Azure Firewall
Azure Firewall Pack.#
This Integration is part of theSupported versions
Supported Cortex XSOAR versions: 6.1.0 and later.
Azure Firewall is a cloud-native and intelligent network firewall security service that provides breed threat protection for cloud workloads running in Azure. It's a fully stateful, firewall as a service, with built-in high availability and unrestricted cloud scalability. This integration was integrated and tested with version 2021-03-01 of Azure Firewall.
#
Configure Azure Firewall in CortexParameter | Description | Required |
---|---|---|
Resource Group Name. | True | |
Client ID. | True | |
Subscription ID. | True | |
Tenant ID. | False | |
Client Secret. | False | |
Certificate Thumbprint | Used for certificate authentication. As appears in the "Certificates & secrets" page of the app. | False |
Private Key | Used for certificate authentication. The private key of the registered certificate. | False |
Use Azure Managed Identities | Relevant only if the integration is running on Azure VM. If selected, authenticates based on the value provided for the Azure Managed Identities Client ID field. If no value is provided for the Azure Managed Identities Client ID field, authenticates based on the System Assigned Managed Identity. For additional information, see the Help tab. | False |
Azure Managed Identities Client ID | The Managed Identities client ID for authentication - relevant only if the integration is running on Azure VM. | False |
Use system proxy settings | False | |
Trust any certificate (not secure) | False |
#
CommandsYou can execute these commands from the CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
#
azure-firewall-auth-testTests the connectivity to Azure.
#
Base Commandazure-firewall-auth-test
#
InputThere are no input arguments for this command.
#
Context OutputThere is no context output for this command.
#
azure-firewall-auth-startRun this command to start the authorization process and follow the instructions in the command results.
#
Base Commandazure-firewall-auth-start
#
InputThere are no input arguments for this command.
#
Context OutputThere is no context output for this command.
#
azure-firewall-auth-completeRun this command to complete the authorization process. Should be used after running the azure-firewall-auth-start command.
#
Base Commandazure-firewall-auth-complete
#
InputThere are no input arguments for this command.
#
Context OutputThere is no context output for this command.
#
azure-firewall-auth-resetRun this command if for some reason you need to rerun the authentication process.
#
Base Commandazure-firewall-auth-reset
#
InputThere are no input arguments for this command.
#
Context OutputThere is no context output for this command.
#
azure-firewall-listList Azure firewalls in the specified resource group or subscription.
#
Base Commandazure-firewall-list
#
InputArgument Name | Description | Required |
---|---|---|
resource | The resource that contains the firewalls to list. Possible values are: resource_group, subscription. Default is resource_group. | Required |
limit | The maximum number of results to retrieve. Minimum value is 1. Default is 50. | Optional |
page | The page number of the results to retrieve. Minimum value is 1. Default is 1. | Optional |
subscription_id | The subscription ID. Note: This argument will override the instance parameter ‘Default Subscription ID'. | Optional |
resource_group_name | The name of the resource group. Note: This argument will override the instance parameter ‘Default Resource Group Name'. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
AzureFirewall.Firewall.id | String | Firewall resource ID. |
AzureFirewall.Firewall.name | String | Firewall resource name. |
AzureFirewall.Firewall.location | String | Firewall resource location. |
#
Command example!azure-firewall-list resource=resource_group limit=1 page=1
#
Context Example#
Human Readable Output#
Firewall List:Current page size: 1 Showing page 1 out others that may exist.
Name Id Location Subnet Threat Intel Mode Private Ip Address Provisioning State test-ip /subscriptions/xsoar-subscription/resourceGroups/xsoar-resource-group/providers/Microsoft.Network/azureFirewalls/test-ip eastus /subscriptions/xsoar-subscription/resourceGroups/xsoar-resource-group/providers/Microsoft.Network/virtualNetworks/test-v-n/subnets/AzureFirewallSubnet Alert 189.160.40.11 Succeeded
#
azure-firewall-getRetrieve Azure firewall information.
