We are unable to query if any rules changed in azure firewall Network rule using kql.
Please help us on this case.
Thanks for your support
Hi @DharshiniKa-0316 ,
Thanks for posting query in Microsoft Q&A Platform.
Rules which get saved after delete or create or update will only go in request body when we hit save button. Hence we always get live rules information from latest record of log analytics table
AzureActivity. So there is no direct way to get excatly deleted or updated rules info.
If we really want to get exactly what rules deleted or created or updated. Then we can consider having some config table in SQL or any other storage and load that table with info a live rules and then in periodic fashion from log analytics get the present live rules info and cross compare with data in that configuration table and take a call which rule created or which rule deleted.
Please note, below thread ask was almost similar to this. So could you please check below link to understand more. Thank you.
Hope this helps. Please let us know if any queries.
Please consider hitting
Accept Answer button. Accepted answers help community as well.
4 people are following this question.