Update AzureFirewall.JSON
This commit is contained in:
PrasadBoke
Родитель
c1340a94eb
Коммит
a443d5d0c0
|
|
@ -68,20 +68,6 @@
|
|||
"query": "AZFWDnsQuery\n | take 100"
|
||||
}
|
||||
],
|
||||
"connectivityCriterias": [
|
||||
{
|
||||
"type": "IsConnectedQuery",
|
||||
"value": [
|
||||
"AzureDiagnostics | where ResourceType == \"AZUREFIREWALLS\"\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(7d)",
|
||||
"AZFWApplicationRule\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(7d)",
|
||||
"AZFWNetworkRule\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(7d)",
|
||||
"AZFWNatRule\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(7d)",
|
||||
"AZFWThreatIntel\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(7d)",
|
||||
"AZFWIdpsSignature\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(7d)",
|
||||
"AZFWDnsQuery\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(7d)"
|
||||
]
|
||||
}
|
||||
],
|
||||
"dataTypes": [
|
||||
{
|
||||
"name": "AzureDiagnostics (Azure Firewall)",
|
||||
|
|
@ -112,6 +98,20 @@
|
|||
"lastDataReceivedQuery": "AZFWDnsQuery\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)"
|
||||
}
|
||||
],
|
||||
"connectivityCriterias": [
|
||||
{
|
||||
"type": "IsConnectedQuery",
|
||||
"value": [
|
||||
"AzureDiagnostics | where ResourceType == \"AZUREFIREWALLS\"\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(7d)",
|
||||
"AZFWApplicationRule\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(7d)",
|
||||
"AZFWNetworkRule\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(7d)",
|
||||
"AZFWNatRule\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(7d)",
|
||||
"AZFWThreatIntel\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(7d)",
|
||||
"AZFWIdpsSignature\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(7d)",
|
||||
"AZFWDnsQuery\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(7d)"
|
||||
]
|
||||
}
|
||||
],
|
||||
"availability": {
|
||||
"status": 1
|
||||
},
|
||||
|
|
@ -145,11 +145,11 @@
|
|||
},
|
||||
{
|
||||
"title": "Legacy Azure Diagnostics",
|
||||
"description": "Inside your Firewall resource:\n\n1. Select **Diagnostic logs.**\n2. Select **+ Add diagnostic setting.**\n3. In the **Diagnostic setting** blade:\n - Type a **Name**.\n - Select **Send to Log Analytics**.\n - Choose the log destination workspace.\n - Select the categories that you want to analyze (recommended: AzureFirewallApplicationRule(LegacyAzureDiagnostics), AzureFirewallNetworkRule(LegacyAzureDiagnostics), AzureFirewallDNSProxy(LegacyAzureDiagnostics))\n - Choose the Log Destination Table: AzureDiagnostics\n - Click **Save**."
|
||||
"description": "Inside your Firewall resource:\n\n1. Select **Diagnostic logs.**\n2. Select **+ Add diagnostic setting.**\n3. In the **Diagnostic setting** blade:\n - Type a **Name**.\n - Select **Send to Log Analytics**.\n - Choose the log destination workspace.\n - Select the categories that you want to analyze (recommended: AzureFirewallApplicationRule(LegacyAzureDiagnostics), AzureFirewallNetworkRule(LegacyAzureDiagnostics), AzureFirewallDNSProxy(LegacyAzureDiagnostics))\n - Choose the Log Destination Table: AzureDiagnostics\n - Click **Save**."
|
||||
},
|
||||
{
|
||||
"title": "Resource Specific Logs",
|
||||
"description": "Inside your Firewall resource:\n\n1. Select **Diagnostic logs.**\n2. Select **+ Add diagnostic setting.**\n3. In the **Diagnostic setting** blade:\n - Type a **Name**.\n - Select **Send to Log Analytics**.\n - Choose the log destination workspace.\n - Select the categories that you want to analyze (recommended: AzureFirewallApplicationRule, AzureFirewallNetworkRule, AzureFirewallNATRule, AzureFirewallThreatIntelligence, AzureFirewallIDPSSignature, AzureFirewallDNSQuery)\n - Choose the Log Destination Table: ResourceSpecific\n - Click **Save**."
|
||||
"description": "Inside your Firewall resource:\n\n1. Select **Diagnostic logs.**\n2. Select **+ Add diagnostic setting.**\n3. In the **Diagnostic setting** blade:\n - Type a **Name**.\n - Select **Send to Log Analytics**.\n - Choose the log destination workspace.\n - Select the categories that you want to analyze (recommended: AzureFirewallApplicationRule, AzureFirewallNetworkRule, AzureFirewallNATRule, AzureFirewallThreatIntelligence, AzureFirewallIDPSSignature, AzureFirewallDNSQuery)\n - Choose the Log Destination Table: ResourceSpecific\n - Click **Save**."
|
||||
}
|
||||
]
|
||||
}
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче