AzureDiagnostics
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
↑ Back to Tables Index
Reference for AzureDiagnostics table in Azure Monitor Logs.
| Attribute |
Value |
| Category |
Various |
| Custom Log V1 |
Yes 🔶 — uses type-suffixed column names |
| Supports Transformations |
✗ No |
| Ingestion API Supported |
✗ No |
| Lake-Only Ingestion |
✗ No (source) |
| Azure Monitor Tables Reference |
View Documentation |
Contents
Schema (170 columns)
Source: Azure Monitor documentation
| Column Name |
Type |
Description |
| ... | ... | ...
... |
... |
| _ResourceId | String | A unique identifier for the resource that the record is associated with |
| abc | def | 123 |
... |
456 |
| action_id_s | String | |
| action_name_s | String | |
| action_s | String | |
| ActivityId_g | Guid | |
| AdHocOrScheduledJob_s | String | |
| application_name_s | String | |
| audit_schema_version_d | Double | |
| avg_cpu_percent_s | String | |
| avg_mean_time_s | String | |
| backendHostname_s | String | |
| Caller_s | String | |
| callerId_s | String | |
| CallerIPAddress | String | |
| calls_s | String | |
| Category | String | |
| client_ip_s | String | |
| clientInfo_s | String | |
| clientIP_s | String | |
| clientIpAddress_s | String | |
| clientPort_d | Double | |
| code_s | String | |
| collectionName_s | String | |
| conditions_destinationIP_s | String | |
| conditions_destinationPortRange_s | String | |
| conditions_None_s | String | |
| conditions_protocols_s | String | |
| conditions_sourceIP_s | String | |
| conditions_sourcePortRange_s | String | |
| CorrelationId | String | |
| count_executions_d | Double | |
| cpu_time_d | Double | |
| database_name_s | String | |
| database_principal_name_s | String | |
| DatabaseName_s | String | |
| db_id_s | String | |
| direction_s | String | |
| dop_d | Double | |
| duration_d | Double | |
| duration_milliseconds_d | Double | |
| DurationMs | BigInt | |
| ElasticPoolName_s | String | |
| endTime_t | DateTime | |
| Environment_s | String | |
| error_code_s | String | |
| error_message_s | String | |
| errorLevel_s | String | |
| event_class_s | String | |
| event_s | String | |
| event_subclass_s | String | |
| event_time_t | DateTime | |
| EventName_s | String | |
| execution_type_d | Double | |
| executionInfo_endTime_t | DateTime | |
| executionInfo_exitCode_d | Double | |
| executionInfo_startTime_t | DateTime | |
| host_s | String | |
| httpMethod_s | String | |
| httpStatus_d | Double | |
| httpStatusCode_d | Double | |
| httpStatusCode_s | String | |
| httpVersion_s | String | |
| id_s | String | |
| identity_claim_appid_g | Guid | |
| identity_claim_ipaddr_s | String | |
| instanceId_s | String | |
| interval_end_time_d | Double | |
| interval_start_time_d | Double | |
| ip_s | String | |
| is_column_permission_s | String | |
| isAccessPolicyMatch_b | Bool | |
| JobDurationInSecs_s | String | |
| JobFailureCode_s | String | |
| JobId_g | Guid | |
| jobId_s | String | |
| JobOperation_s | String | |
| JobOperationSubType_s | String | |
| JobStartDateTime_s | String | |
| JobStatus_s | String | |
| JobUniqueId_g | Guid | |
| Level | String | |
| log_bytes_used_d | Double | |
| logical_io_reads_d | Double | |
| logical_io_writes_d | Double | |
| LogicalServerName_s | String | |
| macAddress_s | String | |
| matchedConnections_d | Double | |
| max_cpu_time_d | Double | |
| max_dop_d | Double | |
| max_duration_d | Double | |
| max_log_bytes_used_d | Double | |
| max_logical_io_reads_d | Double | |
| max_logical_io_writes_d | Double | |
| max_num_physical_io_reads_d | Double | |
| max_physical_io_reads_d | Double | |
| max_query_max_used_memory_d | Double | |
| max_rowcount_d | Double | |
| max_time_s | String | |
| mean_time_s | String | |
| Message | String | |
| min_time_s | String | |
| msg_s | String | |
| num_physical_io_reads_d | Double | |
| object_id_d | Double | |
| object_name_s | String | |
| OperationName | String | |
| OperationVersion | String | |
| partitionKey_s | String | |
| physical_io_reads_d | Double | |
| plan_id_d | Double | |
| policy_s | String | |
| policyMode_s | String | |
| primaryIPv4Address_s | String | |
| priority_d | Double | |
| properties_enabledForDeployment_b | Bool | |
| properties_enabledForDiskEncryption_b | Bool | |
| properties_enabledForTemplateDeployment_b | Bool | |
| properties_s | String | |
| properties_sku_Family_s | String | |
| properties_sku_Name_s | String | |
| properties_tenantId_g | Guid | |
| query_hash_s | String | |
| query_id_d | Double | |
| query_max_used_memory_d | Double | |
| query_plan_hash_s | String | |
| query_time_d | Double | |
| querytext_s | String | |
| receivedBytes_d | Double | |
| Region_s | String | |
| requestCharge_s | String | |
| requestQuery_s | String | |
| requestResourceId_s | String | |
| requestResourceType_s | String | |
| requestUri_s | String | |
| reserved_storage_mb_s | String | |
| Resource | String | |
| resource_actionName_s | String | |
| resource_location_s | String | |
| resource_originRunId_s | String | |
| resource_resourceGroupName_s | String | |
| resource_runId_s | String | |
| resource_subscriptionId_g | Guid | |
| resource_triggerName_s | String | |
| resource_workflowId_g | Guid | |
| resource_workflowName_s | String | |
| ResourceGroup | String | |
| ResourceProvider | String | |
| ResourceType | String | |
| response_rows_d | Double | |
| resultCode_s | String | |
| ResultDescription | String | |
| resultDescription_ChildJobs_s | String | |
| resultDescription_ErrorJobs_s | String | |
| resultMessage_s | String | |
| ResultSignature | String | |
| ResultType | String | |
| rootCauseAnalysis_s | String | |
| routingRuleName_s | String | |
| rowcount_d | Double | |
| ruleName_s | String | |
| RunbookName_s | String | |
| RunOn_s | String | |
| schema_name_s | String | |
| sentBytes_d | Double | |
| sequence_group_id_g | Guid | |
| sequence_number_d | Double | |
| server_principal_sid_s | String | |
| session_id_d | Double | |
Solutions (34)
This table is used by the following solutions:
Connectors (14)
This table is ingested by the following connectors:
| Connector |
Selection Criteria |
| Azure Batch Account |
ResourceProvider == "MICROSOFT.BATCH" |
| Azure Cognitive Search |
ResourceProvider == "MICROSOFT.SEARCH" |
| Azure Data Lake Storage Gen1 |
ResourceProvider == "MICROSOFT.DATALAKESTORE" |
| Azure Event Hub |
ResourceProvider == "MICROSOFT.EVENTHUB" |
| Azure Firewall |
ResourceType == "AZUREFIREWALLS" |
| Azure Key Vault |
ResourceProvider == "MICROSOFT.KEYVAULT" |
| Azure Kubernetes Service (AKS) |
Category in "cluster-autoscaler,guard,kube-apiserver,kube-audit,kube-audit-admin,kube-controller-manager,kube-scheduler" |
| Azure Logic Apps |
ResourceProvider == "MICROSOFT.LOGIC" |
| Network Security Groups |
Category in "NetworkSecurityGroupEvent,NetworkSecurityGroupRuleCounter" |
| Azure Service Bus |
ResourceProvider == "MICROSOFT.SERVICEBUS" |
| Azure SQL Databases |
Category in "AutomaticTuning,Basic,Blocks,DatabaseWaitStatistics,Deadlocks,DevOpsOperationsAudit,Errors,InstanceAndAppAdvanced,QueryStoreWaitStatistics,SQLInsights,SQLSecurityAuditEvents,Timeouts,WorkloadManagement"
Category contains "SQLSecurityAuditEvents"
ResourceProvider == "MICROSOFT.SQL"
ResourceType == "SERVERS/DATABASES" |
| Azure Stream Analytics |
ResourceProvider == "MICROSOFT.STREAMANALYTICS" |
| Azure DDoS Protection |
Category == "DDoSMitigationReports"
ResourceType == "PUBLICIPADDRESSES" |
| Azure Web Application Firewall (WAF) |
ResourceType in "APPLICATIONGATEWAYS,CDNWEBAPPLICATIONFIREWALLPOLICIES,FRONTDOORS"
action_s == "Blocked" |
Content Items Using This Table (78)
Analytic Rules (36)
In solution Apache Log4j Vulnerability Detection:
In solution Azure DDoS Protection: Category == "DDoSMitigationFlowLogs"
ResourceType == "PUBLICIPADDRESSES"
In solution Azure Firewall:
In solution Azure Key Vault: ResourceType == "VAULTS"
In solution Azure SQL Database solution for sentinel: Category == "SQLSecurityAuditEvents"
In solution Azure Web Application Firewall (WAF): Category == "FrontDoorWebApplicationFirewallLog"
action_s in "AnomalyScoring,Block"
In solution Threat Intelligence:
In solution Threat Intelligence (NEW):
In solution Zinc Open Source:
Hunting Queries (19)
In solution Apache Log4j Vulnerability Detection: Category in "ApplicationGatewayAccessLog,ApplicationGatewayFirewallLog,FrontdoorAccessLog,FrontdoorWebApplicationFirewallLog"
In solution Azure Firewall:
In solution Azure SQL Database solution for sentinel:
In solution Azure kubernetes Service:
In solution Cloud Service Threat Protection Essentials: ResourceType == "VAULTS"
ResultType == "Success"
In solution Legacy IOC based Threat Protection: Category == "AzureFirewallNetworkRule"
In solution Web Shells Threat Protection: Category in "ApplicationGatewayAccessLog,ApplicationGatewayFirewallLog,FrontdoorAccessLog,FrontdoorWebApplicationFirewallLog"
Workbooks (23)
In solution Apache Log4j Vulnerability Detection: Category in "ApplicationGatewayAccessLog,ApplicationGatewayFirewallLog,FrontdoorAccessLog,FrontdoorWebApplicationFirewallLog"
In solution Azure DDoS Protection: Category in "DDoSMitigationFlowLogs,DDoSMitigationReports,DDoSProtectionNotifications"
Message == "Packet was forwarded to service"
Message startswith "Protocol violation"
Resource in ",{Resource:label}"
In solution Azure Firewall: Category in "AzureFirewallApplicationRule,AzureFirewallDnsProxy,AzureFirewallNetworkRule"
Resource in ",{Resource:label}"
ResourceType == "AZUREFIREWALLS"
msg_s !has ". Rule Collection:"
msg_s !has ". Url"
msg_s !has "DNAT"
msg_s !has "No rule matched"
msg_s !has "Policy:"
msg_s !has "Reason:"
msg_s !has "Rule Collection"
msg_s !has "Rule Collection:"
msg_s !has "TLS extension was missing"
msg_s !has "Type="
msg_s !has "Url"
msg_s !has "Web Category:"
msg_s has ". No rule matched"
msg_s has ". Rule Collection:"
msg_s has ". Url"
msg_s has "DNAT"
msg_s has "Policy:"
msg_s has "Reason:"
msg_s has "Rule Collection Group"
msg_s has "Rule Collection:"
msg_s has "Type="
msg_s has "Url"
msg_s has "Web Category:"
In solution Azure Key Vault: Category == "AuditEvent"
ResourceType == "VAULTS"
In solution Azure SQL Database solution for sentinel: Category == "SQLSecurityAuditEvents"
ResourceType == "SERVERS/DATABASES"
In solution Azure Web Application Firewall (WAF):
In solution Azure kubernetes Service: Category == "kube-audit"
Resource in "clusterrolebindings,events,pods,secrets"
In solution AzureSecurityBenchmark: Category in "All,AzureFirewallNetworkRule,NetworkSecurityGroupRuleCounter"
ResourceProvider == "MICROSOFT.KEYVAULT"
ResourceType == "AZUREFIREWALLS"
msg_s !has ". Rule Collection:"
msg_s !has "DNAT"
msg_s !has "Policy:"
msg_s !has "Rule Collection:"
msg_s !has "Type="
msg_s has ". Rule Collection:"
msg_s has "DNAT"
msg_s has "Policy:"
msg_s has "Rule Collection:"
msg_s has "Type="
In solution ContinuousDiagnostics&Mitigation: Category in "NetworkSecurityGroupEvent,kube-audit"
Category contains "SQL"
ResourceProvider == "MICROSOFT.KEYVAULT"
ResourceType in "APPLICATIONGATEWAYS,AZUREFIREWALLS,CDNWEBAPPLICATIONFIREWALLPOLICIES,FRONTDOORS,PROFILES,PUBLICIPADDRESSES"
In solution CybersecurityMaturityModelCertification(CMMC)2.0: Category == "AzureFirewallApplicationRule"
In solution DPDP Compliance: Category == "SQLSecurityAuditEvents"
ResourceType == "SERVERS/DATABASES"
In solution GDPR Compliance & Data Security: Category == "SQLSecurityAuditEvents"
ResourceType == "SERVERS/DATABASES"
In solution HIPAA Compliance: Category == "AzureFirewallNetworkRule"
Category == "SQLSecurityAuditEvents"
In solution MaturityModelForEventLogManagementM2131: Category in "AzureFirewallApplicationRule,AzureFirewallNetworkRule,EntitlementManagement,FrontdoorWebApplicationFirewallLog,GatewayDiagnosticLog,GroupManagement,IKEDiagnosticLog,NetworkSecurityGroupEvent,RouteDiagnosticLog,TunnelDiagnosticLog,UserManagement,WebApplicationFirewallLogs,kube-audit"
Category contains "SQL"
Resource == "SOC-NS-AG-WAFV2"
ResourceProvider in "MICROSOFT.CONTAINERSERVICE,MICROSOFT.KEYVAULT"
ResourceType in "APPLICATIONGATEWAYS,AZUREFIREWALLS,CDNWEBAPPLICATIONFIREWALLPOLICIES,FRONTDOORS,PROFILES,PUBLICIPADDRESSES,SERVERS/DATABASES"
msg_s !has ". Url"
msg_s !has "No rule matched"
msg_s !has "Reason:"
msg_s !has "Rule Collection"
msg_s !has "TLS extension was missing"
msg_s !has "Web Category:"
msg_s has ". No rule matched"
msg_s has ". Url"
msg_s has "Reason:"
msg_s has "Rule Collection Group"
msg_s has "Web Category:"
In solution NISTSP80053: Category in "NetworkSecurityGroupEvent,kube-audit"
Category contains "SQL"
ResourceProvider == "MICROSOFT.KEYVAULT"
ResourceType in "APPLICATIONGATEWAYS,AZUREFIREWALLS,CDNWEBAPPLICATIONFIREWALLPOLICIES,FRONTDOORS,PROFILES,PUBLICIPADDRESSES"
In solution PCI DSS Compliance:
In solution SOC Handbook:
In solution SentinelSOARessentials: ResourceProvider == "MICROSOFT.LOGIC"
In solution ThreatAnalysis&Response: ResourceType == "PUBLICIPADDRESSES"
In solution ZeroTrust(TIC3.0): Category in "ApplicationGatewayFirewallLog,AzureFirewallApplicationRule,AzureFirewallDnsProxy,AzureFirewallNetworkRule,DDoSMitigationReports,FrontdoorWebApplicationFirewallLog,NetworkSecurityGroupEvent,WebApplicationFirewallLogs,kube-audit"
Category contains "SQL"
Resource == "SOC-NS-AG-WAFV2"
ResourceProvider == "MICROSOFT.KEYVAULT"
ResourceType in "APPLICATIONGATEWAYS,AZUREFIREWALLS,CDNWEBAPPLICATIONFIREWALLPOLICIES,FRONTDOORS,PROFILES,PUBLICIPADDRESSES"
msg_s !has ". Url"
msg_s !has "No rule matched"
msg_s !has "Reason:"
msg_s !has "Rule Collection"
msg_s !has "TLS extension was missing"
msg_s !has "Url"
msg_s !has "Web Category:"
msg_s has ". No rule matched"
msg_s has ". Url"
msg_s has "Reason:"
msg_s has "Rule Collection Group"
msg_s has "Url"
msg_s has "Web Category:"
Parsers Using This Table (2)
Other Parsers (2)
Selection Criteria Summary (41 criteria, 76 total references)
References by type: 14 connectors, 61 content items, 0 ASIM parsers, 1 other parsers.
| Selection Criteria |
Connectors |
Content Items |
ASIM Parsers |
Other Parsers |
Total |
Category == "SQLSecurityAuditEvents" |
- |
18 |
- |
- |
18 |
ResourceType == "VAULTS" |
- |
6 |
- |
- |
6 |
Category == "FrontDoorWebApplicationFirewallLog"
action_s in "AnomalyScoring,Block" |
- |
4 |
- |
- |
4 |
Category in "ApplicationGatewayAccessLog,ApplicationGatewayFirewallLog,FrontdoorAccessLog,FrontdoorWebApplicationFirewallLog" |
- |
3 |
- |
- |
3 |
Category == "SQLSecurityAuditEvents"
ResourceType == "SERVERS/DATABASES" |
- |
3 |
- |
- |
3 |
ResourceProvider == "MICROSOFT.LOGIC" |
1 |
1 |
- |
- |
2 |
Category == "DDoSMitigationFlowLogs"
ResourceType == "PUBLICIPADDRESSES" |
- |
2 |
- |
- |
2 |
Category == "SQLSecurityAuditEvents"
ResourceProvider == "MICROSOFT.SQL" |
- |
2 |
- |
- |
2 |
Category == "AzureFirewallNetworkRule" |
- |
1 |
- |
1 |
2 |
ResourceType == "APPLICATIONGATEWAYS" |
- |
2 |
- |
- |
2 |
Category in "NetworkSecurityGroupEvent,kube-audit"
Category contains "SQL"
ResourceProvider == "MICROSOFT.KEYVAULT"
ResourceType in "APPLICATIONGATEWAYS,AZUREFIREWALLS,CDNWEBAPPLICATIONFIREWALLPOLICIES,FRONTDOORS,PROFILES,PUBLICIPADDRESSES" |
- |
2 |
- |
- |
2 |
ResourceType in "APPLICATIONGATEWAYS,CDNWEBAPPLICATIONFIREWALLPOLICIES,FRONTDOORS"
action_s == "Blocked" |
1 |
- |
- |
- |
1 |
ResourceProvider == "MICROSOFT.EVENTHUB" |
1 |
- |
- |
- |
1 |
ResourceProvider == "MICROSOFT.SERVICEBUS" |
1 |
- |
- |
- |
1 |
ResourceProvider == "MICROSOFT.STREAMANALYTICS" |
1 |
- |
- |
- |
1 |
ResourceProvider == "MICROSOFT.DATALAKESTORE" |
1 |
- |
- |
- |
1 |
Category == "DDoSMitigationReports"
ResourceType == "PUBLICIPADDRESSES" |
1 |
- |
- |
- |
1 |
ResourceProvider == "MICROSOFT.BATCH" |
1 |
- |
- |
- |
1 |
Category in "AutomaticTuning,Basic,Blocks,DatabaseWaitStatistics,Deadlocks,DevOpsOperationsAudit,Errors,InstanceAndAppAdvanced,QueryStoreWaitStatistics,SQLInsights,SQLSecurityAuditEvents,Timeouts,WorkloadManagement"
Category contains "SQLSecurityAuditEvents"
ResourceProvider == "MICROSOFT.SQL"
ResourceType == "SERVERS/DATABASES" |
1 |
- |
- |
- |
1 |
Category in "NetworkSecurityGroupEvent,NetworkSecurityGroupRuleCounter" |
1 |
- |
- |
- |
1 |
ResourceType == "AZUREFIREWALLS" |
1 |
- |
- |
- |
1 |
ResourceProvider == "MICROSOFT.KEYVAULT" |
1 |
- |
- |
- |
1 |
ResourceProvider == "MICROSOFT.SEARCH" |
1 |
- |
- |
- |
1 |
Category in "cluster-autoscaler,guard,kube-apiserver,kube-audit,kube-audit-admin,kube-controller-manager,kube-scheduler" |
1 |
- |
- |
- |
1 |
Category in "ApplicationGatewayFirewallLog,FrontdoorWebApplicationFirewallLog"
ResourceProvider == "MICROSOFT.NETWORK" |
- |
1 |
- |
- |
1 |
Category in "AzureFirewallApplicationRule,AzureFirewallNetworkRule"
ResourceType == "AZUREFIREWALLS" |
- |
1 |
- |
- |
1 |
Category == "kube-audit"
Resource == "ClusterRoleBinding" |
- |
1 |
- |
- |
1 |
Category == "kube-audit" |
- |
1 |
- |
- |
1 |
ResourceType == "VAULTS"
