Azure Firewall
Version: Azure Firewall
Azure Firewall is a cloud-based network security service provided by Microsoft Azure. It acts as a high-level, scalable network security solution that allows to control and monitor network traffic flowing in and out of Azure Virtual Network (VNet).
Netsurion Open XDR manages logs retrieved from Azure Firewall through Azure event hub. The alerts, reports, dashboards, and saved searches in Netsurion Open XDR are enhanced by capturing important and critical activities in Azure Firewall.
The following are the key assets available in this Data Source Integration.
Alerts
| Type | Name | Description |
|---|---|---|
| Security | Azure Firewall – IDPS event detected | Generated when IDPS events with high and medium severity is detected by Azure Firewall. |
| Security | Azure Firewall – Suspicious event detected | Generated when a threat intelligence event is detected by Azure Firewall. |
Reports
| Type | Name | Description |
|---|---|---|
| Security | Azure Firewall – DNS proxy events | Provides details about all the DNS proxy events log data monitored by Azure Firewall. This includes information such as, source IP address, port number, action, error message, response codes, query details. |
| Security | Azure Firewall – Internal FQDN failure events | Provides details about the internal firewall FQDN resolution request failure events monitored by Azure Firewall. This includes information such as, server IP address, port number, failure reason. |
| Security | Azure Firewall – Threat intelligence events | Provides details about threat intelligence events monitored by Azure Firewall. This includes information such as source IP address, destination IP address, port number, threat description, FQDN, action. |
| Security | Azure Firewall – Traffic events | Provides details about network and application events monitored by Azure Firewall. This includes information such as, action, source IP address, destination IP address, port number, target URL, FQDN. |
| Security | Azure Firewall – IDPS events | Provides details about all the data plane packets that were matched with one or more IDPS signatures monitored by Azure Firewall. This includes information such as, source IP address, port number, severity, IDPS signature id, signature description, action, source system. |
Dashboards
| Type | Name | Description |
|---|---|---|
| Security | Azure Firewall – DNS query by response codes | Displays all the failed DNS query by response codes. |
| Security | Azure Firewall – Action by source IP address | Displays all the source IP address of the blocked and allowed events. |
| Security | Azure Firewall – IDPS detected by source IP address | Displays all the IDPS events detected based on source IP address. |
Saved Searches
| Type | Name | Description |
|---|---|---|
| Security | Azure Firewall – DNS proxy events | Provides details about all the DNS proxy events log data monitored by Azure Firewall. |
| Security | Azure Firewall – Internal FQDN failure events | Provides details about the internal firewall FQDN resolution request failure events monitored by Azure Firewall. |
| Security | Azure Firewall – Threat intelligence events | Provides details about threat intelligence events monitored by Azure Firewall. |
| Security | Azure Firewall – Traffic events | Provides details about network and application events monitored by Azure Firewall. |
| Security | Azure Firewall – IDPS events | Provides details about all the data plane packets that were matched with one or more IDPS signatures monitored by Azure Firewall. |
Documentation
The configuration details are consistent with Netsurion Open XDR 9.3 and later, and Azure Firewall.
Download the Integration Guide for configuration instructions and more information.