Queries for the AZFWIdpsSignature table

For information on using these queries in the Azure portal, see Log Analytics tutorial. For the REST API, see Query.

IDPS event logs

IDPS events. These logs are only available when IDPS is enabled.

AZFWIdpsSignature
| take 100

All firewall decisions

All decision taken by firewall. Contains hits on network, application and NAT rules, as well as threat intelligence hits and IDPS signature hits.

AZFWNetworkRule
| union AZFWApplicationRule, AZFWNatRule, AZFWThreatIntel, AZFWIdpsSignature
| take 100