ResultType == "Success" |
- |
1 |
- |
- |
1 |
Category in "DDoSMitigationFlowLogs,DDoSMitigationReports,DDoSProtectionNotifications"
Message == "Packet was forwarded to service"
Message startswith "Protocol violation"
Resource in ",{Resource:label}" |
- |
1 |
- |
- |
1 |
Category in "AzureFirewallApplicationRule,AzureFirewallDnsProxy,AzureFirewallNetworkRule"
Resource in ",{Resource:label}"
ResourceType == "AZUREFIREWALLS"
msg_s !has ". Rule Collection:"
msg_s !has ". Url"
msg_s !has "DNAT"
msg_s !has "No rule matched"
msg_s !has "Policy:"
msg_s !has "Reason:"
msg_s !has "Rule Collection"
msg_s !has "Rule Collection:"
msg_s !has "TLS extension was missing"
msg_s !has "Type="
msg_s !has "Url"
msg_s !has "Web Category:"
msg_s has ". No rule matched"
msg_s has ". Rule Collection:"
msg_s has ". Url"
msg_s has "DNAT"
msg_s has "Policy:"
msg_s has "Reason:"
msg_s has "Rule Collection Group"
msg_s has "Rule Collection:"
msg_s has "Type="
msg_s has "Url"
msg_s has "Web Category:" |
- |
1 |
- |
- |
1 |
Category == "AuditEvent"
ResourceType == "VAULTS" |
- |
1 |
- |
- |
1 |
Category == "kube-audit"
Resource in "clusterrolebindings,events,pods,secrets" |
- |
1 |
- |
- |
1 |
Message == "*"
Message has "SQL Injection"
Message has "attack"
ResourceType == "APPLICATIONGATEWAYS"
action_s in "Blocked,Detected"
instanceId_s has "role" |
- |
1 |
- |
- |
1 |
Message has "attack" |
- |
1 |
- |
- |
1 |
Category in "All,AzureFirewallNetworkRule,NetworkSecurityGroupRuleCounter"
ResourceProvider == "MICROSOFT.KEYVAULT"
ResourceType == "AZUREFIREWALLS"
msg_s !has ". Rule Collection:"
msg_s !has "DNAT"
msg_s !has "Policy:"
msg_s !has "Rule Collection:"
msg_s !has "Type="
msg_s has ". Rule Collection:"
msg_s has "DNAT"
msg_s has "Policy:"
msg_s has "Rule Collection:"
msg_s has "Type=" |
- |
1 |
- |
- |
1 |
Category == "AzureFirewallApplicationRule" |
- |
1 |
- |
- |
1 |
Category == "AzureFirewallNetworkRule"
Category == "SQLSecurityAuditEvents" |
- |
1 |
- |
- |
1 |
Category in "AzureFirewallApplicationRule,AzureFirewallNetworkRule,EntitlementManagement,FrontdoorWebApplicationFirewallLog,GatewayDiagnosticLog,GroupManagement,IKEDiagnosticLog,NetworkSecurityGroupEvent,RouteDiagnosticLog,TunnelDiagnosticLog,UserManagement,WebApplicationFirewallLogs,kube-audit"
Category contains "SQL"
Resource == "SOC-NS-AG-WAFV2"
ResourceProvider in "MICROSOFT.CONTAINERSERVICE,MICROSOFT.KEYVAULT"
ResourceType in "APPLICATIONGATEWAYS,AZUREFIREWALLS,CDNWEBAPPLICATIONFIREWALLPOLICIES,FRONTDOORS,PROFILES,PUBLICIPADDRESSES,SERVERS/DATABASES"
msg_s !has ". Url"
msg_s !has "No rule matched"
msg_s !has "Reason:"
msg_s !has "Rule Collection"
msg_s !has "TLS extension was missing"
msg_s !has "Web Category:"
msg_s has ". No rule matched"
msg_s has ". Url"
msg_s has "Reason:"
msg_s has "Rule Collection Group"
msg_s has "Web Category:" |
- |
1 |
- |
- |
1 |
ResourceType == "PUBLICIPADDRESSES" |
- |
1 |
- |
- |
1 |