#
Base Commandazure-firewall-get
#
InputArgument Name | Description | Required |
---|---|---|
firewall_names | Comma-separated list of firewall names to retrieve. | Required |
polling | Indicates if the command was scheduled. Possible values are: True, False. Default is True. | Optional |
interval | Indicates how long to wait between command executions (in seconds) when the 'polling' argument is true. Minimum value is 10 seconds. Default is 30. | Optional |
timeout | Indicates the time in seconds until the polling sequence times out. Default is 60. | Optional |
subscription_id | The subscription ID. Note: This argument will override the instance parameter ‘Default Subscription ID'. | Optional |
resource_group_name | The name of the resource group. Note: This argument will override the instance parameter ‘Default Resource Group Name'. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
AzureFirewall.Firewall.id | String | Firewall resource ID. |
AzureFirewall.Firewall.name | String | Firewall resource name. |
AzureFirewall.Firewall.location | String | Firewall resource location. |
#
Command example!azure-firewall-get firewall_names=test-ip interval=10 timeout=600
#
Context Example#
Human Readable Output#
Firewall test-ip information:
Name Id Location Subnet Threat Intel Mode Private Ip Address Provisioning State test-ip /subscriptions/xsoar-subscription/resourceGroups/xsoar-resource-group/providers/Microsoft.Network/azureFirewalls/test-ip eastus /subscriptions/xsoar-subscription/resourceGroups/xsoar-resource-group/providers/Microsoft.Network/virtualNetworks/test-v-n/subnets/AzureFirewallSubnet Alert 189.160.40.11 Succeeded
#
azure-firewall-rule-collection-listList the collection rules in the firewall or policy. One of the arguments 'firewall_name' or 'policy' must be provided.
#
Base Commandazure-firewall-rule-collection-list
#
InputArgument Name | Description | Required |
---|---|---|
firewall_name | The name of the Azure firewall that contains the collections. | Optional |
policy | The name of the Azure policy that contains the collections. | Optional |
rule_type | The names of the rule collection type to retrieve. Possible values are: application_rule, network_rule, nat_rule. | Required |
limit | The maximum number of results to retrieve. Minimum value is 1. Default is 50. | Optional |
page | The page number of the results to retrieve. Minimum value is 1. Default is 1. | Optional |
subscription_id | The subscription ID. Note: This argument will override the instance parameter ‘Default Subscription ID'. | Optional |
resource_group_name | The name of the resource group. Note: This argument will override the instance parameter ‘Default Resource Group Name'. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
AzureFirewall.RuleCollection.name | String | Rule collection unique name. |
#
Command example!azure-firewall-rule-collection-list policy=xsoar-policy rule_type=network_rule limit=1 page=1
#
Context Example#
Human Readable Output#
xsoar-policy Rule Collections List:Current page size: 1 Showing page 1 out others that may exist.
Name Action Priority playbook-collection Deny 201
#
azure-firewall-rule-listList rules in the firewall or in the policy. One of the arguments 'firewall_name' or 'policy' must be provided.
#
Base Commandazure-firewall-rule-list
#
InputArgument Name | Description | Required |
---|---|---|
firewall_name | The name of the Azure firewall that contains the rules. | Optional |
policy | The name of the Azure policy that contains the rules. | Optional |
rule_type | The names of the rule types to retrieve. Required when the "firewall_name" argument is provided. Possible values are: application_rule, network_rule, nat_rule. | Optional |
collection_name | The name of the rule collection that contains the rules. | Required |
limit | The maximum number of results to retrieve. Minimum value is 1. Default is 50. | Optional |
page | The page number of the results to retrieve. Minimum value is 1. Default is 1. | Optional |
subscription_id | The subscription ID. Note: This argument will override the instance parameter ‘Default Subscription ID'. | Optional |
resource_group_name | The name of the resource group. Note: This argument will override the instance parameter ‘Default Resource Group Name'. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
AzureFirewall.Rule.name | String | Rule name. |
#
Command example!azure-firewall-rule-list policy=xsoar-policy collection_name=playbook-collection rule_type=network_rule limit=1 page=1
#
Context Example#
Human Readable Output#
Policy xsoar-policy network_rule Rules List:Current page size: 1 Showing page 1 out others that may exist.
Name playbook-rule
#
azure-firewall-rule-getRetrieve rule information. One of the arguments 'firewall_name' or 'policy' must be provided.
#
Base Commandazure-firewall-rule-get
#
InputArgument Name | Description | Required |
---|---|---|
firewall_name | The name of the firewall that contains the rule. | Optional |
policy | The name of the Azure policy that contains the rules. | Optional |
rule_type | The name of the rule type collection that contains the rule. Required when the "firewall_name" argument is provided. Possible values are: application_rule, network_rule, nat_rule. | Optional |
collection_name | The name of the rule collection that contains the rule. | Required |
rule_name | The name of the rule to retrieve. | Required |
subscription_id | The subscription ID. Note: This argument will override the instance parameter ‘Default Subscription ID'. | Optional |
resource_group_name | The name of the resource group. Note: This argument will override the instance parameter ‘Default Resource Group Name'. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
AzureFirewall.Rule.name | String | Rule name. |
#
Command example!azure-firewall-rule-get policy=xsoar-policy collection_name=playbook-collection rule_name=new-playbook-rule
#
Context Example#
Human Readable Output#
Rule new-playbook-rule Information:
Name new-playbook-rule
#
azure-firewall-policy-createCreate a firewall policy. This command only creates the policy resource. In order to attach the policy to a firewall, run the 'azure-firewall-policy-attach' command.
#
Base Commandazure-firewall-policy-create
#
InputArgument Name | Description | Required |
---|---|---|
policy_name | The name of the Azure policy to create. | Required |
threat_intelligence_mode | The operation mode for threat intelligence. Possible values are: Alert, Deny, Turned-off. Default is Turned-off. | Required |
ips | Comma-separated list of IP addresses for the threat intelligence whitelist. | Optional |
domains | Comma-separated list of fully qualified domain names for the threat intelligence whitelist. For example : *.microsoft.com,email.college.edu . | Optional |
location | Policy resource region location. Possible values are: northcentralus, eastus, northeurope, westeurope, eastasia, southeastasia, eastus2, centralus, southcentralus, westus, japaneast, japanwest, australiaeast, australiasoutheast, brazilsouth, centralindia, southindia, westindia, canadacentral, canadaeast, uksouth, ukwest, westcentralus, westus2, koreacentral, francecentral, australiacentral, uaenorth, southafricanorth, switzerlandnorth, germanywestcentral, norwayeast, westus3, jioindiawest. | Required |
tier | Tier of an Azure policy. Possible values are: Standard, Premium. Default is Standard. | Required |
base_policy_id | The ID of the parent firewall policy from which rules are inherited. | Optional |
enable_proxy | Whether to enable the DNS proxy on firewalls attached to the firewall policy. Possible values are: True, False. Default is False. | Optional |
dns_servers | Comma-separated list of custom DNS servers. | Optional |
interval | Indicates how long to wait between command executions (in seconds) when the 'polling' argument is true. Minimum value is 10 seconds. Default is 30. | Optional |
timeout | Indicates the time in seconds until the polling sequence times out. Default is 60. | Optional |
subscription_id | The subscription ID. Note: This argument will override the instance parameter ‘Default Subscription ID'. | Optional |
resource_group_name | The name of the resource group. Note: This argument will override the instance parameter ‘Default Resource Group Name'. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
AzureFirewall.Policy.id | String | Policy resource ID. |
AzureFirewall.Policy.name | String | Policy resource name. |
#
Command example!azure-firewall-policy-create policy_name=xsoar-policy threat_intelligence_mode=Alert location=eastus tier=Standard interval=10 timeout=600
#
Context Example#
Human Readable Output#
Successfully Created Policy "xsoar-policy"
Name Id Tier Location Firewalls Base Policy Child Policies Provisioning State xsoar-policy /subscriptions/xsoar-subscription/resourceGroups/xsoar-resource-group/providers/Microsoft.Network/firewallPolicies/xsoar-policy Standard eastus Updating
#
azure-firewall-policy-updateUpdate the policy resource. The command will update the provided arguments.
#
Base Commandazure-firewall-policy-update
#
InputArgument Name | Description | Required |
---|---|---|
policy_name | The name of the Azure policy to update. | Required |
threat_intelligence_mode | The operation mode for threat intelligence. Possible values are: Alert, Deny, Turned-off. | Optional |
ips | Comma-separated list of IP addresses for the threat intelligence whitelist. | Optional |
domains | Comma-separated list of fully qualified domain names for the threat intelligence whitelist. For example : *.microsoft.com,email.college.edu . | Optional |
base_policy_id | The ID of the parent firewall policy from which rules are inherited. | Optional |
enable_proxy | Whether to enable the DNS Proxy on Firewalls attached to the Firewall Policy. Possible values are: True, False. | Optional |
dns_servers | Comma-separated list of custom DNS servers. | Optional |
interval | Indicates how long to wait between command executions (in seconds) when the 'polling' argument is true. Minimum value is 10 seconds. Default is 30. | Optional |
timeout | Indicates the time in seconds until the polling sequence times out. Default is 60. | Optional |
subscription_id | The subscription ID. Note: This argument will override the instance parameter ‘Default Subscription ID'. | Optional |
resource_group_name | The name of the resource group. Note: This argument will override the instance parameter ‘Default Resource Group Name'. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
AzureFirewall.Policy.id | String | Policy resource ID. |
AzureFirewall.Policy.name | String | Policy resource name. |
#
Command example!azure-firewall-policy-update policy_name=xsoar-policy threat_intelligence_mode=Deny interval=10 timeout=600
#
Context Example#
Human Readable Output#
Successfully Updated Policy "xsoar-policy"
Name Id Tier Location Firewalls Base Policy Child Policies Provisioning State xsoar-policy /subscriptions/xsoar-subscription/resourceGroups/xsoar-resource-group/providers/Microsoft.Network/firewallPolicies/xsoar-policy Standard eastus Updating
#
azure-firewall-policy-getRetrieve policy information.
#
Base Commandazure-firewall-policy-get
#
InputArgument Name | Description | Required |
---|---|---|
policy_names | Comma-separated list of policy names to retrieve. | Required |
polling | Indicates if the command was scheduled. Possible values are: True, False. Default is True. | Optional |
interval | Indicates how long to wait between command executions (in seconds) when the 'polling' argument is true. Minimum value is 10 seconds. Default is 30. | Optional |
timeout | Indicates the time in seconds until the polling sequence times out. Default is 60. | Optional |
subscription_id | The subscription ID. Note: This argument will override the instance parameter ‘Default Subscription ID'. | Optional |
resource_group_name | The name of the resource group. Note: This argument will override the instance parameter ‘Default Resource Group Name'. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
AzureFirewall.Policy.id | String | Policy resource ID. |
AzureFirewall.Policy.name | String | Policy resource name. |
#
Command example!azure-firewall-policy-get policy_names=xsoar-policy interval=10 timeout=600
#
Context Example#
Human Readable Output#
Policy xsoar-policy information:
Name Id Tier Location Firewalls Base Policy Child Policies Provisioning State xsoar-policy /subscriptions/xsoar-subscription/resourceGroups/xsoar-resource-group/providers/Microsoft.Network/firewallPolicies/xsoar-policy Standard eastus Succeeded
#
azure-firewall-policy-deleteDelete policy resource.
#
Base Commandazure-firewall-policy-delete
#
InputArgument Name | Description | Required |
---|---|---|
policy_names | Comma-separated list of policy names to delete. | Required |
subscription_id | The subscription ID. Note: This argument will override the instance parameter ‘Default Subscription ID'. | Optional |
resource_group_name | The name of the resource group. Note: This argument will override the instance parameter ‘Default Resource Group Name'. | Optional |
#
Context OutputThere is no context output for this command.
#
azure-firewall-policy-listList the policy in the resource group or subscription.
