Skip to main content

Azure App Service

Azure App Service is an HTTP-based service for hosting web applications, REST APIs, and mobile back ends. This pack contains normalization rules for ingesting and modeling Azure App Service Resource logs.

Azure App Service Pack

This pack includes

Data normalization capabilities:

  • Rules for parsing and modeling Azure App Service Resource Logs that are ingested via the Azure Event Hub data source on Cortex XSIAM.
    • When configuring the Azure Event Hub data source, mark the following checkbox under the Enhanced Cloud Protection section:
    • Use audit logs in analytics
    • The ingested Azure app service resource logs can be queried in XQL Search using the msft_azure_app_service_raw dataset.

Supported log categories

Category Category Display Name
AppServiceHTTPLogs App Service HTTP Logs
AppServiceConsoleLogs App Service Console Logs
AppServiceAppLogs App Service App Logs
AppServiceIPSecAuditLogs App Service IPSec Audit Logs
AppServicePlatformLogs App Service Platform Logs
AppServiceAntivirusScanAuditLogs App Service Antivirus Scan Audit Logs
AppServiceFileAuditLogs App Service File Audit Logs
FunctionAppLogs Function App Logs
AppServiceAuditLogs App Service Audit Logs
WorkflowRuntime Workflow Runtime
AppServiceEnvironmentPlatformLogs App Service Environment Platform Logs

PUBLISHER

PLATFORMS

Cortex XSIAM

INFO

CertificationRead more
Supported ByCortex
CreatedJanuary 25, 2025
Last ReleaseAugust 17, 2025
DISCLAIMER
Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise.