published: 29th of November 2023
This is a quick post on how to query Azure Firewall logs using Kusto Query Language (KQL). It's not a deep dive into KQL, but rather a quick reference of useful queries for future Brad.
To find denied traffic between a source and destination IP address I found adding the following to the bottom of the pre-canned Network rule log data query useful:
AzureDiagnostics
// ...
// Add to bottom of query and run
| where SourceIP contains "src-ip"
| where TargetIP contains "dst-ip"
| where Action contains "Deny"As time goes on, I'll add more queries to this post.