Query Details
Devices
Query
// find Azure Firewalls AzureDiagnostics | where ResourceType == "AZUREFIREWALLS" //Windows Firewall WindowsFirewall | summarize count() by FirewallAction //Barracuda CGFWFirewallActivity //Barracuda WAF CommonSecurityLog | where DeviceVendor == "Barracuda" //CommonSecurityLog | where DeviceVendor == "Check Point" CommonSecurityLog | where DeviceVendor == "Cisco" | where DeviceProduct == "ASA"
Explanation
The query is searching for different types of firewalls in different data sources. It first looks for Azure Firewalls in AzureDiagnostics. Then, it counts the occurrences of different FirewallActions in WindowsFirewall. Next, it searches for Barracuda firewalls in CGFWFirewallActivity and Barracuda WAF in CommonSecurityLog. Finally, it looks for Check Point firewalls in CommonSecurityLog and Cisco firewalls with ASA product in CommonSecurityLog.
Details
Rod Trent
Released: March 26, 2020
Tables
AzureDiagnosticsWindowsFirewallCGFWFirewallActivityCommonSecurityLog
Keywords
AzureDiagnostics,ResourceType,AZUREFIREWALLS,WindowsFirewall,FirewallAction,CGFWFirewallActivity,CommonSecurityLog,DeviceVendor,Barracuda,CheckPoint,Cisco,DeviceProduct,ASA
Operators
| where==| summarizecount()by| where==| where==| where==| where==| where==,