azure-firewall-logs-viewer

Azure Firewall Log Viewer

An Azure Workbook for analyzing Azure Firewall Network Rules and Application Rules logs

Requirements:

• Firewall Logs must be sent to a common Log Analytics workspace
• Users require minimum RBAC of Reader permissions to Log Analytics workspace

 

Installation

There are multiple ways to install this Azure Workbook

• Using this installation button:  

 

• Using an ARM Template Firewall Logs Viewer ARM Deployment.json

 

• Manually via Azure Monitor
  • Go to Azure Monitor > Workbooks
  • Click on +New
  • Click on the Advanced Editor
  • Copy and paste the contents of Firewall Logs viewer.workbook into the template window, replacing what's already there
  • Click Apply and then Save

 

Configuring Defaults

Once the Workbook has been installed, click edit and...

• Choose the Workspace that contains firewall logs

• Configure the default Time range

• Optionally select

  • Firewall selections
  • Rule type and Action

• Click Save