Query all Azure WAF rules using Azure Resource Graph Explorer
I am currently tasked with reviewing all the WAF rules within our Azure tenant - specifically, I need to review the Custom Rules.
In this journey, I've discovered the Azure Resource Graph Explorer, which I haven't used before. I'm know my KQL well enough, but can't quite figure out how to query the WAF custom rules.
So far, I can get a list of all the WAF policies using the below:
resources
| where type == "microsoft.network/applicationgatewaywebapplicationfirewallpolicies
But what I need is to query this table below "Application Gateway WAF Policies" which at first glance indicates to me it will contain a list of the WAF Custom Rules.
However, when I try to query that table like below, I get 0 results:
resources
| where type == "microsoft.network/applicationgatewaywebapplicationfirewallpolicies/customrules"
I assume I am just misunderstanding how to use Azure Resource Graph Explorer, but any advice would be greatly appreciated.
Query all Azure WAF rules using Azure Resource Graph Explorer
Here is the Resource Graph query to check multiple custom rules in different Web Application Firewall policies.
resources
| where type == "microsoft.network/applicationgatewaywebapplicationfirewallpolicies"
| extend customRules = properties.customRules
| mv-expand customRules
| project
PolicyName = name,
RuleName = customRules.name,
Priority = customRules.priority,
Action = customRules.action,
MatchConditions = customRules.matchConditions
Output:
After running the query, it displayed all the custom rules name and action along with the WAF name.
- Unable to locate executable file: 'bash'. Please verify either the file path exists
- "We're sorry, your sql database is unavailable" What does this mean exactly in Azure SQL?
- How do I login to an Azure AD Joined VM using Azure AD Credentials on an Windows Server 2019?
- Migrating from validate-jwt to validate-azure-ad-token policy
- Azure C# Cosmos DB: Property "id" is missing when it's actually present
- Azure Permission - needed for creating resource group - RBAC
- Can the Azure Service Bus be delayed before retrying a message?
- azure documentdb create document duplicates Id property
- JWT validation failure error in azure apim
- How to Add JVM Arguments in Azure Application Service?
- Azure App Service and Application Insights where is performance test?
- Is it possible to have a non-interactive code that logs in to Azure and creates users in Microsoft Entra ID?
- Change Default Service Version of Microsoft Azure Blob - PHP
- Microsoft Graph: How to filter users by domain name
- Azure App Service Plan CPU Spikes to 100%
- Unable to Authenticate to DevOps API with Angual MSAL
- Query all Azure WAF rules using Azure Resource Graph Explorer
- Azure Databricks: Not able to parameterize keys option of dlt.apply_changes
- ASP.NET Core 3.1 Azure AD Authentication throws OptionsValidationException
- Attaching a private static ip address to Azure Container Instance
- Azure Synapse severless SQL pool - query execution fails
- How to login via Service Principal having Federated Credentials rather than Client Secrets
- Where can I find the resource id of an Azure function app in the Azure portal?
- How to forward access-control-allow-origin header from a Web App to a Front Door?
- Basic SQL commands in Terraform
- Linux Azure Webjob in nodejs referring to node.exe
- Running Azure functions locally gives "No runtime" error after .NET7 upgrade
- Azure DataSync tables not showing up
- Azure ML: Unable to find workspace
- unable to start 'Docker for windows' on Azure Win 10 VM