Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
Reference for WindowsFirewall table in Azure Monitor Logs.
| Attribute | Value |
|---|---|
| Category | Windows |
| Basic Logs Eligible | ✗ No (source) |
| Supports Transformations | ✓ Yes (source) |
| Ingestion API Supported | ✗ No |
| Azure Monitor Tables Reference | View Documentation |
Source: Azure Monitor documentation
| Column Name | Type | Description |
|---|---|---|
| _BilledSize | real | The record size in bytes |
| _IsBillable | string | Specifies whether ingesting the data is billable. When _IsBillable isfalseingestion isn't billed to your Azure account |
| _ResourceId | string | A unique identifier for the resource that the record is associated with |
| _SubscriptionId | string | A unique identifier for the subscription that the record is associated with |
| CommunicationDirection | string | |
| Computer | string | |
| Confidence | string | |
| Description | string | |
| DestinationIP | string | |
| DestinationPort | int | |
| FirewallAction | string | |
| FirstReportedDateTime | string | |
| FullDestinationAddress | string | |
| IndicatorThreatType | string | |
| Info | string | |
| IsActive | string | |
| LastReportedDateTime | string | |
| MaliciousIP | string | |
| MaliciousIPCountry | string | |
| MaliciousIPLatitude | real | |
| MaliciousIPLongitude | real | |
| ManagementGroupName | string | |
| Protocol | string | |
| RemoteIP | string | |
| RequestSizeInBytes | long | |
| Severity | int | |
| SourceIP | string | |
| SourcePort | int | |
| SourceSystem | string | The type of agent the event was collected by. For example,OpsManagerfor Windows agent, either direct connect or Operations Manager,Linuxfor all Linux agents, orAzurefor Azure Diagnostics |
| TimeGenerated | datetime | |
| TLPLevel | string | |
| Type | string | The name of the table |
This table is used by the following solutions:
This table is ingested by the following connectors:
| Connector | Selection Criteria |
|---|---|
| Windows Firewall |
Standalone Content:
| Analytic Rule | Selection Criteria |
|---|---|
| Europium - Hash and IP IOCs - September 2022 | |
| Mercury - Domain, Hash and IP IOCs - August 2022 |
In solution ContinuousDiagnostics&Mitigation:
| Workbook | Selection Criteria |
|---|---|
| ContinuousDiagnostics&Mitigation |
In solution MaturityModelForEventLogManagementM2131:
| Workbook | Selection Criteria |
|---|---|
| MaturityModelForEventLogManagement_M2131 |
In solution NISTSP80053:
| Workbook | Selection Criteria |
|---|---|
| NISTSP80053 |
In solution SOC Handbook:
| Workbook | Selection Criteria |
|---|---|
| SecurityStatus |
In solution Windows Firewall:
| Workbook | Selection Criteria |
|---|---|
| WindowsFirewall |
In solution ZeroTrust(TIC3.0):
| Workbook | Selection Criteria |
|---|---|
| ZeroTrustTIC3 |
GitHub Only:
| Workbook | Selection Criteria |
|---|---|
| DoDZeroTrustWorkbook | |
| ExchangeCompromiseHunting | |
| SecurityStatus | |
| UserMap | |
| WindowsFirewall | |
| ZeroTrustStrategyWorkbook |
This table collects data from the following Azure resource types:
microsoft.operationalinsights/workspacesmicrosoft.compute/virtualmachinesmicrosoft.conenctedvmwarevsphere/virtualmachinesmicrosoft.azurestackhci/virtualmachinesmicrosoft.scvmm/virtualmachinesmicrosoft.compute/virtualmachinescalesetsBrowse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