%3CLINGO-SUB%20id%3D%22lingo-sub-1632764%22%20slang%3D%22en-US%22%3EWhat%E2%80%99s%20New%3A%20Azure%20Firewall%20Connector%20in%20Public%20Preview!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1632764%22%20slang%3D%22en-US%22%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CEM%3EThis%20installment%20is%20part%20of%20a%20broader%20series%20to%20keep%20you%20up%20to%20date%20with%20the%20latest%20features%20in%20Azure%20Sentinel.%20The%20installments%20will%20be%20bite-sized%20to%20enable%20you%20to%20easily%20digest%20the%20new%20content.%3C%2FEM%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EAzure%20Sentinel%20supports%20a%20set%20of%20standard%20patterns%20for%20ingesting%20data%20at%20scale.%20Customers%20are%20able%20to%20easily%20onboard%20data%20sources%20via%20an%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsentinel%2Fconnect-data-sources%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3E%20extensive%20gallery%20of%20connectors%3C%2FA%3E%20and%20data%20collection%20technologies.%20Data%20is%20the%20foundation%20for%20Azure%20Sentinel.%20To%20increase%20our%20set%20of%20data%20sources%2C%20we%20are%20delighted%20to%20announce%20that%20the%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsentinel%2Fconnect-azure-firewall%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3E%3CEM%3EAzure%20Firewall%20data%20connector%3C%2FEM%3E%20%3C%2FA%3Eis%20now%20public%20preview!%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Ffirewall%2Foverview%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EAzure%20Firewall%3C%2FA%3E%20is%20a%20managed%2C%20cloud-based%20network%20security%20service%20that%20protects%20your%20Azure%20Virtual%20Network%20resources.%20It's%20a%20fully%20stateful%20firewall-as-a-service%20with%20built-in%20high%20availability%20and%20unrestricted%20cloud%20scalability.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EYou%20can%20connect%20Azure%20Firewall%20logs%20to%20Azure%20Sentinel%2C%20enabling%20you%20to%20view%20log%20data%20in%20workbooks%2C%20use%20it%20to%20create%20custom%20analytics%2C%2C%20and%20incorporate%20it%20to%20improve%20your%20investigation%2Fhunting%20activities.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%3ELearn%20more%20about%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Ffirewall%2Ftutorial-diagnostics%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%20data-linktype%3D%22absolute-path%22%3Emonitoring%20Azure%20Firewall%20logs%3C%2FA%3E%3CSPAN%3E.%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId--602888943%22%20id%3D%22toc-hId-1227532370%22%20id%3D%22toc-hId-1227561297%22%20id%3D%22toc-hId-1227561297%22%20id%3D%22toc-hId-1227561297%22%20id%3D%22toc-hId-1227561297%22%20id%3D%22toc-hId-1227561297%22%20id%3D%22toc-hId-1227561297%22%20id%3D%22toc-hId-1227561297%22%20id%3D%22toc-hId-1227561297%22%20id%3D%22toc-hId-1227561297%22%20id%3D%22toc-hId-1227561297%22%20id%3D%22toc-hId-1227561297%22%3EHow%20to%20enable%3A%3C%2FH3%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3COL%3E%0A%3CLI%3EFrom%20the%20Azure%20Sentinel%20navigation%20menu%2C%20select%20%3CSTRONG%3EData%20connectors.%3C%2FSTRONG%3E%3C%2FLI%3E%0A%3C%2FOL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22dataconnectors.jpg%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F216386iE8A9BACC3D2C11B3%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20title%3D%22dataconnectors.jpg%22%20alt%3D%22dataconnectors.jpg%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%202.%26nbsp%3B%20Select%20%3CSTRONG%3EAzure%20Firewall%3C%2FSTRONG%3E%20from%20the%20data%20connectors%20gallery%2C%20and%20then%20select%20%3CSTRONG%3EOpen%20Connector%3C%2FSTRONG%3E%20Page%20on%20the%20preview%20pane.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22step2.jpg%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F216387i0530A85AEB5C5371%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20title%3D%22step2.jpg%22%20alt%3D%22step2.jpg%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EEnable%3CSTRONG%3E%20Diagnostic%20logs%3C%2FSTRONG%3E%20on%20all%20the%20firewalls%20whose%20logs%20you%20wish%20to%20connect%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%203.%26nbsp%3B%20Select%20the%20%3CSTRONG%3EOpen%20Azure%20Firewall%20resource%3C%2FSTRONG%3E%20%26gt%3B%20link.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22OpenFirewall.jpg%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F216388iFFD7943CE452A1AE%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20title%3D%22OpenFirewall.jpg%22%20alt%3D%22OpenFirewall.jpg%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%204.%26nbsp%3B%20From%20the%20Firewalls%20navigation%20menu%2C%20select%20Diagnostic%20settings.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22diagnosticsettings.jpg%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F216390i86AAB053B26278EC%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20title%3D%22diagnosticsettings.jpg%22%20alt%3D%22diagnosticsettings.jpg%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%205.