Share via


az network firewall policy draft intrusion-detection

Note

This reference is part of the azure-firewall extension for the Azure CLI (version 2.61.0 or higher). The extension will automatically install the first time you run an az network firewall policy draft intrusion-detection command. Learn more about extensions.

Manage intrusion signature rules and bypass rules.

Commands

Name Description Type Status
az network firewall policy draft intrusion-detection add

Update a draft Firewall Policy.

Extension Preview
az network firewall policy draft intrusion-detection list

List all intrusion detection configuration.

Extension Preview
az network firewall policy draft intrusion-detection remove

Update a draft Firewall Policy.

Extension Preview

az network firewall policy draft intrusion-detection add

Preview

This command is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus

Update a draft Firewall Policy.

az network firewall policy draft intrusion-detection add [--add]
                                                         [--auto-learn-private-ranges {Disabled, Enabled}]
                                                         [--configuration]
                                                         [--dns-servers]
                                                         [--enable-dns-proxy {0, 1, f, false, n, no, t, true, y, yes}]
                                                         [--explicit-proxy]
                                                         [--force-string {0, 1, f, false, n, no, t, true, y, yes}]
                                                         [--fqdns]
                                                         [--idps-mode {Alert, Deny, Off}]
                                                         [--ids]
                                                         [--ip-addresses]
                                                         [--mode {Alert, Deny, Off}]
                                                         [--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
                                                         [--policy-name]
                                                         [--private-ranges]
                                                         [--remove]
                                                         [--resource-group]
                                                         [--rule-description]
                                                         [--rule-dest-addresses]
                                                         [--rule-dest-ip-groups]
                                                         [--rule-dest-ports]
                                                         [--rule-name]
                                                         [--rule-protocol {Any, ICMP, TCP, UDP}]
                                                         [--rule-src-addresses]
                                                         [--rule-src-ip-groups]
                                                         [--set]
                                                         [--signature-id]
                                                         [--sql {0, 1, f, false, n, no, t, true, y, yes}]
                                                         [--subscription]
                                                         [--tags]
                                                         [--threat-intel-mode {Alert, Deny, Off}]

Optional Parameters

--add

Add an object to a list of objects by specifying a path and key value pairs. Example: --add property.listProperty <key=value, string or JSON string>.

--auto-learn-private-ranges --learn-ranges

The operation mode for automatically learning private ranges to not be SNAT.

Accepted values: Disabled, Enabled
--configuration

Intrusion detection configuration properties. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--dns-servers

Space-separated list of DNS server IP addresses. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--enable-dns-proxy

Enable DNS Proxy.

Accepted values: 0, 1, f, false, n, no, t, true, y, yes
--explicit-proxy

Explicit Proxy Settings definition. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--force-string

When using 'set' or 'add', preserve string literals instead of attempting to convert to JSON.

Accepted values: 0, 1, f, false, n, no, t, true, y, yes
--fqdns

Space-separated list of FQDNs. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--idps-mode
Preview

IDPS mode.

Accepted values: Alert, Deny, Off
--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--ip-addresses

Space-separated list of IPv4 addresses. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--mode

The signature state.

Accepted values: Alert, Deny, Off
--no-wait

Do not wait for the long-running operation to finish.

Accepted values: 0, 1, f, false, n, no, t, true, y, yes
--policy-name

The name of the Firewall Policy.

--private-ranges

List of private IP addresses/IP address ranges to not be SNAT. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--remove

Remove a property or an element from a list. Example: --remove property.list <indexToRemove> OR --remove propertyToRemove.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--rule-description

Description of the bypass traffic rule.

--rule-dest-addresses

Space-separated list of destination IP addresses or ranges for this rule Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--rule-dest-ip-groups

Space-separated list of destination IpGroups for this rule Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--rule-dest-ports

Space-separated list of destination ports or ranges Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--rule-name

Name of the bypass traffic rule.

--rule-protocol

The rule bypass protocol.

Accepted values: Any, ICMP, TCP, UDP
--rule-src-addresses

Space-separated list of source IP addresses or ranges for this rule Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--rule-src-ip-groups

Space-separated list of source IpGroups Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--set

Update an object by specifying a property path and value to set. Example: --set property1.property2=<value>.

--signature-id

Signature id.

--sql
Preview

A flag to indicate if SQL Redirect traffic filtering is enabled.

Accepted values: 0, 1, f, false, n, no, t, true, y, yes
--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--tags

Space-separated tags: key[=value] [key[=value] ...]. Use "" to clear existing tags. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--threat-intel-mode

The operation mode for Threat Intelligence.

Accepted values: Alert, Deny, Off
Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az network firewall policy draft intrusion-detection list

Preview

This command is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus

List all intrusion detection configuration.

az network firewall policy draft intrusion-detection list --policy-name
                                                          --resource-group

Required Parameters

--policy-name

The name of the Firewall Policy.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az network firewall policy draft intrusion-detection remove

Preview

This command is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus

Update a draft Firewall Policy.

az network firewall policy draft intrusion-detection remove [--add]
                                                            [--auto-learn-private-ranges {Disabled, Enabled}]
                                                            [--configuration]
                                                            [--dns-servers]
                                                            [--enable-dns-proxy {0, 1, f, false, n, no, t, true, y, yes}]
                                                            [--explicit-proxy]
                                                            [--force-string {0, 1, f, false, n, no, t, true, y, yes}]
                                                            [--fqdns]
                                                            [--idps-mode {Alert, Deny, Off}]
                                                            [--ids]
                                                            [--ip-addresses]
                                                            [--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
                                                            [--policy-name]
                                                            [--private-ranges]
                                                            [--remove]
                                                            [--resource-group]
                                                            [--rule-name]
                                                            [--set]
                                                            [--signature-id]
                                                            [--sql {0, 1, f, false, n, no, t, true, y, yes}]
                                                            [--subscription]
                                                            [--tags]
                                                            [--threat-intel-mode {Alert, Deny, Off}]

Optional Parameters

--add

Add an object to a list of objects by specifying a path and key value pairs. Example: --add property.listProperty <key=value, string or JSON string>.

--auto-learn-private-ranges --learn-ranges

The operation mode for automatically learning private ranges to not be SNAT.

Accepted values: Disabled, Enabled
--configuration

Intrusion detection configuration properties. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--dns-servers

Space-separated list of DNS server IP addresses. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--enable-dns-proxy

Enable DNS Proxy.

Accepted values: 0, 1, f, false, n, no, t, true, y, yes
--explicit-proxy

Explicit Proxy Settings definition. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--force-string

When using 'set' or 'add', preserve string literals instead of attempting to convert to JSON.

Accepted values: 0, 1, f, false, n, no, t, true, y, yes
--fqdns

Space-separated list of FQDNs. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--idps-mode
Preview

IDPS mode.

Accepted values: Alert, Deny, Off
--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--ip-addresses

Space-separated list of IPv4 addresses. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--no-wait

Do not wait for the long-running operation to finish.

Accepted values: 0, 1, f, false, n, no, t, true, y, yes
--policy-name

The name of the Firewall Policy.

--private-ranges

List of private IP addresses/IP address ranges to not be SNAT. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--remove

Remove a property or an element from a list. Example: --remove property.list <indexToRemove> OR --remove propertyToRemove.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--rule-name

Name of the bypass traffic rule.

--set

Update an object by specifying a property path and value to set. Example: --set property1.property2=<value>.

--signature-id

Signature id.

--sql
Preview

A flag to indicate if SQL Redirect traffic filtering is enabled.

Accepted values: 0, 1, f, false, n, no, t, true, y, yes
--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--tags

Space-separated tags: key[=value] [key[=value] ...]. Use "" to clear existing tags. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--threat-intel-mode

The operation mode for Threat Intelligence.

Accepted values: Alert, Deny, Off
Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.