Forum Discussion
Clive_Watson
Jan 05, 2022Bronze Contributor
You don't mention which Firewall. Azure Firewall, logs IPS/IDS so you can start a query with AzureDiagnostics | where ResourceType == "AZUREFIREWALLS" | where OperationName == "AzureFirewallIDSLog"
- ankit976Jan 07, 2022Copper ContributorBut by this we can not find whether IDS turnoff or not.........there is field msg_s in that i guess we will get "off". so query can be
AzureDiagnostics | where ResourceType == "AZUREFIREWALLS" | where OperationName == "AzureFirewallIDSLog" | where msg_s contains "off"
Now i am in doubt about that off things- Clive_WatsonJan 07, 2022Bronze ContributorI was thinking if you have data returned by that Query then IDS must be "ON", you could then test to see when data was last sent?