Queries for the AZFWIdpsSignature table
For information on using these queries in the Azure portal, see Log Analytics tutorial. For the REST API, see Query.
IDPS event logs
IDPS events. These logs are only available when IDPS is enabled.
AZFWIdpsSignature
| take 100
All firewall decisions
All decision taken by firewall. Contains hits on network, application and NAT rules, as well as threat intelligence hits and IDPS signature hits.
AZFWNetworkRule
| union AZFWApplicationRule, AZFWNatRule, AZFWThreatIntel, AZFWIdpsSignature
| take 100