#
Base Commandazure-firewall-policy-list
#
InputArgument Name | Description | Required |
---|---|---|
resource | The resource that contains the policies to list. Possible values are: resource_group, subscription. Default is resource_group. | Required |
limit | The maximum number of results to retrieve. Minimum value is 1. Default is 50. | Optional |
page | The page number of the results to retrieve. Minimum value is 1. Default is 1. | Optional |
subscription_id | The subscription ID. Note: This argument will override the instance parameter ‘Default Subscription ID'. | Optional |
resource_group_name | The name of the resource group. Note: This argument will override the instance parameter ‘Default Resource Group Name'. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
AzureFirewall.Policy.id | String | Policy resource ID. |
AzureFirewall.Policy.name | String | Policy resource name. |
#
Command example!azure-firewall-policy-list resource=resource_group limit=1 page=1
#
Context Example#
Human Readable Output#
Policy List:Current page size: 1 Showing page 1 out others that may exist.
Name Id Tier Location Firewalls Base Policy Child Policies Provisioning State xsoar-policy /subscriptions/xsoar-subscription/resourceGroups/xsoar-resource-group/providers/Microsoft.Network/firewallPolicies/xsoar-policy Standard eastus Succeeded
#
azure-firewall-policy-attachAttach a policy to a firewall. The policy and firewall have to belong to the same tier.
#
Base Commandazure-firewall-policy-attach
#
InputArgument Name | Description | Required |
---|---|---|
firewall_names | Comma-separated list of firewall names to which the policy will be attached. | Required |
policy_id | The ID of the policy to attach. | Required |
interval | Indicates how long to wait between command executions (in seconds) when the 'polling' argument is true. Minimum value is 10 seconds. Default is 30. | Optional |
timeout | Indicates the time in seconds until the polling sequence times out. Default is 60. | Optional |
subscription_id | The subscription ID. Note: This argument will override the instance parameter ‘Default Subscription ID'. | Optional |
resource_group_name | The name of the resource group. Note: This argument will override the instance parameter ‘Default Resource Group Name'. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
AzureFirewall.Firewall.id | String | Firewall resource ID. |
AzureFirewall.Firewall.name | String | Firewall resource name. |
AzureFirewall.Firewall.location | String | Firewall resource location. |
#
Command example!azure-firewall-policy-attach firewall_names=test-ip policy_id=/subscriptions/xsoar-subscription/resourceGroups/xsoar-resource-group/providers/Microsoft.Network/firewallPolicies/xsoar-policy interval=10 timeout=600
#
Context Example#
Human Readable Output#
Successfully Updated Firewall "test-ip"
Name Id Location Subnet Threat Intel Mode Private Ip Address Provisioning State test-ip /subscriptions/xsoar-subscription/resourceGroups/xsoar-resource-group/providers/Microsoft.Network/azureFirewalls/test-ip eastus /subscriptions/xsoar-subscription/resourceGroups/xsoar-resource-group/providers/Microsoft.Network/virtualNetworks/test-v-n/subnets/AzureFirewallSubnet Alert 189.160.40.11 Updating
#
azure-firewall-policy-detachRemove a policy from the firewall. This command will detach the policy and firewall, but will not delete the policy.
#
Base Commandazure-firewall-policy-detach
#
InputArgument Name | Description | Required |
---|---|---|
firewall_names | Comma-separated list of firewall names from which the policy will be removed. | Required |
interval | Indicates how long to wait between command executions (in seconds) when the 'polling' argument is true. Minimum value is 10 seconds. Default is 30. | Optional |
timeout | Indicates the time in seconds until the polling sequence times out. Default is 60. | Optional |
subscription_id | The subscription ID. Note: This argument will override the instance parameter ‘Default Subscription ID'. | Optional |
resource_group_name | The name of the resource group. Note: This argument will override the instance parameter ‘Default Resource Group Name'. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
AzureFirewall.Firewall.id | String | Firewall resource ID. |
AzureFirewall.Firewall.name | String | Firewall resource name. |
AzureFirewall.Firewall.location | String | Firewall resource location. |
#
Command example!azure-firewall-policy-detach firewall_names=test-ip interval=10 timeout=600
#
Context Example#
Human Readable Output#
Successfully Updated Firewall "test-ip"
Name Id Location Subnet Threat Intel Mode Private Ip Address Provisioning State test-ip /subscriptions/xsoar-subscription/resourceGroups/xsoar-resource-group/providers/Microsoft.Network/azureFirewalls/test-ip eastus /subscriptions/xsoar-subscription/resourceGroups/xsoar-resource-group/providers/Microsoft.Network/virtualNetworks/test-v-n/subnets/AzureFirewallSubnet Alert 189.160.40.11 Updating
#
azure-firewall-network-rule-collection-createCreate a network rule collection in a firewall or policy. The command will return firewall or policy rule collection resource information. One of the arguments 'firewall_name' or 'policy' must be provided.
