nicolgit/azure-firewall-mon

Read events from Azure Firewall Structured Logs

nicolgit opened this issue 2 years ago · 4 comments

nicolgit commented 2 years ago

Structured Firewall Logs for Azure Firewall, allow customers to choose using Resource Specific Tables instead of existing AzureDiagnostic table.

this will simplify the code in event-hub-source.service.ts

https://learn.microsoft.com/en-us/azure/firewall/firewall-structured-logs

https://techcommunity.microsoft.com/t5/azure-network-security-blog/exploring-the-new-resource-specific-structured-logging-in-azure/ba-p/3620530

meizenga commented 2 years ago

Adding support for Structured Firewall Logs would be really nice

nicolgit commented a year ago

Implemented

Network rule log
NAT rule log
Application rule log
DNS proxy log

still to do:

Threat Intelligence log
IDPS log
Internal FQDN resolve failure log
Application rule aggregation log
Network rule aggregation log
NAT rule aggregation log
Top flow log (preview)
Flow trace (preview)

nicolgit commented a year ago

IDPS log implemented in 87b541b

Still to do:

Threat Intelligence log
Internal FQDN resolve failure log
Application rule aggregation log
Network rule aggregation log
NAT rule aggregation log
Top flow log (preview)
Flow trace (preview)

nicolgit commented a year ago

Thread Intelligence log in e808b34

Still to do:

Internal FQDN resolve failure log
Application rule aggregation log
Network rule aggregation log
NAT rule aggregation log
Top flow log (preview)
Flow trace (preview)