nicolgit
Read events from Azure Firewall Structured Logs
Structured Firewall Logs for Azure Firewall, allow customers to choose using Resource Specific Tables instead of existing AzureDiagnostic table.
this will simplify the code in event-hub-source.service.ts
https://learn.microsoft.com/en-us/azure/firewall/firewall-structured-logs
https://techcommunity.microsoft.com/t5/azure-network-security-blog/exploring-the-new-resource-specific-structured-logging-in-azure/ba-p/3620530
Implemented
- Network rule log
- NAT rule log
- Application rule log
- DNS proxy log
still to do:
- Threat Intelligence log
- IDPS log
- Internal FQDN resolve failure log
- Application rule aggregation log
- Network rule aggregation log
- NAT rule aggregation log
- Top flow log (preview)
- Flow trace (preview)
IDPS log implemented in 87b541b90d74df0981686ee7bcf121f02e69b5e0
Still to do:
- Threat Intelligence log
- Internal FQDN resolve failure log
- Application rule aggregation log
- Network rule aggregation log
- NAT rule aggregation log
- Top flow log (preview)
- Flow trace (preview)
Thread Intelligence log in e808b344d81897604174849687befea98236fde9
Still to do:
- Internal FQDN resolve failure log
- Application rule aggregation log
- Network rule aggregation log
- NAT rule aggregation log
- Top flow log (preview)
- Flow trace (preview)
Hey @nicolgit thanks for the great work on this handy tool! I wonder if the work in progress on this issue would explain why any browser I try to load my event hub freezes. I am using your public front (https://az-firewall-mon.duckiesfarm.com/) but I don't think that would be the cause.
Appreciate any insight.
Cheers.
@docouto can you open an issue on this specifing OS, browser version, number of events etc. ? thank you!