#
Base Commandazure-firewall-network-rule-collection-create
#
InputArgument Name | Description | Required |
---|---|---|
firewall_name | The name of the firewall that contains the collection. | Optional |
policy | The name of the policy that contains the collection. | Optional |
collection_name | The name of the network rule collection to create. | Required |
collection_priority | The priority of the network rule collection resource. Minimum value is 100, maximum value is 65000. | Required |
action | The action type of a rule collection. Possible values are: Allow, Deny. | Required |
rule_name | The name of the network rule to create. | Required |
description | The description of the created rule. | Required |
protocols | Comma-separated list of protocols for the created rule. Possible values are: TCP, UDP, ICMP, Any. | Required |
source_type | Rule source type. Possible values are: ip_address, ip_group. | Required |
source_ips | Comma-separated list of source IP addresses for the created rule. Must be provided when the 'source_type' argument is assigned to 'ip_address'. | Optional |
source_ip_group_ids | Comma-separated list of source IP group IDs for the created rule. Must be provided when the 'source_type' argument is assigned to 'ip_group'. | Optional |
destination_type | Rule destination type. Possible values are: ip_address, ip_group, service_tag, fqdn. | Required |
destinations | Comma-separated list of destinations for the created rule. Must be consistent with the provided 'destination_type' argument. Supports IP addresses, service tag names, IP group IDs and FQDN addresses. | Required |
destination_ports | Comma-separated list of destination ports. | Required |
interval | Indicates how long to wait between command executions (in seconds) when the 'polling' argument is true. Minimum value is 10 seconds. Default is 30. | Optional |
timeout | Indicates the time in seconds until the polling sequence times out. Default is 60. | Optional |
subscription_id | The subscription ID. Note: This argument will override the instance parameter ‘Default Subscription ID'. | Optional |
resource_group_name | The name of the resource group. Note: This argument will override the instance parameter ‘Default Resource Group Name'. | Optional |
#
Context OutputThere is no context output for this command.
#
Command example!azure-firewall-network-rule-collection-create policy=xsoar-policy collection_name=playbook-collection collection_priority=105 action=Allow rule_name=playbook-rule description=test-playbook-collection protocols=UDP,TCP source_type=ip_address source_ips=189.160.40.11,189.160.40.11 destination_type=ip_address destinations=189.160.40.11,189.160.40.11 destination_ports=8080 interval=10 timeout=600
#
Context Example#
Human Readable Output#
Successfully Updated Policy "xsoar-policy"
Name Id Tier Location Firewalls Base Policy Child Policies Provisioning State xsoar-policy /subscriptions/xsoar-subscription/resourceGroups/xsoar-resource-group/providers/Microsoft.Network/firewallPolicies/xsoar-policy Standard eastus Updating
#
azure-firewall-network-rule-collection-deleteDelete a network rule collection from the firewall or policy. One of the arguments 'firewall_name' or 'policy' must be provided.
#
Base Commandazure-firewall-network-rule-collection-delete
#
InputArgument Name | Description | Required |
---|---|---|
firewall_name | The name of the firewall that contains the collection. | Optional |
policy | The name of the policy the contains the collection. | Optional |
collection_name | The name of the network rule collection to delete. | Required |
interval | Indicates how long to wait between command executions (in seconds) when the 'polling' argument is true. Minimum value is 10 seconds. Default is 30. | Optional |
timeout | Indicates the time in seconds until the polling sequence times out. Default is 60. | Optional |
subscription_id | The subscription ID. Note: This argument will override the instance parameter ‘Default Subscription ID'. | Optional |
resource_group_name | The name of the resource group. Note: This argument will override the instance parameter ‘Default Resource Group Name'. | Optional |
#
Context OutputThere is no context output for this command.
#
Command example!azure-firewall-network-rule-collection-delete policy=xsoar-policy collection_name=playbook-collection interval=10 timeout=600
#
Context Example#
Human Readable Output#
Successfully Updated Policy "xsoar-policy"
Name Id Tier Location Firewalls Base Policy Child Policies Provisioning State xsoar-policy /subscriptions/xsoar-subscription/resourceGroups/xsoar-resource-group/providers/Microsoft.Network/firewallPolicies/xsoar-policy Standard eastus Updating
#
azure-firewall-network-rule-createCreate a network rule in the firewall or policy rule collection. One of the arguments 'firewall_name' or 'policy' must be provided.
#
Base Commandazure-firewall-network-rule-create
#
InputArgument Name | Description | Required |
---|---|---|
firewall_name | The name of the firewall that contains the collection. | Optional |
policy | The name of the policy that contains the collection. | Optional |
collection_name | The name of the network rule collection that contains the rule. | Required |
rule_name | The name of the network rule to create. | Required |
description | The description of the created rule. | Required |
protocols | Comma-separated list of protocols for the created rule. Possible values are: TCP, UDP, ICMP, Any. | Required |
source_type | Rule source type. Possible values are: ip_address, ip_group. | Required |
source_ips | Comma-separated list of source IP addresses for the created rule. Must be provided when the 'source_type' argument is assigned to 'ip_address'. | Optional |
source_ip_group_ids | Comma-separated list of source IP group IDs for the created rule. Must be provided when the 'source_type' argument is assigned to 'ip_group'. | Optional |
destination_type | Rule destination type. Possible values are: ip_address, ip_group, service_tag, fqdn. | Required |
destinations | Comma-separated list of destinations for the created rule. Must be consistent with the provided 'destination_type' argument. Supports IP addresses, service tag names, IP group IDs and FQDN addresses. | Required |
destination_ports | Comma-separated list of destination ports. | Required |
interval | Indicates how long to wait between command executions (in seconds) when the 'polling' argument is true. Minimum value is 10 seconds. Default is 30. | Optional |
timeout | Indicates the time in seconds until the polling sequence times out. Default is 60. | Optional |
subscription_id | The subscription ID. Note: This argument will override the instance parameter ‘Default Subscription ID'. | Optional |
resource_group_name | The name of the resource group. Note: This argument will override the instance parameter ‘Default Resource Group Name'. | Optional |
#
Context OutputThere is no context output for this command.
#
Command example!azure-firewall-network-rule-create policy=xsoar-policy collection_name=playbook-collection rule_name=new-playbook-rule description=test-playbook-collection protocols=UDP,TCP source_type=ip_address source_ips=189.160.40.11,189.160.40.11 destination_type=ip_address destinations=189.160.40.11,189.160.40.11 destination_ports=8080 interval=10 timeout=600
#
Context Example#
Human Readable Output#
Successfully Updated Policy "xsoar-policy"
Name Id Tier Location Firewalls Base Policy Child Policies Provisioning State xsoar-policy /subscriptions/xsoar-subscription/resourceGroups/xsoar-resource-group/providers/Microsoft.Network/firewallPolicies/xsoar-policy Standard eastus Updating
#
azure-firewall-network-rule-updateUpdate the network rule in the firewall. The provided arguments will replace the existing rule configuration. One of the arguments 'firewall_name' or 'policy' must be provided. The command will not replace the rule source or destination types.
