Hello @Buyani Ngwenya ,
Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.
You can use Azure Firewall Workbook. Using Azure Firewall Workbook, you can gain insights into Azure Firewall events, learn about your application and network rules, and see statistics for firewall activities across URLs, ports, and addresses.
Azure Firewall Workbook provides:
- Application rule log statistics which shows unique sources of IP address over time, application rule count usage, denied/allowed FQDN over time, and filtered data. You can filter data based on IP address.
- Network rule log statistics which provides a view by rule action – allow/deny, target port by IP and DNAT over time. You can also filter by action, port, destination type and logs based on time window.
Before deploying Azure Firewall Workbook, you should enable diagnostic logging through the Azure portal.
Reference : https://learn.microsoft.com/en-us/azure/firewall/firewall-diagnostics#enable-diagnostic-logging-through-the-azure-portal
Then deploy Azure Firewall workbook following the below article:
https://github.com/Azure/Azure-Network-Security/tree/master/Azure%20Firewall/Workbook%20-%20Azure%20Firewall%20Monitor%20Workbook
And monitor logs using Azure Firewall workbook:
https://learn.microsoft.com/en-us/azure/firewall/firewall-workbook
You can use Azure Firewall Workbook to create rich visual reports within the Azure portal. You can also connect to your storage account and retrieve the JSON log entries for access and performance logs. After you download the JSON files, you can convert them to CSV and view them in Excel, Power BI, or any other data-visualization tool.
Kindly let us know if the above helps or you need further assistance on this issue.
----------------------------------------------------------------------------------------------------------------
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.