%26nbsp%3B%20Select%20%2B%20Add%20diagnostic%20setting%20at%20the%20bottom%20of%20the%20list.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22sendtola.jpg%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F216391i6DCB605C5EBEA6A3%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20title%3D%22sendtola.jpg%22%20alt%3D%22sendtola.jpg%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EGIF%20Demonstration%3A%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22azurefirewallgif.gif%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F216404i221DA46B252FF33C%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20title%3D%22azurefirewallgif.gif%22%20alt%3D%22azurefirewallgif.gif%22%20%2F%3E%3C%2FSPAN%3E%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH4%20id%3D%22toc-hId--709101273%22%20id%3D%22toc-hId-1918093844%22%20id%3D%22toc-hId-1918122771%22%20id%3D%22toc-hId-1918122771%22%20id%3D%22toc-hId-1918122771%22%20id%3D%22toc-hId-1918122771%22%20id%3D%22toc-hId-1918122771%22%20id%3D%22toc-hId-1918122771%22%20id%3D%22toc-hId-1918122771%22%20id%3D%22toc-hId-1918122771%22%20id%3D%22toc-hId-1918122771%22%20id%3D%22toc-hId-1918122771%22%20id%3D%22toc-hId-1918122771%22%3E%3CFONT%20size%3D%225%22%3EGet%20Started%20Today!%3C%2FFONT%3E%3C%2FH4%3E%0A%3CP%3ETry%20out%20the%20new%20connector%20and%20let%20us%20know%20your%20feedback%20using%20any%20of%20the%20channels%20listed%20in%20the%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2FAzure%2FAzure-Sentinel%2Fwiki%23resources%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EResources%3C%2FA%3E.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EYou%20can%20also%20contribute%20new%20connectors%2C%20workbooks%2C%20analytics%20and%20more%20in%20Azure%20Sentinel.%20Get%20started%20now%20by%20joining%20the%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Faka.ms%2Fthreathunters%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EAzure%20Sentinel%20Threat%20Hunters%20GitHub%20community%3C%2FA%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3Eand%20follow%20the%20guidance.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-1632764%22%20slang%3D%22en-US%22%3E%3CP%3ETo%20expand%20our%20set%20of%20data%20sources%2C%20we%20are%20delighted%20to%20announce%20that%20the%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsentinel%2Fconnect-azure-firewall%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3E%3CEM%3EAzure%20Firewall%20data%20connector%3C%2FEM%3E%20%3C%2FA%3Eis%20now%20public%20preview!%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22azurefirewallgif.gif%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F216407i10123A06140974D1%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20title%3D%22azurefirewallgif.gif%22%20alt%3D%22azurefirewallgif.gif%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-TEASER%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1632764%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20Sentinel%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESecurity%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EWhat's%20New%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1636650%22%20slang%3D%22en-US%22%3ERe%3A%20What%E2%80%99s%20New%3A%20Azure%20Firewall%20Connector%20in%20Public%20Preview!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1636650%22%20slang%3D%22en-US%22%3E%3CP%3EDoubt%2C%20wasn't%20this%20possible%20earlier%20by%20directly%20going%20to%20the%20Azure%20Fiewalls%20%26gt%3B%20Diagnostic%20Settings.%3C%2FP%3E%3CP%3EIts%20nice%20to%20see%20the%20connector%20but%20I%20guess%20we%20need%20more%20of%20these%20connectors%20for%203rd%20party%20vendors.%3C%2FP%3E%3CP%3EThanks%20for%20the%20post.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1636992%22%20slang%3D%22en-US%22%3ERe%3A%20What%E2%80%99s%20New%3A%20Azure%20Firewall%20Connector%20in%20Public%20Preview!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1636992%22%20slang%3D%22en-US%22%3E%3CP%3EThank%20you%20for%20your%20feedback%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F562831%22%20target%3D%22_blank%22%3E%40josephabraham%3C%2FA%3E.%20We%20are%20continuing%20to%20invest%20our%20efforts%20to%20expand%20the%20data%20collection%20technologies%20for%20third%20party%20vendors.%20Stay%20tuned%2C%20we%20have%20more%20coming!%20%3A)%3C%2Fimg%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1673678%22%20slang%3D%22en-US%22%3ERe%3A%20What%E2%80%99s%20New%3A%20Azure%20Firewall%20Connector%20in%20Public%20Preview!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1673678%22%20slang%3D%22en-US%22%3E%3CP%3EWill%20the%20fields%20be%20parsed%2Fmapped%20properly%20for%20the%20source%2Fdestination%2Fports%2C%20etc.%20The%20current%20state%20of%20filed%20mapping%20makes%20it%20a%20pain%20to%20leverage%20as%20I%20have%20to%20extend%2Fparse%20at%20query%20time.%20As%20this%20is%20a%20firewall%2C%20one%20would%20expect%20those%20fields%20to%20be%20mapped%20pre-queries.%3C%2FP%3E%3C%2FLINGO-BODY%3E