Category in "ApplicationGatewayFirewallLog,AzureFirewallApplicationRule,AzureFirewallDnsProxy,AzureFirewallNetworkRule,DDoSMitigationReports,FrontdoorWebApplicationFirewallLog,NetworkSecurityGroupEvent,WebApplicationFirewallLogs,kube-audit"
Category contains "SQL"
Resource == "SOC-NS-AG-WAFV2"
ResourceProvider == "MICROSOFT.KEYVAULT"
ResourceType in "APPLICATIONGATEWAYS,AZUREFIREWALLS,CDNWEBAPPLICATIONFIREWALLPOLICIES,FRONTDOORS,PROFILES,PUBLICIPADDRESSES"
msg_s !has ". Url"
msg_s !has "No rule matched"
msg_s !has "Reason:"
msg_s !has "Rule Collection"
msg_s !has "TLS extension was missing"
msg_s !has "Url"
msg_s !has "Web Category:"
msg_s has ". No rule matched"
msg_s has ". Url"
msg_s has "Reason:"
msg_s has "Rule Collection Group"
msg_s has "Url"
msg_s has "Web Category:" |
- |
1 |
- |
- |
1 |
| Total |
14 |
61 |
0 |
1 |
76 |
Category
| Value |
Connectors |
Content Items |
ASIM Parsers |
Other Parsers |
Total |
SQLSecurityAuditEvents |
1 |
24 |
- |
- |
25 |
kube-audit |
1 |
7 |
- |
- |
8 |
AzureFirewallNetworkRule |
- |
7 |
- |
1 |
8 |
FrontdoorWebApplicationFirewallLog |
- |
6 |
- |
- |
6 |
NetworkSecurityGroupEvent |
1 |
4 |
- |
- |
5 |
ApplicationGatewayFirewallLog |
- |
5 |
- |
- |
5 |
AzureFirewallApplicationRule |
- |
5 |
- |
- |
5 |
FrontDoorWebApplicationFirewallLog |
- |
4 |
- |
- |
4 |
contains SQL |
- |
4 |
- |
- |
4 |
DDoSMitigationReports |
1 |
2 |
- |
- |
3 |
DDoSMitigationFlowLogs |
- |
3 |
- |
- |
3 |
ApplicationGatewayAccessLog |
- |
3 |
- |
- |
3 |
FrontdoorAccessLog |
- |
3 |
- |
- |
3 |
NetworkSecurityGroupRuleCounter |
1 |
1 |
- |
- |
2 |
AzureFirewallDnsProxy |
- |
2 |
- |
- |
2 |
WebApplicationFirewallLogs |
- |
2 |
- |
- |
2 |
AutomaticTuning |
1 |
- |
- |
- |
1 |
Basic |
1 |
- |
- |
- |
1 |
Blocks |
1 |
- |
- |
- |
1 |
DatabaseWaitStatistics |
1 |
- |
- |
- |
1 |
Deadlocks |
1 |
- |
- |
- |
1 |
DevOpsOperationsAudit |
1 |
- |
- |
- |
1 |
Errors |
1 |
- |
- |
- |
1 |
InstanceAndAppAdvanced |
1 |
- |
- |
- |
1 |
QueryStoreWaitStatistics |
1 |
- |
- |
- |
1 |
SQLInsights |
1 |
- |
- |
- |
1 |
Timeouts |
1 |
- |
- |
- |
1 |
WorkloadManagement |
1 |
- |
- |
- |
1 |
contains SQLSecurityAuditEvents |
1 |
- |
- |
- |
1 |
cluster-autoscaler |
1 |
- |
- |
- |
1 |
guard |
1 |
- |
- |
- |
1 |
kube-apiserver |
1 |
- |
- |
- |
1 |
kube-audit-admin |
1 |
- |
- |
- |
1 |
kube-controller-manager |
1 |
- |
- |
- |
1 |
kube-scheduler |
1 |
- |
- |
- |
1 |
DDoSProtectionNotifications |
- |
1 |
- |
- |
1 |
AuditEvent |
- |
1 |
- |
- |
1 |
All |
- |
1 |
- |
- |
1 |
EntitlementManagement |
- |
1 |
- |
- |
1 |
GatewayDiagnosticLog |
- |
1 |
- |
- |
1 |
GroupManagement |
- |
1 |
- |
- |
1 |
IKEDiagnosticLog |
- |
1 |
- |
- |
1 |
RouteDiagnosticLog |
- |
1 |
- |
- |
1 |
TunnelDiagnosticLog |
- |
1 |
- |
- |
1 |
UserManagement |
- |
1 |
- |
- |
1 |
Message
| Value |
Connectors |
Content Items |
ASIM Parsers |
Other Parsers |
Total |
has attack |
- |
2 |
- |
- |
2 |
Packet was forwarded to service |
- |
1 |
- |
- |
1 |
startswith Protocol violation |
- |
1 |
- |
- |
1 |
* |
- |
1 |
- |
- |
1 |
has SQL Injection |
- |
1 |
- |
- |
1 |
Resource
| Value |
Connectors |
Content Items |
ASIM Parsers |
Other Parsers |
Total |
{Resource:label} |
- |
2 |
- |
- |
2 |
SOC-NS-AG-WAFV2 |
- |
2 |
- |
- |
2 |
ClusterRoleBinding |
- |
1 |
- |
- |
1 |
clusterrolebindings |
- |
1 |
- |
- |
1 |
events |
- |
1 |
- |
- |
1 |
pods |
- |
1 |
- |
- |
1 |
secrets |
- |
1 |
- |
- |
1 |
ResourceProvider
| Value |
Connectors |
Content Items |
ASIM Parsers |
Other Parsers |
Total |
MICROSOFT.KEYVAULT |
1 |
5 |
- |
- |
6 |
MICROSOFT.SQL |
1 |
2 |
- |
- |
3 |
MICROSOFT.LOGIC |
1 |
1 |
- |
- |
2 |
MICROSOFT.EVENTHUB |
1 |
- |
- |
- |
1 |
MICROSOFT.SERVICEBUS |
1 |
- |
- |
- |
1 |
MICROSOFT.STREAMANALYTICS |
1 |
- |
- |
- |
1 |
MICROSOFT.DATALAKESTORE |
1 |
- |
- |
- |
1 |
MICROSOFT.BATCH |
1 |
- |
- |
- |
1 |
MICROSOFT.SEARCH |
1 |
- |
- |
- |
1 |
MICROSOFT.NETWORK |
- |
1 |
- |
- |
1 |
MICROSOFT.CONTAINERSERVICE |
- |
1 |
- |
- |
1 |
ResourceType
| Value |
Connectors |
Content Items |
ASIM Parsers |
Other Parsers |
Total |
APPLICATIONGATEWAYS |
1 |
7 |
- |
- |
8 |
PUBLICIPADDRESSES |
1 |
7 |
- |
- |
8 |
AZUREFIREWALLS |
1 |
7 |
- |
- |
8 |
VAULTS |
- |
8 |
- |
- |
8 |
CDNWEBAPPLICATIONFIREWALLPOLICIES |
1 |
4 |
- |
- |
5 |
FRONTDOORS |
1 |
4 |
- |
- |
5 |
SERVERS/DATABASES |
1 |
4 |
- |
- |
5 |
PROFILES |
- |
4 |
- |
- |
4 |
ResultType
| Value |
Connectors |
Content Items |
ASIM Parsers |
Other Parsers |
Total |
Success |
- |
1 |
- |
- |
1 |
action_s
| Value |
Connectors |
Content Items |
ASIM Parsers |
Other Parsers |
Total |
AnomalyScoring |
- |
4 |
- |
- |
4 |
Block |
- |
4 |
- |
- |
4 |
Blocked |
1 |
1 |
- |
- |
2 |
Detected |
- |
1 |
- |
- |
1 |
instanceId_s
| Value |
Connectors |
Content Items |
ASIM Parsers |
Other Parsers |
Total |
has role |
- |
1 |
- |
- |
1 |
msg_s
| Value |
Connectors |
Content Items |
ASIM Parsers |
Other Parsers |
Total |
!has . Url |
- |
3 |
- |
- |
3 |
!has No rule matched |
- |
3 |
- |
- |
3 |
!has Reason: |
- |
3 |
- |
- |
3 |
!has Rule Collection |
- |
3 |
- |
- |
3 |
!has TLS extension was missing |
- |
3 |
- |
- |
3 |
!has Web Category: |
- |
3 |
- |
- |
3 |
has . No rule matched |
- |
3 |
- |
- |
3 |
has . Url |
- |
3 |
- |
- |
3 |
has Reason: |
- |
3 |
- |
- |
3 |
has Rule Collection Group |
- |
3 |
- |
- |
3 |
has Web Category: |
- |
3 |
- |
- |
3 |
!has . Rule Collection: |
- |
2 |
- |
- |
2 |
!has DNAT |
- |
2 |
- |
- |
2 |
!has Policy: |
- |
2 |
- |
- |
2 |
!has Rule Collection: |
- |
2 |
- |
- |
2 |
!has Type= |
- |
2 |
- |
- |
2 |
!has Url |
- |
2 |
- |
- |
2 |
has . Rule Collection: |
- |
2 |
- |
- |
2 |
has DNAT |
- |
2 |
- |
- |
2 |
has Policy: |
- |
2 |
- |
- |
2 |
has Rule Collection: |
- |
2 |
- |
- |
2 |
has Type= |
- |
2 |
- |
- |
2 |
has Url |
- |
2 |
- |
- |
2 |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
↑ Back to Tables Index
|