az network firewall policy intrusion-detection
Note
This reference is part of the azure-firewall extension for the Azure CLI (version 2.55.0 or higher). The extension will automatically install the first time you run an az network firewall policy intrusion-detection command. Learn more about extensions.
Manage intrusion signature rules and bypass rules.
Commands
| Name | Description | Type | Status |
|---|---|---|---|
| az network firewall policy intrusion-detection add |
Update an Azure firewall policy. |
Extension | GA |
| az network firewall policy intrusion-detection list |
List all intrusion detection configuration. |
Extension | Preview |
| az network firewall policy intrusion-detection remove |
Update an Azure firewall policy. |
Extension | GA |
az network firewall policy intrusion-detection add
Update an Azure firewall policy.
az network firewall policy intrusion-detection add [--add]
[--auto-learn-private-ranges {Disabled, Enabled}]
[--cert-name]
[--configuration]
[--dns-servers]
[--enable-dns-proxy {0, 1, f, false, n, no, t, true, y, yes}]
[--explicit-proxy]
[--force-string {0, 1, f, false, n, no, t, true, y, yes}]
[--fqdns]
[--identity-type {None, SystemAssigned, SystemAssigned, UserAssigned, UserAssigned}]
[--idps-mode {Alert, Deny, Off}]
[--ids]
[--ip-addresses]
[--key-vault-secret-id]
[--mode {Alert, Deny, Off}]
[--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
[--policy-name]
[--private-ranges]
[--remove]
[--resource-group]
[--rule-description]
[--rule-dest-addresses]
[--rule-dest-ip-groups]
[--rule-dest-ports]
[--rule-name]
[--rule-protocol {Any, ICMP, TCP, UDP}]
[--rule-src-addresses]
[--rule-src-ip-groups]
[--set]
[--signature-id]
[--sku {Basic, Premium, Standard}]
[--sql {0, 1, f, false, n, no, t, true, y, yes}]
[--subscription]
[--tags]
[--threat-intel-mode {Alert, Deny, Off}]Optional Parameters
Add an object to a list of objects by specifying a path and key value pairs. Example: --add property.listProperty <key=value, string or JSON string>.
The operation mode for automatically learning private ranges to not be SNAT.
Name of the CA certificate.
Intrusion detection configuration properties. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Space-separated list of DNS server IP addresses. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Enable DNS Proxy.
Explicit Proxy Settings definition. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
When using 'set' or 'add', preserve string literals instead of attempting to convert to JSON.
Space-separated list of FQDNs. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
The type of identity used for the resource. The type 'SystemAssigned, UserAssigned' includes both an implicitly created identity and a set of user assigned identities. The type 'None' will remove any identities from the virtual machine.
IDPS mode.
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
Space-separated list of IPv4 addresses. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Secret Id of (base-64 encoded unencrypted pfx) Secret or Certificate object stored in KeyVault.
The signature state.
Do not wait for the long-running operation to finish.
The name of the Firewall Policy.
List of private IP addresses/IP address ranges to not be SNAT. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Remove a property or an element from a list. Example: --remove property.list OR --remove propertyToRemove.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Description of the bypass traffic rule.
Space-separated list of destination IP addresses or ranges for this rule Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Space-separated list of destination IpGroups for this rule Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Space-separated list of destination ports or ranges Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Name of the bypass traffic rule.
The rule bypass protocol.
Space-separated list of source IP addresses or ranges for this rule Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Space-separated list of source IpGroups Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Update an object by specifying a property path and value to set. Example: --set property1.property2=.
Signature id.
SKU of Firewall policy.
A flag to indicate if SQL Redirect traffic filtering is enabled.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Space-separated tags: key[=value] [key[=value] ...]. Use "" to clear existing tags. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
The operation mode for Threat Intelligence.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az network firewall policy intrusion-detection list
This command is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus
List all intrusion detection configuration.
az network firewall policy intrusion-detection list --policy-name
--resource-groupRequired Parameters
The name of the Firewall Policy.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az network firewall policy intrusion-detection remove
Update an Azure firewall policy.
az network firewall policy intrusion-detection remove [--add]
[--auto-learn-private-ranges {Disabled, Enabled}]
[--cert-name]
[--configuration]
[--dns-servers]
[--enable-dns-proxy {0, 1, f, false, n, no, t, true, y, yes}]
[--explicit-proxy]
[--force-string {0, 1, f, false, n, no, t, true, y, yes}]
[--fqdns]
[--identity-type {None, SystemAssigned, SystemAssigned, UserAssigned, UserAssigned}]
[--idps-mode {Alert, Deny, Off}]
[--ids]
[--ip-addresses]
[--key-vault-secret-id]
[--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
[--policy-name]
[--private-ranges]
[--remove]
[--resource-group]
[--rule-name]
[--set]
[--signature-id]
[--sku {Basic, Premium, Standard}]
[--sql {0, 1, f, false, n, no, t, true, y, yes}]
[--subscription]
[--tags]
[--threat-intel-mode {Alert, Deny, Off}]Optional Parameters
Add an object to a list of objects by specifying a path and key value pairs. Example: --add property.listProperty <key=value, string or JSON string>.
The operation mode for automatically learning private ranges to not be SNAT.
Name of the CA certificate.
Intrusion detection configuration properties. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Space-separated list of DNS server IP addresses. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Enable DNS Proxy.
Explicit Proxy Settings definition. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
When using 'set' or 'add', preserve string literals instead of attempting to convert to JSON.
Space-separated list of FQDNs. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
The type of identity used for the resource. The type 'SystemAssigned, UserAssigned' includes both an implicitly created identity and a set of user assigned identities. The type 'None' will remove any identities from the virtual machine.
IDPS mode.
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
Space-separated list of IPv4 addresses. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Secret Id of (base-64 encoded unencrypted pfx) Secret or Certificate object stored in KeyVault.
Do not wait for the long-running operation to finish.
The name of the Firewall Policy.
List of private IP addresses/IP address ranges to not be SNAT. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Remove a property or an element from a list. Example: --remove property.list OR --remove propertyToRemove.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Name of the bypass traffic rule.
Update an object by specifying a property path and value to set. Example: --set property1.property2=.
Signature id.
SKU of Firewall policy.
A flag to indicate if SQL Redirect traffic filtering is enabled.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Space-separated tags: key[=value] [key[=value] ...]. Use "" to clear existing tags. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
The operation mode for Threat Intelligence.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for