timothywarner/azure-firewall-sample-log.json

## azure-firewall-sample-log.json
[
  {
    "time": "2024-07-13T12:45:00Z",
    "resourceId": "/subscriptions/12345678-1234-1234-1234-123456789abc/resourceGroups/myResourceGroup/providers/Microsoft.Network/azureFirewalls/myFirewall",
    "category": "AzureFirewallNetworkRule",
    "operationName": "AzureFirewallNetworkRuleLog",
    "properties": {
      "msg": "Deny",
      "protocol": "TCP",
      "sourceIP": "203.0.113.1",
      "destinationIP": "192.168.1.10",
      "sourcePort": "44321",
      "destinationPort": "3389",
      "action": "Deny",
      "ruleCollectionName": "RCNetRuleCollection",
      "ruleName": "DenyRDP",
      "direction": "Inbound",
      "priority": 100,
      "policy": "/subscriptions/12345678-1234-1234-1234-123456789abc/resourceGroups/myResourceGroup/providers/Microsoft.Network/firewallPolicies/myFirewallPolicy"
    }
  },
  {
    "time": "2024-07-13T12:50:00Z",
    "resourceId": "/subscriptions/12345678-1234-1234-1234-123456789abc/resourceGroups/myResourceGroup/providers/Microsoft.Network/azureFirewalls/myFirewall",
    "category": "AzureFirewallApplicationRule",
    "operationName": "AzureFirewallApplicationRuleLog",
    "properties": {
      "msg": "Allow",
      "protocol": "HTTP",
      "sourceIP": "198.51.100.2",
      "destinationIP": "10.0.0.5",
      "sourcePort": "51123",
      "destinationPort": "80",
      "action": "Allow",
      "ruleCollectionName": "RCAppRuleCollection",
      "ruleName": "AllowWebTraffic",
      "direction": "Outbound",
      "priority": 200,
      "policy": "/subscriptions/12345678-1234-1234-1234-123456789abc/resourceGroups/myResourceGroup/providers/Microsoft.Network/firewallPolicies/myFirewallPolicy"
    }
  },
  {
    "time": "2024-07-13T13:00:00Z",
    "resourceId": "/subscriptions/12345678-1234-1234-1234-123456789abc/resourceGroups/myResourceGroup/providers/Microsoft.Network/azureFirewalls/myFirewall",
    "category": "AzureFirewallThreatIntel",
    "operationName": "AzureFirewallThreatIntelLog",
    "properties": {
      "msg": "Alert",
      "threatType": "Malware",
      "sourceIP": "203.0.113.3",
      "destinationIP": "10.0.0.7",
      "sourcePort": "51333",
      "destinationPort": "80",
      "action": "Alert",
      "threatDescription": "Known malware site accessed",
      "policy": "/subscriptions/12345678-1234-1234-1234-123456789abc/resourceGroups/myResourceGroup/providers/Microsoft.Network/firewallPolicies/myFirewallPolicy"
    }
  },
  {
    "time": "2024-07-13T13:10:00Z",
    "resourceId": "/subscriptions/12345678-1234-1234-1234-123456789abc/resourceGroups/myResourceGroup/providers/Microsoft.Network/azureFirewalls/myFirewall",
    "category": "AzureFirewallNetworkRule",
    "operationName": "AzureFirewallNetworkRuleLog",
    "properties": {
      "msg": "Allow",
      "protocol": "UDP",
      "sourceIP": "192.0.2.1",
      "destinationIP": "10.0.0.8",
      "sourcePort": "60000",
      "destinationPort": "53",
      "action": "Allow",
      "ruleCollectionName": "RCNetRuleCollection",
      "ruleName": "AllowDNS",
      "direction": "Outbound",
      "priority": 300,
      "policy": "/subscriptions/12345678-1234-1234-1234-123456789abc/resourceGroups/myResourceGroup/providers/Microsoft.Network/firewallPolicies/myFirewallPolicy"
    }
  },
  {
    "time": "2024-07-13T13:15:00Z",
    "resourceId": "/subscriptions/12345678-1234-1234-1234-123456789abc/resourceGroups/myResourceGroup/providers/Microsoft.Network/azureFirewalls/myFirewall",
    "category": "AzureFirewallThreatIntel",
    "operationName": "AzureFirewallThreatIntelLog",
    "properties": {
      "msg": "Alert",
      "threatType": "BruteForce",
      "sourceIP": "198.51.100.4",
      "destinationIP": "192.168.1.10",
      "sourcePort": "49999",
      "destinationPort": "22",
      "action": "Alert",
      "threatDescription": "Brute force attack detected on SSH port",
      "policy": "/subscriptions/12345678-1234-1234-1234-123456789abc/resourceGroups/myResourceGroup/providers/Microsoft.Network/firewallPolicies/myFirewallPolicy"
    }
  },
  {
    "time": "2024-07-13T13:20:00Z",
    "resourceId": "/subscriptions/12345678-1234-1234-1234-123456789abc/resourceGroups/myResourceGroup/providers/Microsoft.Network/azureFirewalls/myFirewall",
    "category": "AzureFirewallApplicationRule",
    "operationName": "AzureFirewallApplicationRuleLog",
    "properties": {
      "msg": "Deny",
      "protocol": "HTTPS",
      "sourceIP": "192.0.2.5",
      "destinationIP": "10.0.0.9",
      "sourcePort": "52345",
      "destinationPort": "443",
      "action": "Deny",
      "ruleCollectionName": "RCAppRuleCollection",
      "ruleName": "DenySuspiciousHTTPS",
      "direction": "Outbound",
      "priority": 150,
      "policy": "/subscriptions/12345678-1234-1234-1234-123456789abc/resourceGroups/myResourceGroup/providers/Microsoft.Network/firewallPolicies/myFirewallPolicy"
    }
  },
  {
    "time": "2024-07-13T13:25:00Z",
    "resourceId": "/subscriptions/12345678-1234-1234-1234-123456789abc/resourceGroups/myRe
	[
	{
	"time": "2024-07-13T12:45:00Z",
	"resourceId": "/subscriptions/12345678-1234-1234-1234-123456789abc/resourceGroups/myResourceGroup/providers/Microsoft.Network/azureFirewalls/myFirewall",
	"category": "AzureFirewallNetworkRule",
	"operationName": "AzureFirewallNetworkRuleLog",
	"properties": {
	"msg": "Deny",
	"protocol": "TCP",
	"sourceIP": "203.0.113.1",
	"destinationIP": "192.168.1.10",
	"sourcePort": "44321",
	"destinationPort": "3389",
	"action": "Deny",
	"ruleCollectionName": "RCNetRuleCollection",
	"ruleName": "DenyRDP",
	"direction": "Inbound",
	"priority": 100,
	"policy": "/subscriptions/12345678-1234-1234-1234-123456789abc/resourceGroups/myResourceGroup/providers/Microsoft.Network/firewallPolicies/myFirewallPolicy"
	}
	},
	{
	"time": "2024-07-13T12:50:00Z",
	"resourceId": "/subscriptions/12345678-1234-1234-1234-123456789abc/resourceGroups/myResourceGroup/providers/Microsoft.Network/azureFirewalls/myFirewall",
	"category": "AzureFirewallApplicationRule",
	"operationName": "AzureFirewallApplicationRuleLog",
	"properties": {
	"msg": "Allow",
	"protocol": "HTTP",
	"sourceIP": "198.51.100.2",
	"destinationIP": "10.0.0.5",
	"sourcePort": "51123",
	"destinationPort": "80",
	"action": "Allow",
	"ruleCollectionName": "RCAppRuleCollection",
	"ruleName": "AllowWebTraffic",
	"direction": "Outbound",
