Insights on Firewall Policy (#12509)

* Adds base for updating Microsoft.Network from version stable/2020-07-01 to version 2020-08-01 * Updates readme * Updates API version in new specs and examples * add patch operation for express route gateway (#11553) * add patch * fix example * Added new cloud service NIC and PIP APIs (#11650) Co-authored-by: Richa Jain <ricjain@microsoft.com> * Adding support for Vpn Link Connection Mode (#11574) Co-authored-by: Abhishek Shah <shabhis@microsoft.com> * Reverting the changes made for address space update as the changes in service code are not in yet (#11754) Co-authored-by: Hari Prasad Perabattula <haperaba@microsoft.com> * VPN NAT for Virtual WAN feature changes (#11815) * VPN NAT for Virtual WAN feature changes * PrettierCheck fixes * Incorporate review comments and update examples * Add edge zone parameters for networking resources and add extendedLocation property to customIpPrefix (#11933) * Add extendedLocation property to customIpPrefix * Fix the directory * Address linting errors * Fix another linting error * Add edge zone parameter for network interfaces * Looks like edgeZone parameter is working when creating network interfaces * EdgeZone parameter for load balancer * Add edge zone parameter for public IP address * Add edge zone parameter for public IP prefix * Add edgeZone parameter for virtual networks * Add edge zone parameter for custom IP prefix Co-authored-by: Will Ehrich <william.ehrich@microsoft.com> * Add location parameter to Loadbalancer Backend Address Pool Properties Format (#11919) * adding location parameter to backendaddresspoolpropertiesformat * ran prettier * Support for Listing IKE Security Associations for Virtual Network Gateway Connections (#11572) * Support to List IKE SAs on VNG Connection * Updating GetIkeSas * Update virtualNetworkGateway.json * Added location headers * Update virtualNetworkGateway.json * Prettier fix * Update custom-words.txt * Update virtualNetworkGateway.json * Update custom-words.txt * Update virtualNetworkGateway.json * Update virtualNetworkGateway.json * Update virtualNetworkGateway.json Co-authored-by: Abhishek Shah <shabhis@microsoft.com> * [Fix] GetIkeSas returns result as string (#12225) * Removing IkeSaParameters * Update custom-words.txt * Update virtualNetworkGateway.json * Update virtualNetworkGateway.json * Update VirtualNetworkGatewayConnectionGetIkeSas.json * Update virtualNetworkGateway.json * Update VirtualNetworkGatewayConnectionGetIkeSas.json Co-authored-by: Abhishek Shah <shabhis@microsoft.com> * Add extended location properties for private link service and private endpoints and remove edge zone properties (#12039) * Remove edge zone parameter * Add extended location for private endpoint and private link service * Add examples * Capitalization * Prettier Co-authored-by: Will Ehrich <william.ehrich@microsoft.com> * Add missing properties of SecurityRule, Route and RouteTable (#12215) * Add missing properties of SecurityRule Route and RouteTable * Set resourceGuid field to be read only Co-authored-by: Xu Wang <wax@microsoft.com> * Added placeholder instead of password (#12299) * resolving conflicts * resolving conflicts * new api version * resolving conflicts * fixing network validation * running prettier * fixing network valdiation * fixing network valdiation Co-authored-by: Mikhail <mitryakh@microsoft.com> Co-authored-by: nimaller <71352534+nimaller@users.noreply.github.com> Co-authored-by: Richa Jain <richa.jain1912@gmail.com> Co-authored-by: Richa Jain <ricjain@microsoft.com> Co-authored-by: Abhishek Shah <shah.abhi7860@gmail.com> Co-authored-by: Abhishek Shah <shabhis@microsoft.com> Co-authored-by: Hari Prasad Perabattula <harics24@users.noreply.github.com> Co-authored-by: Hari Prasad Perabattula <haperaba@microsoft.com> Co-authored-by: Nilambari <nilamd@microsoft.com> Co-authored-by: William Ehrich <wdehrich@gmail.com> Co-authored-by: Will Ehrich <william.ehrich@microsoft.com> Co-authored-by: Kayden Wilkinson <69224099+Kawilki-M@users.noreply.github.com> Co-authored-by: Xu Wang <wangxu724@gmail.com> Co-authored-by: Xu Wang <wax@microsoft.com>
Azure · Jan 26, 2021 · 17dc295 · 17dc295
1 parent 7bcd5c9
commit 17dc295
Show file tree

