Created
July 13, 2024 16:51
-
-
Save timothywarner/9579912fe051e7b02a3b1e6f8f614069 to your computer and use it in GitHub Desktop.
Azure Firewall Sample Log
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [ | |
| { | |
| "time": "2024-07-13T12:45:00Z", | |
| "resourceId": "/subscriptions/12345678-1234-1234-1234-123456789abc/resourceGroups/myResourceGroup/providers/Microsoft.Network/azureFirewalls/myFirewall", | |
| "category": "AzureFirewallNetworkRule", | |
| "operationName": "AzureFirewallNetworkRuleLog", | |
| "properties": { | |
| "msg": "Deny", | |
| "protocol": "TCP", | |
| "sourceIP": "203.0.113.1", | |
| "destinationIP": "192.168.1.10", | |
| "sourcePort": "44321", | |
| "destinationPort": "3389", | |
| "action": "Deny", | |
| "ruleCollectionName": "RCNetRuleCollection", | |
| "ruleName": "DenyRDP", | |
| "direction": "Inbound", | |
| "priority": 100, | |
| "policy": "/subscriptions/12345678-1234-1234-1234-123456789abc/resourceGroups/myResourceGroup/providers/Microsoft.Network/firewallPolicies/myFirewallPolicy" | |
| } | |
| }, | |
| { | |
| "time": "2024-07-13T12:50:00Z", | |
| "resourceId": "/subscriptions/12345678-1234-1234-1234-123456789abc/resourceGroups/myResourceGroup/providers/Microsoft.Network/azureFirewalls/myFirewall", | |
| "category": "AzureFirewallApplicationRule", | |
| "operationName": "AzureFirewallApplicationRuleLog", | |
| "properties": { | |
| "msg": "Allow", | |
| "protocol": "HTTP", | |
| "sourceIP": "198.51.100.2", | |
| "destinationIP": "10.0.0.5", | |
| "sourcePort": "51123", | |
| "destinationPort": "80", | |
| "action": "Allow", | |
| "ruleCollectionName": "RCAppRuleCollection", | |
| "ruleName": "AllowWebTraffic", | |
| "direction": "Outbound", | |
| "priority": 200, | |
| "policy": "/subscriptions/12345678-1234-1234-1234-123456789abc/resourceGroups/myResourceGroup/providers/Microsoft.Network/firewallPolicies/myFirewallPolicy" | |
| } | |
| }, | |
| { | |
| "time": "2024-07-13T13:00:00Z", | |
| "resourceId": "/subscriptions/12345678-1234-1234-1234-123456789abc/resourceGroups/myResourceGroup/providers/Microsoft.Network/azureFirewalls/myFirewall", | |
| "category": "AzureFirewallThreatIntel", | |
| "operationName": "AzureFirewallThreatIntelLog", | |
| "properties": { | |
| "msg": "Alert", | |
| "threatType": "Malware", | |
| "sourceIP": "203.0.113.3", | |
| "destinationIP": "10.0.0.7", | |
| "sourcePort": "51333", | |
| "destinationPort": "80", | |
| "action": "Alert", | |
| "threatDescription": "Known malware site accessed", | |
| "policy": "/subscriptions/12345678-1234-1234-1234-123456789abc/resourceGroups/myResourceGroup/providers/Microsoft.Network/firewallPolicies/myFirewallPolicy" | |
| } | |
| }, | |
| { | |
| "time": "2024-07-13T13:10:00Z", | |
| "resourceId": "/subscriptions/12345678-1234-1234-1234-123456789abc/resourceGroups/myResourceGroup/providers/Microsoft.Network/azureFirewalls/myFirewall", | |
| "category": "AzureFirewallNetworkRule", | |
| "operationName": "AzureFirewallNetworkRuleLog", | |
| "properties": { | |
| "msg": "Allow", | |
| "protocol": "UDP", | |
| "sourceIP": "192.0.2.1", | |
| "destinationIP": "10.0.0.8", | |
| "sourcePort": "60000", | |
| "destinationPort": "53", | |
| "action": "Allow", | |
| "ruleCollectionName": "RCNetRuleCollection", | |
| "ruleName": "AllowDNS", | |
| "direction": "Outbound", | |
| "priority": 300, | |
| "policy": "/subscriptions/12345678-1234-1234-1234-123456789abc/resourceGroups/myResourceGroup/providers/Microsoft.Network/firewallPolicies/myFirewallPolicy" | |
| } | |
| }, | |
| { | |
| "time": "2024-07-13T13:15:00Z", | |
| "resourceId": "/subscriptions/12345678-1234-1234-1234-123456789abc/resourceGroups/myResourceGroup/providers/Microsoft.Network/azureFirewalls/myFirewall", | |
| "category": "AzureFirewallThreatIntel", | |
| "operationName": "AzureFirewallThreatIntelLog", | |
| "properties": { | |
| "msg": "Alert", | |
| "threatType": "BruteForce", | |
| "sourceIP": "198.51.100.4", | |
| "destinationIP": "192.168.1.10", | |
| "sourcePort": "49999", | |
| "destinationPort": "22", | |
| "action": "Alert", | |
| "threatDescription": "Brute force attack detected on SSH port", | |
| "policy": "/subscriptions/12345678-1234-1234-1234-123456789abc/resourceGroups/myResourceGroup/providers/Microsoft.Network/firewallPolicies/myFirewallPolicy" | |
| } | |
| }, | |
| { | |
| "time": "2024-07-13T13:20:00Z", | |
| "resourceId": "/subscriptions/12345678-1234-1234-1234-123456789abc/resourceGroups/myResourceGroup/providers/Microsoft.Network/azureFirewalls/myFirewall", | |
| "category": "AzureFirewallApplicationRule", | |
| "operationName": "AzureFirewallApplicationRuleLog", | |
| "properties": { | |
| "msg": "Deny", | |
| "protocol": "HTTPS", | |
| "sourceIP": "192.0.2.5", | |
| "destinationIP": "10.0.0.9", | |
| "sourcePort": "52345", | |
| "destinationPort": "443", | |
| "action": "Deny", | |
| "ruleCollectionName": "RCAppRuleCollection", | |
| "ruleName": "DenySuspiciousHTTPS", | |
| "direction": "Outbound", | |
| "priority": 150, | |
| "policy": "/subscriptions/12345678-1234-1234-1234-123456789abc/resourceGroups/myResourceGroup/providers/Microsoft.Network/firewallPolicies/myFirewallPolicy" | |
| } | |
| }, | |
| { | |
| "time": "2024-07-13T13:25:00Z", | |
| "resourceId": "/subscriptions/12345678-1234-1234-1234-123456789abc/resourceGroups/myRe |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment