Azure Firewall

Details
Content
Dependencies
Version History

Azure Firewall is a cloud-native and intelligent network firewall security service that provides breed threat protection for cloud workloads running in Azure. It's a fully stateful firewall as a service, with built-in high availability and unrestricted cloud scalability. This pack contains an integration with a main goal to manage Azure Firewall security service, and normalization rules for ingesting and modeling Azure Firewall Resource logs.

Azure Firewall Pack

What does this pack do

The Azure Firewall pack contains the following:

Integration capabilities:
- Retrieve or delete firewalls.
- Create, delete and retrieve firewall rule collections.
- Create, delete and retrieve firewall network rules.
- Create, delete and retrieve firewall policies.
- Create, delete and retrieve firewall IP groups.
- Retrieve firewall service tag.

Data normalization capabilities:

Rules for parsing and modeling Azure Firewall Resource Logs that are ingested via the Azure Event Hub data source on Cortex XSIAM.
When configuring the Azure Event Hub data source, mark the following checkbox under the Enhanced Cloud Protection section:
- Use audit logs in analytics
The ingested Azure firewall resource logs can be queried in XQL Search using the msft_azure_firewall_raw dataset.
Supported log categories:

Category	Category Display Name
AZFWApplicationRule	Azure Firewall Application Rule
AZFWApplicationRuleAggregation	Azure Firewall Application Rule Aggregation (Policy Analytics)
AZFWDnsQuery	Azure Firewall DNS query
AZFWFatFlow	Azure Firewall Fat Flow Log
AZFWFlowTrace	Azure Firewall Flow Trace Log
AZFWFqdnResolveFailure	Azure Firewall FQDN Resolution Failure
AZFWIdpsSignature	Azure Firewall IDPS Signature
AZFWNatRule	Azure Firewall Nat Rule
AZFWNatRuleAggregation	Azure Firewall Nat Rule Aggregation (Policy Analytics)
AZFWNetworkRule	Azure Firewall Network Rule
AZFWNetworkRuleAggregation	Azure Firewall Network Rule Aggregation (Policy Analytics)
AZFWThreatIntel	Azure Firewall Threat Intelligence

Azure Firewall Pack

What does this pack do

The Azure Firewall pack contains the following:

Integration capabilities:
- Retrieve or delete firewalls.
- Create, delete and retrieve firewall rule collections.
- Create, delete and retrieve firewall network rules.
- Create, delete and retrieve firewall policies.
- Create, delete and retrieve firewall IP groups.
- Retrieve firewall service tag.

Data normalization capabilities:

Rules for parsing and modeling Azure Firewall Resource Logs that are ingested via the Azure Event Hub data source on Cortex XSIAM.
When configuring the Azure Event Hub data source, mark the following checkbox under the Enhanced Cloud Protection section:
- Use audit logs in analytics
The ingested Azure firewall resource logs can be queried in XQL Search using the msft_azure_firewall_raw dataset.
Supported log categories:

Category	Category Display Name
AZFWApplicationRule	Azure Firewall Application Rule
AZFWApplicationRuleAggregation	Azure Firewall Application Rule Aggregation (Policy Analytics)
AZFWDnsQuery	Azure Firewall DNS query
AZFWFatFlow	Azure Firewall Fat Flow Log
AZFWFlowTrace	Azure Firewall Flow Trace Log
AZFWFqdnResolveFailure	Azure Firewall FQDN Resolution Failure
AZFWIdpsSignature	Azure Firewall IDPS Signature
AZFWNatRule	Azure Firewall Nat Rule
AZFWNatRuleAggregation	Azure Firewall Nat Rule Aggregation (Policy Analytics)
AZFWNetworkRule	Azure Firewall Network Rule
AZFWNetworkRuleAggregation	Azure Firewall Network Rule Aggregation (Policy Analytics)
AZFWThreatIntel	Azure Firewall Threat Intelligence

Integrations

Name	Description
Azure Firewall	Azure Firewall is a cloud-native and intelligent network firewall security service that provides breed threat protection for cloud workloads running in Azure. It's a fully stateful, firewall as a service, with built-in high availability and unrestricted cloud scalability.

