Firewalls and virtual networks events

%3CLINGO-SUB%20id%3D%22lingo-sub-1340483%22%20slang%3D%22en-US%22%3EFirewalls%20and%20virtual%20networks%20events%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1340483%22%20slang%3D%22en-US%22%3E%3CP%3EI%20am%20trying%20to%20view%20events%20in%20AzureActivity%20related%20to%26nbsp%3BFirewalls%20and%20virtual%20networks%20events%2C%20specifically%20if%20someone%20adds%20an%20IP%20and%20so%20far%20checking%20the%20schema%20I%20can't%20find%20the%20column%20that%20would%20have%20that%20info.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIs%20there%20a%20column%20that%20tracks%20the%20IP%20added%20to%26nbsp%3BFirewalls%20and%20virtual%20networks%20events%2C%20or%20is%20there%20only%20way%20to%20track%20this%20info%20is%20a%20generic%20query%20like%20below%2C%20and%20then%20check%20the%20RG's%26nbsp%3B%26nbsp%3BFirewalls%20and%20virtual%20networks%20events%20view%20to%20see%20what%20IP%20has%20been%20added%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CDIV%3E%3CDIV%3E%3CSPAN%3EAzureActivity%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3E%7C%20%3C%2FSPAN%3E%3CSPAN%3Ewhere%3C%2FSPAN%3E%3CSPAN%3E%20OperationName%20%3C%2FSPAN%3E%3CSPAN%3Econtains%3C%2FSPAN%3E%20%3CSPAN%3E%22Update%20SQL%20server%20firewall%20rules%22%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3E%7C%20%3C%2FSPAN%3E%3CSPAN%3Eproject%3C%2FSPAN%3E%3CSPAN%3E%20TimeGenerated%20%3C%2FSPAN%3E%3CSPAN%3E%2C%3C%2FSPAN%3E%3CSPAN%3E%20OperationName%20%3C%2FSPAN%3E%3CSPAN%3E%2C%3C%2FSPAN%3E%3CSPAN%3E%20ActivityStatus%20%3C%2FSPAN%3E%3CSPAN%3E%2C%3C%2FSPAN%3E%3CSPAN%3E%20OperationNameValue%20%3C%2FSPAN%3E%3CSPAN%3E%2C%3C%2FSPAN%3E%3CSPAN%3E%20ResourceGroup%20%3C%2FSPAN%3E%3CSPAN%3E%2C%3C%2FSPAN%3E%3CSPAN%3E%20Caller%20%3C%2FSPAN%3E%3CSPAN%3E%2C%3C%2FSPAN%3E%3CSPAN%3E%20CallerIpAddress%3C%2FSPAN%3E%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1340483%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20Log%20Analytics%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1340687%22%20slang%3D%22en-US%22%3ERe%3A%20Firewalls%20and%20virtual%20networks%20events%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1340687%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F173036%22%20target%3D%22_blank%22%3E%40Jeff%20Walzer%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EFor%20Azure%20Firewalls%2C%20also%20see%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Ffirewall%2Flog-analytics-samples%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Ffirewall%2Flog-analytics-samples%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1347889%22%20slang%3D%22en-US%22%3ERe%3A%20Firewalls%20and%20virtual%20networks%20events%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1347889%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F239477%22%20target%3D%22_blank%22%3E%40Clive%20Watson%3C%2FA%3E%26nbsp%3B-%20thx%20for%20the%20reply.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIt%20doesn't%20appear%20that%20events%20from%20Firewalls%20and%20virtual%20networks%20are%20logged%20under%26nbsp%3B%3CSPAN%3EAzureDiagnostics%20as%20far%20as%20I%20can%20tell%20as%20a%20search%20for%20the%20OperationName%20containing%20%22Update%20SQL%20server%20firewall%20rules%22%20returns%20no%20hits%20whereas%20searching%20under%20AzureActivity%20I%20see%20the%20events.%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Contributor

I am trying to view events in AzureActivity related to Firewalls and virtual networks events, specifically if someone adds an IP and so far checking the schema I can't find the column that would have that info.

 

Is there a column that tracks the IP added to Firewalls and virtual networks events, or is there only way to track this info is a generic query like below, and then check the RG's  Firewalls and virtual networks events view to see what IP has been added?

 

AzureActivity
| where OperationName contains "Update SQL server firewall rules"
| project TimeGenerated , OperationName , ActivityStatus , OperationNameValue , ResourceGroup , Caller , CallerIpAddress
2 Replies
Highlighted
Highlighted

@Clive Watson - thx for the reply.

 

It doesn't appear that events from Firewalls and virtual networks are logged under AzureDiagnostics as far as I can tell as a search for the OperationName containing "Update SQL server firewall rules" returns no hits whereas searching under AzureActivity I see the events.