Forum Discussion
Yashrajsp10
Nov 07, 2022Copper Contributor
Azure Firewall Logs
Hi,
I was checking some firewalls logs by running the below query
CommonSecurityLog
| where DeviceProduct == "firewall1" or DeviceProduct == "firewall2"
| project
TimeGenerated,
DeviceName,
SourceIP,
DestinationIP,
DestinationPort,
Protocol,
DeviceAction,
Activity
| sort by TimeGenerated desc
| where DestinationIP contains "a.b.c.d"
I do get the results after this. But I do not understand the result in the "DeviceAction" column
Result is:
TimeGenerated [UTC]
2022-11-05T15:12:23.003Z
DeviceName
f03xxxxxxxxxx
SourceIP
172.x.x.x
DestinationIP
103.x.x.x
DestinationPort
80
Protocol
tcp
DeviceAction
reset-both
Activity
THREAT
What does reset-both mean?
- Just looked this up myself, is this for a Palo Alto (if not the definition of "reset-both" might be different). Please refer to the vendor docs to be sure.
https://live.paloaltonetworks.com/t5/threat-vulnerability-discussions/question-regarding-quot-reset-both-quot-action/td-p/325269
- Clive_WatsonBronze ContributorJust looked this up myself, is this for a Palo Alto (if not the definition of "reset-both" might be different). Please refer to the vendor docs to be sure.
https://live.paloaltonetworks.com/t5/threat-vulnerability-discussions/question-regarding-quot-reset-both-quot-action/td-p/325269- Yashrajsp10Copper ContributorThank you, Clive. Thats helps and yes, it is for Palo Alto