- Firewall Logs must be sent to a common Log Analytics workspace
- Users require minimum RBAC of Reader permissions to Log Analytics workspace
- Using an ARM Template Firewall Logs Viewer ARM Deployment.json
- Manually via Azure Monitor
- Go to Azure Monitor > Workbooks
- Click on +New
- Click on the Advanced Editor
- Copy and paste the contents of Firewall Logs viewer.workbook into the template window, replacing what's already there
- Click Apply and then Save
-
Choose the Workspace that contains firewall logs
-
Configure the default Time range
-
Optionally select
- Firewall selections
- Rule type and Action
-
Click Save