Integrations

Name	Description
Azure Firewall	Azure Firewall is a cloud-native and intelligent network firewall security service that provides breed threat protection for cloud workloads running in Azure. It's a fully stateful, firewall as a service, with built-in high availability and unrestricted cloud scalability.

Modeling Rules

Name	Description
Azure Firewall Modeling Rule

Parsing Rules

Name	Description
Azure Firewall Parsing Rule

Pack Name	Pack By
Base	By: Cortex XSOAR

Pack Name	Pack By
Base	By: Cortex XSOAR

1.1.46 - 1780397 (December 9, 2024)

Changes are not relevant for XSOAR marketplace.

Related pull requests:
- 37456

Download

1.1.45 - 1709192 (November 26, 2024)

Integrations

Updated the Docker image to: demisto/crypto:1.0.0.114611.

Related pull requests:
- 37375
- 37353

Download

1.1.44 - R1681986 (November 21, 2024)

Integrations

Azure Firewall

Fixed an issue in MicrosoftApiModule where the GCC High Defender endpoint was incorrect.

Related pull requests:
- 37253

Download

1.1.43 - 1480610 (October 8, 2024)

Integrations

Azure Firewall

Added infrastructure support for Microsoft Graph Application endpoints.

Related pull requests:
- 36407

Download

1.1.42 - 1244506 (August 5, 2024)

Integrations

Azure Firewall

Updated the MicrosoftApiModule with exchange_online endpoints.

Related pull requests:
- 34917
- 34909
- 34903
- 34906
- 34147
- 34217
- 34908
- 34619
- 34911
- 34823
- 34837
- 34918
- 34816
- 34630
- 34871
- 34767
- 34879
- 34912
- 34840
- 34931
- 34892
- 34920
- 34926
- 34814
- 34811
- 34964
- 34967
- 34979
- 34921
- 34990
- 34896
- 34966
- 34985
- 34983
- 34255
- 34975
- 34999
- 34913
- 35000
- 34990
- 35002
- 34932
- 34862
- 35005
- 34868
- 34977
- 35009
- 34969
- 34591
- 34693
- 34657
- 34671
- 34681
- 34676
- 34672
- 34372
- 34701
- 34660
- 34684
- 34700
- 34702
- 34696
- 34117
- 34704
- 34706
- 34692
- 33735
- 34714
- 34703
- 34353
- 34725
- 34694
- 34734
- 34640
- 34724
- 34652
- 34443
- 34730
- 34653
- 34732
- 34667
- 34709
- 34755
- 34759
- 32423
- 34598
- 34758
- 34745
- 34762
- 34327
- 34742
- 34474
- 34766
- 34774
- 34782
- 34763
- 34756
- 34747
- 34645
- 34532
- 34675
- 34777
- 34788
- 34804
- 34729
- 34796
- 34691
- 34784
- 34783
- 34765
- 34485
- 34768
- 34593
- 34813
- 34818
- 34832
- 34772
- 34830
- 34833
- 34829
- 34834
- 34839
- 34828
- 34388
- 34838
- 34761
- 34858
- 34861
- 34764
- 34738
- 34538
- 34831
- 34748
- 34846
- 34845
- 34864
- 34817
- 34686
- 34865
- 34867
- 34863
- 34880
- 34876
- 34386
- 34881
- 34884
- 34799
- 34827
- 34883
- 34886
- 34512
- 34887
- 34889
- 34877
- 34904
- 34905
- 34909
- 34903
- 34906
- 34147
- 34217
- 34908
- 34619
- 34911
- 34823
- 34837
- 34918
- 34816
- 34630
- 34871
- 34767
- 34879
- 34912
- 34840
- 34931
- 34892
- 34920
- 34926
- 34814
- 34811
- 34964
- 34967
- 34979
- 34921
- 34990
- 34896
- 34966
- 34985
- 34983
- 34255
- 34608
- 35026
- 35029
- 35015
- 35023
- 34776
- 34654
- 34978
- 34986
- 34938
- 34506
- 35011
- 35014
- 34779
- 35019
- 35039
- 34897
- 35049
- 35016
- 35046
- 35051
- 35040
- 34614
- 32477

Download

1.1.41 - 1066075 (June 3, 2024)

Integrations

Azure Firewall

Fixed an issue in where the GCC endpoints were incorrect in the supported integrations.

Related pull requests:
- 34634

Download

1.1.40 - 1051712 (May 28, 2024)

Integrations

Azure Firewall

Added support for Microsoft Defender 365 Endpoint in the Microsoft API Module.
Updated the MicrosoftApiModule to better handle the Authorization Code flow in the supported integrations.

Related pull requests:
- 34495

Download

1.1.39 - 1021616 (May 16, 2024)

Integrations

Azure Firewall

Fixed an issue in MicrosoftApiModule where the GCC endpoints were incorrect.

Related pull requests:
- 34360

Download

1.1.38 - 919924 (March 28, 2024)

Integrations

Azure Firewall

Added a timeout value to the retry on rate limit mechanism.

Related pull requests:
- 33566

Download

1.1.37 - 860237 (February 29, 2024)

Integrations

Azure Firewall

Updated the MicrosoftApiModule to better handle the Authorization Code flow in the supported integrations.

Related pull requests:
- 31942

Download

1.1.36 - 823153 (February 12, 2024)

Integrations

Azure Firewall

Updated the Docker image to: demisto/crypto:1.0.0.87358.

Related pull requests:
- 32843

Download

1.1.35 - 798475 (February 1, 2024)

Integrations

Azure Firewall

Updated the Docker image to: demisto/crypto:1.0.0.86361.

Related pull requests:
- 32524

Download

1.1.34 - 760302 (January 14, 2024)

Integrations

Azure Firewall

Updated the Docker image to: demisto/crypto:1.0.0.84658.

Related pull requests:
- 32156

Download

1.1.33 - 7161298 (December 14, 2023)

Integrations

Azure Firewall

Updated the Docker image to: demisto/crypto:1.0.0.83343.

Related pull requests:
- 31471

Download

1.1.32 - 6850782 (November 10, 2023)

Integrations

Azure Firewall

Added the azure-firewall-subscriptions-list and azure-firewall-resource-group-list commands.
Added the subscription_id and resource_group_name arguments to all relevant commands.
Removed the API Version parameter and set the version to 2021-03-01.
Updated the Docker image to: demisto/crypto:1.0.0.80214.

Related pull requests:
- 30185

Download

1.1.31 - 6746892 (October 30, 2023)

Integrations

Azure Firewall

Updated the Docker image to: demisto/crypto:1.0.0.79610.

Related pull requests:
- 30520

Download

1.1.30 - 6608983 (October 15, 2023)

Integrations

Azure Firewall

Updated the Docker image to: demisto/crypto:1.0.0.76022.

Related pull requests:
- 30139

Download

1.1.29 - 6363299 (September 19, 2023)

Integrations

Azure Firewall

Updated the Docker image to: demisto/crypto:1.0.0.74057.

Related pull requests:
- 29733

Download

1.1.28 - 6226805 (September 3, 2023)

Integrations

Azure Firewall

Added a moderate retry mechanism for the authorization HTTP request through oproxy.

Related pull requests:
- 29015

Download

1.1.27 - 6170593 (August 28, 2023)

Integrations

Azure Firewall

Added an infrastructure support for Microsoft Graph Application Endpoints.

Related pull requests:
- 28801

Download

1.1.26 - 6133197 (August 23, 2023)

Integrations

Azure Firewall

Fixed an issue where instances using version 1.1.25 of the pack could have authentication issues.

Related pull requests:
- 29173

Download

1.1.25 - 6106826 (August 21, 2023)

Integrations

Azure Firewall

Fixed an issue where changes made to the Authorization code parameter were not being reflected in the integration code, resulting in the continued use of the first parameter.

Related pull requests:
- 29035
- 29173

Download

1.1.24 - 6010750 (August 10, 2023)

Integrations

Azure Firewall

Added support for Microsoft Defender for Application Endpoints in the Microsoft API Module.

Related pull requests:
- 27705

Download

1.1.23 - 5910354 (July 30, 2023)

Integrations

Azure Firewall

Maintenance and stability enhancements.

Related pull requests:
- 26482

Download

1.1.22 - 5907671 (July 30, 2023)

Integrations

Azure Firewall

Updated the Docker image to: demisto/crypto:1.0.0.66562.

Related pull requests:
- 28583

Download

1.1.21 - 5760561 (July 13, 2023)

Integrations

Azure Firewall

Updated the Docker image to: demisto/crypto:1.0.0.64970.

