Are you wondering how to get a consolidated view of your Azure Firewall configuration and how to get a better understanding of your Azure Firewall logs? If so, then this post is for you. In this post, I will show you how to get a consolidated view of your Azure Firewall configuration and how to get a better understanding of your Azure Firewall logs. This workbook visualizes the Azure Firewall logs and provides a consolidated, filtered view of the logs.
💬Azure Monitor Workbook for Azure Firewall
You can gain insights into Azure Firewall events, learn about your application and network rules, and see statistics for firewall activities across URLs, ports, and addresses. Azure Firewall Workbook allows you to filter your firewalls and resource groups, and dynamically filter per category with easy to read data sets when investigating an issue in your logs.
- 💡Visualizing the results of Resource Graph with Azure Workbooks
| Section | Intention |
|---|---|
| Overview page | The way to filter across workspaces, time, and firewalls. |
| Application rule log statistics: | It shows unique sources of IP address over time, application rule count usage, denied/allowed FQDN |
| Network rule log statistics | The page provides a view by rule action – allow/deny, target port by IP and DNAT over time |
| IDPS log statistics: | IDPS actions count for all traffic that match the IDPS rules |
| Investigations | You can get logs and understand more about the resource based on the source IP address. |
⚡Is this a paid service ?
No, it is entirely free, and you are not required to be a paid customer of Azure Firewalls to use this workbook. You can use this workbook for your Azure Firewall deployments.
🧑💻How to get the Workbook for Azure Firewall?
There are various ways to get this Dashboard. You either go to the below GitHub Page to click on the Deploy-to-Azure button or use the PowerShell Script below to provision Azure Workbook in your resource group.
Option 1: Deploy it from GitHub Template
Once you have clicked above the Deploy To Azure button, you will see that page redirects you to Azure Portal. You will require to complete deployment parameters to create a Microsoft Workbook for your organization.
Option 2: Deploy it from Azure PowerShell
# --- Set resource group name and create
$ResourceGroupName = "rg-workbook-dashboard"
$subscriptionName = "<your-subscription-name>"
Set-AzContext -Subscription $subscriptionName
New-AzResourceGroup -Name $ResourceGroupName -Location "UK West" -Force
# --- Deploy infrastructure
$DeploymentParameters = @{
workbookDisplayName = "Azure Firewall Workbook"
workbookType = "workbook"
workbookSourceId = "Azure Monitor"
workbookId = "[newGuid()]"
}
New-AzResourceGroupDeployment -Name "netsec-deplyoment-01" `
-ResourceGroupName $ResourceGroupName `
-TemplateUri "https://raw.githubusercontent.com/Azure/Azure-Network-Security/master/Azure%20Firewall/Workbook%20-%20Azure%20Firewall%20Monitor%20Workbook/Azure%20Firewall_ARM.json" `
@DeploymentParameters
After the deployment is completed successfully, you can open Azure Workbook to explore your environment without having a hassle!