /@aprakash13 :Could you please update the status if any ?

[ep3p]

Maybe you will prefer to add a new version that uses AZFW tables.

[v-spadarthi]

@shainw /@aprakash13 :Could you please update the status if any ?

[v-marimanda]

@shainw /@aprakash13 :Could you please update the status if any ?

[v-marimanda]

@shainw /@aprakash13 :Could you please update the status if any ?

[v-marimanda]

@shainw /@aprakash13 :Could you please update the status if any ?

[v-marimanda]

@aprakash13 can you please take look and provide your update. thanks!!!

[v-mchatla]

Hi @shainw, It would be great if you could spare sometime on this and provide your update. Thanks

[v-mchatla]

@aprakash13 - We will not want to take these changes without chatting with our TI folks. Please discuss the changes with them.

Hi @shainw Can you please provide update on this. Thanks

[v-mchatla]

Hi @shainw Can you please provide update on this. Thanks

[v-mchatla]

@aprakash13 - We will not want to take these changes without chatting with our TI folks. Please discuss the changes with them.

Hi @shainw, This PR is pending from long back. It would be great if you can provide some update on this. Thanks

[v-mchatla]

@aprakash13 - We will not want to take these changes without chatting with our TI folks. Please discuss the changes with them.

Hi @shainw, This PR is pending from long back. It would be great if you can provide some update on this. Thanks

Hi @shainw, Requesting you to provide update on this as its pending from long back. Thanks

[v-mchatla]

Hi @shainw, Can you please review or assign it to someone who can help on this. Thanks

[v-mchatla]

Hi @shainw - Can you please review the PR and provide your signoff. Thanks

[v-mchatla]

Hi @aprakash13, Can you please get confirmation on this and provide update. Thanks

[v-mchatla]

Hi @aprakash13, Can you please provide update on this. Thanks

[v-mchatla]

Hi @aprakash13, Can you please provide update on this as it is pending from long back. Thanks