Hide file tree

Showing 3 changed files with 108 additions and 0 deletions.
diff --git a/...work/resource-manager/Microsoft.Network/stable/2020-11-01/examples/FirewallPolicyGet.json b/...work/resource-manager/Microsoft.Network/stable/2020-11-01/examples/FirewallPolicyGet.json
@@ -32,6 +32,23 @@
               "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/firewallPolicy/ruleCollectionGroups/ruleCollectionGroup1"
             }
           ],
+          "insights": {
+            "isEnabled": true,
+            "retentionDays": 100,
+            "logAnalyticsResources": {
+              "workspaceIds": [
+                {
+                  "id": "/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/workspace1"
+                },
+                {
+                  "id": "/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/workspace2"
+                }
+              ],
+              "defaultWorkspaceId": {
+                "id": "/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/defaultWorkspace"
+              }
+            }
+          },
           "firewalls": [],
           "snat": {
             "privateRanges": [

diff --git a/...work/resource-manager/Microsoft.Network/stable/2020-11-01/examples/FirewallPolicyPut.json b/...work/resource-manager/Microsoft.Network/stable/2020-11-01/examples/FirewallPolicyPut.json
@@ -19,6 +19,23 @@
             "*.microsoft.com"
           ]
         },
+        "insights": {
+          "isEnabled": true,
+          "retentionDays": 100,
+          "logAnalyticsResources": {
+            "workspaceIds": [
+              {
+                "id": "/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/workspace1"
+              },
+              {
+                "id": "/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/workspace2"
+              }
+            ],
+            "defaultWorkspaceId": {
+              "id": "/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/defaultWorkspace"
+            }
+          }
+        },
         "snat": {
           "privateRanges": [
             "IANAPrivateRanges"
@@ -100,6 +117,23 @@
               "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/firewallPolicy/ruleCollectionGroups/ruleCollectionGroup2"
             }
           ],
+          "insights": {
+            "isEnabled": true,
+            "retentionDays": 100,
+            "logAnalyticsResources": {
+              "workspaceIds": [
+                {
+                  "id": "/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/workspace1"
+                },
+                {
+                  "id": "/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/workspace2"
+                }
+              ],
+              "defaultWorkspaceId": {
+                "id": "/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/defaultWorkspace"
+              }
+            }
+          },
           "firewalls": [],
           "snat": {
             "privateRanges": [
@@ -181,6 +215,23 @@
               "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/firewallPolicy/ruleCollectionGroups/ruleCollectionGroup2"
             }
           ],
+          "insights": {
+            "isEnabled": true,
+            "retentionDays": 100,
+            "logAnalyticsResources": {
+              "workspaceIds": [
+                {
+                  "id": "/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/workspace1"
+                },
+                {
+                  "id": "/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/workspace2"
+                }
+              ],
+              "defaultWorkspaceId": {
+                "id": "/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/defaultWorkspace"
+              }
+            }
+          },
           "firewalls": [],
           "snat": {
             "privateRanges": [

diff --git a/...fication/network/resource-manager/Microsoft.Network/stable/2020-11-01/firewallPolicy.json b/...fication/network/resource-manager/Microsoft.Network/stable/2020-11-01/firewallPolicy.json
@@ -638,6 +638,10 @@
           "description": "ThreatIntel Whitelist for Firewall Policy.",
           "$ref": "#/definitions/FirewallPolicyThreatIntelWhitelist"
         },
+        "insights": {
+          "description": "Insights on Firewall Policy.",
+          "$ref": "#/definitions/FirewallPolicyInsights"
+        },
         "snat": {
           "description": "The private IP addresses/IP ranges to which traffic will not be SNAT.",
           "$ref": "#/definitions/FirewallPolicySNAT"
@@ -1150,6 +1154,25 @@
         }
       }
     },
+    "FirewallPolicyInsights": {
+      "description": "Firewall Policy Insights.",
+      "x-ms-discriminator-value": "FirewallPolicyInsights",
+      "properties": {
+        "isEnabled": {
+          "type": "boolean",
+          "description": "A flag to indicate if the insights are enabled on the policy."
+        },
+        "retentionDays": {
+          "type": "integer",
+          "format": "int32",
+          "description": "Number of days the insights should be enabled on the policy."
+        },
+        "logAnalyticsResources": {
+          "description": "Workspaces needed to configure the Firewall Policy Insights.",
+          "$ref": "#/definitions/FirewallPolicyLogAnalyticsResources"
+        }
+      }
+    },
     "FirewallPolicySNAT": {
       "description": "The private IP addresses/IP ranges to which traffic will not be SNAT.",
       "x-ms-discriminator-value": "FirewallPolicySNAT",
@@ -1348,6 +1371,23 @@
         }
       },
       "description": "SKU of Firewall policy."
+    },
+    "FirewallPolicyLogAnalyticsResources": {
+      "description": "Log Analytics Resources for Firewall Policy Insights.",
+      "x-ms-discriminator-value": "FirewallPolicyLogAnalyticsResources",
+      "properties": {
+        "workspaceIds": {
+          "type": "array",
+          "description": "List of workspace Ids for Firewall Policy Insights.",
+          "items": {
+            "$ref": "./network.json#/definitions/SubResource"
+          }
+        },
+        "defaultWorkspaceId": {
+          "$ref": "./network.json#/definitions/SubResource",
+          "description": "The default workspace Id for Firewall Policy Insights."
+        }
+      }
     }
   }
 }