question

DharshiniKa-FT avatar image
0 Votes"
DharshiniKa-FT asked ShaikMaheer-MSFT answered

Kql query for any firewall network rule changes in azure

Hi Team,


We are unable to query if any rules changed in azure firewall Network rule using kql.
Please help us on this case.

Thanks for your support

azure-firewallfasttrack-azure-startup
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

ShaikMaheer-MSFT avatar image
0 Votes"
ShaikMaheer-MSFT answered

Hi @DharshiniKa-0316 ,

Thanks for posting query in Microsoft Q&A Platform.

Rules which get saved after delete or create or update will only go in request body when we hit save button. Hence we always get live rules information from latest record of log analytics table AzureActivity. So there is no direct way to get excatly deleted or updated rules info.

If we really want to get exactly what rules deleted or created or updated. Then we can consider having some config table in SQL or any other storage and load that table with info a live rules and then in periodic fashion from log analytics get the present live rules info and cross compare with data in that configuration table and take a call which rule created or which rule deleted.

Please note, below thread ask was almost similar to this. So could you please check below link to understand more. Thank you.
https://docs.microsoft.com/en-us/answers/questions/847427/index.html

Hope this helps. Please let us know if any queries.


Please consider hitting Accept Answer button. Accepted answers help community as well.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.