I am currently tasked with reviewing all the WAF rules within our Azure tenant - specifically, I need to review the Custom Rules.
In this journey, I've discovered the Azure Resource Graph Explorer, which I haven't used before. I'm know my KQL well enough, but can't quite figure out how to query the WAF custom rules.
So far, I can get a list of all the WAF policies using the below:
resources
| where type == "microsoft.network/applicationgatewaywebapplicationfirewallpolicies
But what I need is to query this table below "Application Gateway WAF Policies" which at first glance indicates to me it will contain a list of the WAF Custom Rules.
However, when I try to query that table like below, I get 0 results:
resources
| where type == "microsoft.network/applicationgatewaywebapplicationfirewallpolicies/customrules"
I assume I am just misunderstanding how to use Azure Resource Graph Explorer, but any advice would be greatly appreciated.
Query all Azure WAF rules using Azure Resource Graph Explorer
Here is the Resource Graph query to check multiple custom rules in different Web Application Firewall policies
.
resources
| where type == "microsoft.network/applicationgatewaywebapplicationfirewallpolicies"
| extend customRules = properties.customRules
| mv-expand customRules
| project
PolicyName = name,
RuleName = customRules.name,
Priority = customRules.priority,
Action = customRules.action,
MatchConditions = customRules.matchConditions
Output:
After running the query, it displayed all the custom rules name and action along with the WAF name.