Editar

Compartir a través de


AZFWIdpsSignature

Contains all data plane packets that were matched with one or more IDPS signatures.

Table attributes

Attribute Value
Resource types microsoft.network/azurefirewalls
Categories Security
Solutions LogManagement
Basic log No
Ingestion-time transformation No
Sample Queries Yes

Columns

Column Type Description
Action string Action taken by the firewall following the IDPS signature hit.
_BilledSize real The record size in bytes
Category string Category of the matched IDPS signature.
Description string Description of the matched IDPS signature.
DestinationIp string Packet's destination IP address.
DestinationPort int Packet's destination port.
_IsBillable string Specifies whether ingesting the data is billable. When _IsBillable is false ingestion isn't billed to your Azure account
Protocol string Packet's network protocol. For example: UDP, TCP.
_ResourceId string A unique identifier for the resource that the record is associated with
Severity int Severity of the matched IDPS signature.
SignatureId string ID of the matched IDPS signature.
SourceIp string Packet's source IP address.
SourcePort int Packet's source port.
SourceSystem string The type of agent the event was collected by. For example, OpsManager for Windows agent, either direct connect or Operations Manager, Linux for all Linux agents, or Azure for Azure Diagnostics
_SubscriptionId string A unique identifier for the subscription that the record is associated with
TenantId string The Log Analytics workspace ID
TimeGenerated datetime Timestamp (UTC) when the data plane log was created.
Type string The name of the table