Hi Handian Sudianto,
Welcome to the Microsoft Q&A Platform! Thank you for asking your question here.
NOTE: Monitor Azure Firewall using Structured Logs, which use a predefined schema to structure log data for easy searching, filtering, and analysis. These logs include information such as source and destination IP addresses, protocols, port numbers, and firewall actions. Prioritize setting up Structured Logs as your main log type using Resource Specific Tables instead of the existing Azure Diagnostics table.
Refer: https://learn.microsoft.com/en-us/azure/firewall/firewall-structured-logs
Date 04-09-2023 Update: we got the response back from the team stating that
Default deny will not be captured in policy analytics and this is an expected behavior.
"Policy analytics is developed based on the rules configured and if there is no rule match and if a packet is denied by default, it will not be shown".
- You can submit a feature request with your business requirements, which the product team will address based on your bandwidth.
- Create a feedback item for this request on the feedback forum.
https://feedback.azure.com/d365community
So that the Product team can prioritize your request.
Please "Accept the answer" if the information helped you. This will help us and others in the community as well. Regards,
Ganesh Patapati