Skip to content

Instantly share code, notes, and snippets.

@TheCloudScout

TheCloudScout/parse demo - Azure Firewall network rule logs

Created January 12, 2022 17:00
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save TheCloudScout/9f24999ecd80a5d97858f951fdf26f08 to your computer and use it in GitHub Desktop.
Save TheCloudScout/9f24999ecd80a5d97858f951fdf26f08 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
parse demo - Azure Firewall network rule logs
let AzureFirewallNetworkRulesLogsSample = datatable( msg_s:string )
[
"ICMP Type=8 request from 10.0.0.1 to 10.0.0.2. Action: Allow.",
"TCP request from 10.0.0.1:56088 to 10.0.0.2:443. Action: Allow.",
"HTTP request from 10.0.0.1:62504 to ocsp.sca1b.amazontrust.com:80. Url: ocsp.sca1b.amazontrust.com/MFE=. Action: Deny. ThreatIntel: Bot Networks",
"HTTPS request from 10.0.0.1:53415 to tags.bluekai.com:443. Action: Deny. ThreatIntel: Phishing Url",
"ICMP request from 10.0.0.1: to 10.0.0.2:. Action: alert. Signature: 2100366. IDS: ICMP_INFO PING *NIX. Priority: 3. Classification: Misc activity"
];
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment