Query Azure Firewall for Traffic March 25, 2025 by admin
This Kusto Query Language (KQL) script is designed to analyze network traffic logs stored in AzureDiagnostics and extract details about connections to a specific destination.
AzureDiagnostics
| where DestinationIp_s == "IP"
|summarize by SourceIP,DestinationPort_d,DestinationIp_s,Protocol_s,Action_sScript Breakdown
- Filtering by Destination IP
- The query filters logs to only include traffic where the destination IP (
DestinationIp_s) matches a specific value.
- The query filters logs to only include traffic where the destination IP (
- Summarizing Unique Traffic Events
- The
summarize byclause groups results based on distinct values of the following fields:- SourceIP → The IP address initiating the connection.
- DestinationPort_d → The port number on the destination IP being accessed.
- DestinationIp_s → The target IP.
- Protocol_s → The network protocol used (e.g., TCP, UDP, ICMP).
- Action_s → The action taken on the connection (e.g., Allowed, Denied).
- The