Query Details
App Gateway Visualize WAF Traffic
Query
//Visualize WAF rule actions such as allowed, blocked, detected and matched over time //Data connector required for this query - Azure Diagnostics (Application Gateways) AzureDiagnostics | where TimeGenerated > ago(30d) | where ResourceType == "APPLICATIONGATEWAYS" | summarize count()by action_s, bin(TimeGenerated, 1h) | where isnotempty(action_s) | render timechart with (ytitle="WAF Hit Count", title="Web application firewall traffic over time")
Explanation
This query visualizes the actions taken by WAF rules, such as allowing, blocking, detecting, and matching, over a specific time period. It uses the Azure Diagnostics data connector for Application Gateways. The query filters the data to the past 30 days and focuses on Application Gateways. It then summarizes the count of actions by hour and filters out any empty actions. Finally, it renders a time chart showing the count of WAF hits over time, with the y-axis labeled as "WAF Hit Count" and the title as "Web application firewall traffic over time."
Details
Matt Zorich
Released: June 17, 2022
Tables
AzureDiagnostics
Keywords
AzureDiagnostics,TimeGenerated,ResourceType,action_s,WAF,HitCount,Webapplicationfirewall,traffic,timechart
Operators
where>ago==summarizecount()bybinisnotemptyrender