Share via

Not able to see IP Firewall rules changes under resourcechanges

Julio-14 0 Reputation points
2025-01-28T22:29:10.42+00:00

Hi,

Given a Synapse workspace who is associated to an alert and where the alert rule is configured as the Signal "Create/Update server firewall rule (servers/firewallRules)", when the configuration of the Firewall rules under Synapse workspace -> Security -> Networking change, the alert does triggers and I receive an email, then I can identify an EventID which helped me out to then identify the correlation ID, the problem that I'm seeing, is that I'm not able to see any record under resource graph explorer associated to the alert (resourcechanges table), I have tried properties.changeAttributes.correlationId and no luck, no records retrieved

Azure Synapse Analytics
Azure Synapse Analytics
An Azure analytics service that brings together data integration, enterprise data warehousing, and big data analytics. Previously known as Azure SQL Data Warehouse.
5,170 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Ganesh Gurram 3,765 Reputation points Microsoft Vendor
    2025-01-29T13:05:05.9166667+00:00

    Hi @Julio-14

    Greetings & Welcome to the Microsoft Q&A forum! Thank you for sharing your query.

    Based on the details you’ve provided, it seems that you are facing issues with tracking and correlating alerts from Synapse workspace firewall rule changes to logs in the Azure Resource Graph and Activity Logs. Here are some steps and considerations that might help address the issues:

    Check Subscription and Tenant Configuration - The message in the screenshot indicates a known limitation with Azure Lighthouse. If your subscription is managed through Azure Lighthouse, certain operations like change analysis might not be fully supported. Consider accessing the subscription directly if possible.

    Use the "Troubleshoot" link provided in the error message for guided steps specific to Azure Lighthouse scenarios. Review any diagnostic settings and ensure logs are being sent to a Log Analytics workspace where they can be queried.

    User's image

    Enable Resource Change History - Ensure that the Microsoft.ChangeAnalysis resource provider is registered for your subscription. You can register it using the Azure Portal or through Azure CLI/PowerShell. This enables change history tracking for resources.

    Review IAM Permissions - Make sure you have the necessary permissions to view the Activity Logs and Resource Changes. You might need the Reader role or higher on the subscription or resource group.

    Querying Resource Graph - Double-check your queries in the Resource Graph Explorer. Ensure the syntax is correct and you are querying the correct tables and fields. The ResourceChanges table should contain the relevant data if the change analysis is enabled.

    Check Azure Monitor Alerts - Ensure your alert rule is correctly configured to capture the specific changes and that the signal logic is accurately set up.

    By following these steps, you should be able to better track and correlate Synapse workspace firewall rule changes with Azure logs and alerts.

    For more details refer: https://learn.microsoft.com/en-us/azure/governance/resource-graph/troubleshoot/general

    I hope this information helps.

    Kindly consider upvoting the comment if the information provided is helpful. This can assist other community members in resolving similar issues.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.