	"priority": 200,
	"policy": "/subscriptions/12345678-1234-1234-1234-123456789abc/resourceGroups/myResourceGroup/providers/Microsoft.Network/firewallPolicies/myFirewallPolicy"
	}
	},
	{
	"time": "2024-07-13T13:00:00Z",
	"resourceId": "/subscriptions/12345678-1234-1234-1234-123456789abc/resourceGroups/myResourceGroup/providers/Microsoft.Network/azureFirewalls/myFirewall",
	"category": "AzureFirewallThreatIntel",
	"operationName": "AzureFirewallThreatIntelLog",
	"properties": {
	"msg": "Alert",
	"threatType": "Malware",
	"sourceIP": "203.0.113.3",
	"destinationIP": "10.0.0.7",
	"sourcePort": "51333",
	"destinationPort": "80",
	"action": "Alert",
	"threatDescription": "Known malware site accessed",
	"policy": "/subscriptions/12345678-1234-1234-1234-123456789abc/resourceGroups/myResourceGroup/providers/Microsoft.Network/firewallPolicies/myFirewallPolicy"
	}
	},
	{
	"time": "2024-07-13T13:10:00Z",
	"resourceId": "/subscriptions/12345678-1234-1234-1234-123456789abc/resourceGroups/myResourceGroup/providers/Microsoft.Network/azureFirewalls/myFirewall",
	"category": "AzureFirewallNetworkRule",
	"operationName": "AzureFirewallNetworkRuleLog",
	"properties": {
	"msg": "Allow",
	"protocol": "UDP",
	"sourceIP": "192.0.2.1",
	"destinationIP": "10.0.0.8",
	"sourcePort": "60000",
	"destinationPort": "53",
	"action": "Allow",
	"ruleCollectionName": "RCNetRuleCollection",
	"ruleName": "AllowDNS",
	"direction": "Outbound",
	"priority": 300,
	"policy": "/subscriptions/12345678-1234-1234-1234-123456789abc/resourceGroups/myResourceGroup/providers/Microsoft.Network/firewallPolicies/myFirewallPolicy"
	}
	},
	{
	"time": "2024-07-13T13:15:00Z",
	"resourceId": "/subscriptions/12345678-1234-1234-1234-123456789abc/resourceGroups/myResourceGroup/providers/Microsoft.Network/azureFirewalls/myFirewall",
	"category": "AzureFirewallThreatIntel",
	"operationName": "AzureFirewallThreatIntelLog",
	"properties": {
	"msg": "Alert",
	"threatType": "BruteForce",
	"sourceIP": "198.51.100.4",
	"destinationIP": "192.168.1.10",
	"sourcePort": "49999",
	"destinationPort": "22",
	"action": "Alert",
	"threatDescription": "Brute force attack detected on SSH port",
	"policy": "/subscriptions/12345678-1234-1234-1234-123456789abc/resourceGroups/myResourceGroup/providers/Microsoft.Network/firewallPolicies/myFirewallPolicy"
	}
	},
	{
	"time": "2024-07-13T13:20:00Z",
	"resourceId": "/subscriptions/12345678-1234-1234-1234-123456789abc/resourceGroups/myResourceGroup/providers/Microsoft.Network/azureFirewalls/myFirewall",
	"category": "AzureFirewallApplicationRule",
	"operationName": "AzureFirewallApplicationRuleLog",
	"properties": {
	"msg": "Deny",
	"protocol": "HTTPS",
	"sourceIP": "192.0.2.5",
	"destinationIP": "10.0.0.9",
	"sourcePort": "52345",
	"destinationPort": "443",
	"action": "Deny",
	"ruleCollectionName": "RCAppRuleCollection",
	"ruleName": "DenySuspiciousHTTPS",
	"direction": "Outbound",
	"priority": 150,
	"policy": "/subscriptions/12345678-1234-1234-1234-123456789abc/resourceGroups/myResourceGroup/providers/Microsoft.Network/firewallPolicies/myFirewallPolicy"
	}
	},
	{
	"time": "2024-07-13T13:25:00Z",
	"resourceId": "/subscriptions/12345678-1234-1234-1234-123456789abc/resourceGroups/myRe