 

This installment is part of a broader series to keep you up to date with the latest features in Azure Sentinel. The installments will be bite-sized to enable you to easily digest the new content.

 

Azure Sentinel supports a set of standard patterns for ingesting data at scale. Customers are able to easily onboard data sources via an extensive gallery of connectors and data collection technologies. Data is the foundation for Azure Sentinel. To increase our set of data sources, we are delighted to announce that the Azure Firewall data connector is now public preview!

 

Azure Firewall is a managed, cloud-based network security service that protects your Azure Virtual Network resources. It's a fully stateful firewall-as-a-service with built-in high availability and unrestricted cloud scalability.

 

You can connect Azure Firewall logs to Azure Sentinel, enabling you to view log data in workbooks, use it to create custom analytics,, and incorporate it to improve your investigation/hunting activities.

 

Learn more about monitoring Azure Firewall logs.

 

 

How to enable:

 

  1. From the Azure Sentinel navigation menu, select Data connectors.

 

dataconnectors.jpg

 

      2.  Select Azure Firewall from the data connectors gallery, and then select Open Connector Page on the preview pane.

 

step2.jpg

 

Enable Diagnostic logs on all the firewalls whose logs you wish to connect:

 

      3.  Select the Open Azure Firewall resource > link.

 

OpenFirewall.jpg

 

 

      4.  From the Firewalls navigation menu, select Diagnostic settings.

 

diagnosticsettings.jpg

 

 

      5.  Select + Add diagnostic setting at the bottom of the list.

 

sendtola.jpg

 

 

GIF Demonstration:

 

azurefirewallgif.gif

 

Get Started Today!

Try out the new connector and let us know your feedback using any of the channels listed in the Resources.

 

You can also contribute new connectors, workbooks, analytics and more in Azure Sentinel. Get started now by joining the Azure Sentinel Threat Hunters GitHub community and follow the guidance.

3 Comments
Senior Member

Doubt, wasn't this possible earlier by directly going to the Azure Fiewalls > Diagnostic Settings.

Its nice to see the connector but I guess we need more of these connectors for 3rd party vendors.

Thanks for the post. 

Thank you for your feedback @josephabraham. We are continuing to invest our efforts to expand the data collection technologies for third party vendors. Stay tuned, we have more coming! :)

New Contributor

Will the fields be parsed/mapped properly for the source/destination/ports, etc. The current state of filed mapping makes it a pain to leverage as I have to extend/parse at query time. As this is a firewall, one would expect those fields to be mapped pre-queries.