Queries for the AZFWThreatIntel table

For information on using these queries in the Azure portal, see Log Analytics tutorial. For the REST API, see Query.

Threat intelligence logs

Threat intelligence events recognized by the firewall.

AZFWThreatIntel
| take 100

All firewall decisions

All decision taken by firewall. Contains hits on network, application and NAT rules, as well as threat intelligence hits and IDPS signature hits.

AZFWNetworkRule
| union AZFWApplicationRule, AZFWNatRule, AZFWThreatIntel, AZFWIdpsSignature
| take 100