Related pull requests:
- 28127

Download

1.1.20 - 5640115 (June 28, 2023)

Integrations

Azure Firewall

Improved implementation by adding functionality to the MicrosoftAPIModule to be used in integrations that allow arguments to be set in the instance configuration or within the commands.
Improved implementation by adding functionality to the MicrosoftAPIModule to be used in integrations that use 'tag' as a filter.

Related pull requests:
- 26943

Download

1.1.19 - 5553783 (June 17, 2023)

Integrations

Azure Firewall

Updated the Docker image to: demisto/crypto:1.0.0.63672.

Related pull requests:
- 27500

Download

1.1.18 - 5410099 (May 31, 2023)

Integrations

Azure Firewall

Updated the Docker image to: demisto/crypto:1.0.0.61689.

Related pull requests:
- 27075

Download

1.1.17 - 5277943 (May 16, 2023)

Integrations

Azure Firewall

Updated the Docker image to: demisto/crypto:1.0.0.58768.

Related pull requests:
- 26529

Download

1.1.16 - R5170573 (May 2, 2023)

Integrations

Azure Firewall

Updated the Docker image to: demisto/crypto:1.0.0.56396.

Related pull requests:
- 26178

Download

1.1.15 - 5057113 (April 17, 2023)

Integrations

Azure Firewall

Updated the Docker image to: demisto/crypto:1.0.0.54987.

Related pull requests:
- 25878

Download

1.1.14 - 4954430 (April 2, 2023)

Integrations

Azure Firewall

Updated the Docker image to: demisto/crypto:1.0.0.52480.
Added support for old docker images which do not have the defusedxml package.

Related pull requests:
- 25670

Download

1.1.12 - 4835020 (March 17, 2023)

Integrations

Azure Firewall

Updated the Docker image to: demisto/crypto:1.0.0.49599.

Related pull requests:
- 25348

Download

1.1.11 - 4718798 (March 1, 2023)

Integrations

Azure Firewall

Updated the Docker image to: demisto/crypto:1.0.0.49392.

Related pull requests:
- 24960

Download

1.1.10 - R4646022 (February 19, 2023)

Integrations

Azure Firewall

Improved implementation of the authorization process with the Oproxy server.
Fixed an issue where linter failed due to pylint errors.
Updated the MicrosoftApiModule to better handle the Auth code authorization flow in the supported integrations.

Related pull requests:
- 24261

Download

1.1.7 - 4560457 (February 7, 2023)

Integrations

Azure Firewall

Added support for authentication using Azure Managed Identities.
Updated the Docker image to: demisto/crypto:1.0.0.47103.

Related pull requests:
- 23951

Download

1.1.6 - 4474395 (January 26, 2023)

Integrations

Azure Firewall

Updated the Docker image to: demisto/crypto:1.0.0.45575.

Related pull requests:
- 24074

Download

1.1.5 - R4372591 (January 11, 2023)

Integrations

Azure Firewall

Updated the Docker image to: demisto/crypto:1.0.0.42817.

Related pull requests:
- 23518

Download

1.1.4 - 4247670 (December 19, 2022)

Integrations

Azure Firewall

Fixed an issue where in some rare cases, commands would fail with a 'NoneType' object is not subscriptable message.

Related pull requests:
- 23140

Download

1.1.3 - 4112675 (November 28, 2022)

Integrations

Azure Firewall

Fixed an issue where error was raised due to api metrics creation attempt from a script execution.

Related pull requests:
- 22476

Download

1.1.2 - 4013107 (November 10, 2022)

Integrations

Azure Firewall

Internal code improvements.

Related pull requests:
- 22120

Download

1.1.1 - 3982079 (November 6, 2022)

Integrations

Azure Firewall

Internal code improvements.

Related pull requests:
- 21879

Download

1.1.0 - R3901212 (October 23, 2022)

Changes are not relevant for XSOAR marketplace.

Related pull requests:
- 21461

Download

1.0.0 - 3767836 (May 2, 2022)

Download

PUBLISHER

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

Certification	Certified	Read more
Supported By	Cortex
Created	May 2, 2022
Last Release	December 9, 2024

Network Security

WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER

Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.