User Profile
chrisbutler
Copper Contributor
Joined Sep 29, 2019
User Widgets
Recent Discussions
Az Application Gateway WAF Policy - Custom Rule exclusions can't be created for specific WAF Rules?
Hi, Have been playing with the AAG Web Application Firewall for some time now and found what I believe to be some rather major flaws in functionality. Mainly, the lack of ability to exclude a specific URI from certain WAF rule checks , instead it very much seems like when you add an exception via an Application Gateway WAF Policy, that it exlcudes the URI from the WAF entirely. Anyone have any info, clues, tips or ways I have not found to exclude a certain URI from specific rule checks?Re: Feedback requested: Adaptive Network Hardening in Azure Security Center
Oren Parag Unrelated specifically to Adaptive Nework Hardening, but to me a far more worthwhile use of time and money would be to fix the next to useless 'Custom Rules' functionality in the WAF Policies used for Azure Application Gateway and Front Door.Re: Azure Alerts metrics in LogAnalytics
bryan_wilson Hey Bryan, the Workbooks blade in Azure Monitor can do something that's at least very, very close to what your asking. Go to 'Monitor' -> 'Workbooks' blades, then click 'New': Click 'Add Query': Then click the tiny '(change)' option next to where it says 'Query: None.....' Then we get to the good stuff: Make the following changes to the option to get you something close to what you want: Data Source = Alerts (preview) Resource Type = Subscriptions Subscriptions = <select the subscriptions you want to cover> Time Range = <define the desired time range for your query> Results = Alerts Severity/Condition/Alert State = <define as per your needs> Visualisation = Grid This new workbook can then be saved, and the step pinned to a Dashboard. You'll probably want to tweak a bit to get it to suit your requirements, but I think this should get you close?Re: Render operator ignoring ymin and ymax values
CliveWatson Hey Clive, Yes it is a busy chart, I have extra WHERE statements similar to yours in the Query I'm actually using that filter our a bunch of the disks that I'm not particularly interested in (Azure VM BEK and Temp storage drives especially) however I've left those out of my post as it identifies some of the machine names (and therefore could be extrapolated to the DNS name with enough trial and error). The issue with just using: | where InstanceName has ":" .......and specifying specific drive letters is that the Azure BEK encryption drives don't seem to always end up with the same drive letter, so my WHERE statement has to be a bit more complex to pick specific drives from certain machines. Back on topic, the make-series statement that you suggested yesterday has worked perfectly to get the y axis to go from 0 - 100, it also allowed me to give the Y axis a custom name label which I hadn't yet worked out how to do. I also used this extend and strcat() statement to create a new series for the X axis with a better name and data that reads easier in the legend: | extend DiskName = strcat(Computer," (", InstanceName,")") You might have noticed I then used the new series in my version of your make-series to spilt the X series up the way I wanted. After all that, I've ended up with something very similar to this: Perf | where TimeGenerated > ago(60d) | where ObjectName == "LogicalDisk" | where CounterName == "% Free Space" | where InstanceName == "C:" or InstanceName == "F:" or InstanceName == "E:" | extend DiskName = strcat(Computer," (", InstanceName,")") | make-series DiskFreeSpace = max(CounterValue) default=0 on TimeGenerated in range(ago(60d), now(), 12h) by DiskName | render timechart title ="Virtual Machine Disk Usage" Which results in this: The data is quite spiky as the VMs are all relatively new, so the series will smooth out over a couple of months, and I still have some work to do to try and get it to display in local time (+12 GMT NZST), move the legend to the bottom (more like the built in Azure charts) and remove the dots off the series lines....... but fundamentally, this gives me what I need. Thank you very much for you help! I'm learning a lot as I go!Re: Render operator ignoring ymin and ymax values
the_irk I have a similar issue trying to graph free space on the Logical drives of all my Azure VMs, my data set luckily has the right values to push the ymax to 100 on it's own, but it's ignoring the ymin = 0 (or any ymax other than 100) that I'm trying to define. Perf | where TimeGenerated > ago(60d) | where ObjectName == "LogicalDisk" | where CounterName == "% Free Space" | project CounterPath, TimeGenerated, InstanceName, CounterName, CounterValue | summarize max(CounterValue) by bin(TimeGenerated, 12h), CounterPath | render timechart with (title ="Virtual Machine Disk Usage", ymin=0, ymax=100) Would appreciate if anyone as any clues, tips or tricks!
