Update AzureFirewall.JSON

2023-12-29 16:49:31 +05:30 · 2023-12-29 16:49:31 +05:30 · a443d5d0c0
--- a/Connectors/AzureFirewall.JSON
+++ b/Connectors/AzureFirewall.JSON
@ -68,20 +68,6 @@
            "query": "AZFWDnsQuery\n | take 100"
        }
    ],
    "connectivityCriterias": [
        {
            "type": "IsConnectedQuery",
            "value": [
                "AzureDiagnostics | where ResourceType == \"AZUREFIREWALLS\"\n            | summarize LastLogReceived = max(TimeGenerated)\n            | project IsConnected = LastLogReceived > ago(7d)",
                "AZFWApplicationRule\n            | summarize LastLogReceived = max(TimeGenerated)\n            | project IsConnected = LastLogReceived > ago(7d)",
                "AZFWNetworkRule\n            | summarize LastLogReceived = max(TimeGenerated)\n            | project IsConnected = LastLogReceived > ago(7d)",
                "AZFWNatRule\n            | summarize LastLogReceived = max(TimeGenerated)\n            | project IsConnected = LastLogReceived > ago(7d)",
                "AZFWThreatIntel\n            | summarize LastLogReceived = max(TimeGenerated)\n            | project IsConnected = LastLogReceived > ago(7d)",
                "AZFWIdpsSignature\n            | summarize LastLogReceived = max(TimeGenerated)\n            | project IsConnected = LastLogReceived > ago(7d)",
                "AZFWDnsQuery\n            | summarize LastLogReceived = max(TimeGenerated)\n            | project IsConnected = LastLogReceived > ago(7d)"
            ]
        }
    ],
    "dataTypes": [
        {
            "name": "AzureDiagnostics (Azure Firewall)",
@ -112,6 +98,20 @@
            "lastDataReceivedQuery": "AZFWDnsQuery\n            | summarize Time = max(TimeGenerated)\n            | where isnotempty(Time)"
        }
    ],
    "connectivityCriterias": [
        {
            "type": "IsConnectedQuery",
            "value": [
                "AzureDiagnostics | where ResourceType == \"AZUREFIREWALLS\"\n            | summarize LastLogReceived = max(TimeGenerated)\n            | project IsConnected = LastLogReceived > ago(7d)",
                "AZFWApplicationRule\n            | summarize LastLogReceived = max(TimeGenerated)\n            | project IsConnected = LastLogReceived > ago(7d)",
                "AZFWNetworkRule\n            | summarize LastLogReceived = max(TimeGenerated)\n            | project IsConnected = LastLogReceived > ago(7d)",
                "AZFWNatRule\n            | summarize LastLogReceived = max(TimeGenerated)\n            | project IsConnected = LastLogReceived > ago(7d)",
                "AZFWThreatIntel\n            | summarize LastLogReceived = max(TimeGenerated)\n            | project IsConnected = LastLogReceived > ago(7d)",
                "AZFWIdpsSignature\n            | summarize LastLogReceived = max(TimeGenerated)\n            | project IsConnected = LastLogReceived > ago(7d)",
                "AZFWDnsQuery\n            | summarize LastLogReceived = max(TimeGenerated)\n            | project IsConnected = LastLogReceived > ago(7d)"
            ]
        }
    ],
    "availability": {
        "status": 1
    },
@ -145,11 +145,11 @@
        },
        {
            "title": "Legacy Azure Diagnostics",
-            "description": "Inside your Firewall resource:\n\n1.  Select **Diagnostic logs.**\n2.  Select **+ Add diagnostic setting.**\n3.  In the **Diagnostic setting** blade:\n    -   Type a **Name**.\n    -   Select **Send to Log Analytics**.\n    -   Choose the log destination workspace.\n    -   Select the categories that you want to analyze (recommended: AzureFirewallApplicationRule(LegacyAzureDiagnostics), AzureFirewallNetworkRule(LegacyAzureDiagnostics), AzureFirewallDNSProxy(LegacyAzureDiagnostics))\n    -   Choose the Log Destination Table: AzureDiagnostics\n   -   Click **Save**."
+            "description": "Inside your Firewall resource:\n\n1.  Select **Diagnostic logs.**\n2.  Select **+ Add diagnostic setting.**\n3.  In the **Diagnostic setting** blade:\n    -   Type a **Name**.\n    -   Select **Send to Log Analytics**.\n    -   Choose the log destination workspace.\n    -   Select the categories that you want to analyze (recommended: AzureFirewallApplicationRule(LegacyAzureDiagnostics), AzureFirewallNetworkRule(LegacyAzureDiagnostics), AzureFirewallDNSProxy(LegacyAzureDiagnostics))\n    -   Choose the Log Destination Table: AzureDiagnostics\n   -   Click **Save**."
        },
        {
            "title": "Resource Specific Logs",
-            "description": "Inside your Firewall resource:\n\n1.  Select **Diagnostic logs.**\n2.  Select **+ Add diagnostic setting.**\n3.  In the **Diagnostic setting** blade:\n    -   Type a **Name**.\n    -   Select **Send to Log Analytics**.\n    -   Choose the log destination workspace.\n    -   Select the categories that you want to analyze (recommended: AzureFirewallApplicationRule, AzureFirewallNetworkRule, AzureFirewallNATRule, AzureFirewallThreatIntelligence, AzureFirewallIDPSSignature, AzureFirewallDNSQuery)\n    -   Choose the Log Destination Table: ResourceSpecific\n   -   Click **Save**."
+            "description": "Inside your Firewall resource:\n\n1.  Select **Diagnostic logs.**\n2.  Select **+ Add diagnostic setting.**\n3.  In the **Diagnostic setting** blade:\n    -   Type a **Name**.\n    -   Select **Send to Log Analytics**.\n    -   Choose the log destination workspace.\n    -   Select the categories that you want to analyze (recommended: AzureFirewallApplicationRule, AzureFirewallNetworkRule, AzureFirewallNATRule, AzureFirewallThreatIntelligence, AzureFirewallIDPSSignature, AzureFirewallDNSQuery)\n    -   Choose the Log Destination Table: ResourceSpecific\n   -   Click **Save**."
        }
    ]
 }