#
Base Commandazure-firewall-network-rule-update
#
InputArgument Name | Description | Required |
---|---|---|
firewall_name | The name of the firewall that contains the collection. | Optional |
policy | The name of the policy that contains the collection. | Optional |
collection_name | The name of the network rule collection to update. | Required |
rule_name | The name of the network rule to update. | Required |
description | The new description of the rule. | Optional |
protocols | Comma-separated list of protocols for the rule. Possible values are: TCP, UDP, ICMP, Any. | Optional |
source_type | Rule source type. Possible values are: ip_address, ip_group. | Optional |
source_ips | Comma-separated list of source IP addresses for the created rule. Must be provided when the 'source_type' argument is assigned to 'ip_address'. | Optional |
source_ip_group_ids | Comma-separated list of source IP group IDs for the created rule. Must be provided when the 'source_type' argument is assigned to 'ip_group'. | Optional |
destination_type | Rule destination type. Must be provided when the 'destinations' argument is provided. Possible values are: ip_address, ip_group, service_tag, fqdn. | Optional |
destinations | Comma-separated list of destinations for the created rule. Must be consistent with the provided 'destination_type' argument. Supports IP addresses, service tag names, IP group IDs and FQDN addresses. | Optional |
destination_ports | Comma-separated list of destination ports. | Optional |
interval | Indicates how long to wait between command executions (in seconds) when the 'polling' argument is true. Minimum value is 10 seconds. Default is 30. | Optional |
timeout | Indicates the time in seconds until the polling sequence times out. Default is 60. | Optional |
subscription_id | The subscription ID. Note: This argument will override the instance parameter ‘Default Subscription ID'. | Optional |
resource_group_name | The name of the resource group. Note: This argument will override the instance parameter ‘Default Resource Group Name'. | Optional |
#
Context OutputThere is no context output for this command.
#
Command example!azure-firewall-network-rule-update policy=xsoar-policy collection_name=playbook-collection rule_name=new-playbook-rule protocols=UDP interval=10 timeout=600
#
Context Example#
Human Readable Output#
Successfully Updated Policy "xsoar-policy"
Name Id Tier Location Firewalls Base Policy Child Policies Provisioning State xsoar-policy /subscriptions/xsoar-subscription/resourceGroups/xsoar-resource-group/providers/Microsoft.Network/firewallPolicies/xsoar-policy Standard eastus Succeeded
#
azure-firewall-network-rule-deleteDelete a network rule from the collection. One of the arguments 'firewall_name' or 'policy' must be provided.
#
Base Commandazure-firewall-network-rule-delete
#
InputArgument Name | Description | Required |
---|---|---|
firewall_name | The name of the firewall that contains the collection. | Optional |
policy | The name of the policy that contains the collection. | Optional |
collection_name | The name of the network rule collection to update. | Required |
rule_names | Comma-separated list of network rule names to delete from the collection. | Required |
interval | Indicates how long to wait between command executions (in seconds) when the 'polling' argument is true. Minimum value is 10 seconds. Default is 30. | Optional |
timeout | Indicates the time in seconds until the polling sequence times out. Default is 60. | Optional |
subscription_id | The subscription ID. Note: This argument will override the instance parameter ‘Default Subscription ID'. | Optional |
resource_group_name | The name of the resource group. Note: This argument will override the instance parameter ‘Default Resource Group Name'. | Optional |
#
Context OutputThere is no context output for this command.
#
Command example!azure-firewall-network-rule-delete policy=xsoar-policy collection_name=playbook-collection rule_names=new-playbook-rule interval=10 timeout=600
#
Context Example#
Human Readable Output#
Successfully Updated Policy "xsoar-policy"
Name Id Tier Location Firewalls Base Policy Child Policies Provisioning State xsoar-policy /subscriptions/xsoar-subscription/resourceGroups/xsoar-resource-group/providers/Microsoft.Network/firewallPolicies/xsoar-policy Standard eastus Updating
#
azure-firewall-network-rule-collection-updateUpdate a network rule collection in a firewall or policy. The command will update the provided arguments. One of the arguments 'firewall_name' or 'policy' must be provided. The command will return firewall or policy rule collection resource information.
#
Base Commandazure-firewall-network-rule-collection-update
#
InputArgument Name | Description | Required |
---|---|---|
firewall_name | The name of the firewall that contains the collection. | Optional |
policy | The name of the policy that contains the collection. | Optional |
collection_name | The name of the network rule collection to update. | Required |
priority | The priority of the network rule collection resource. Minimum value is 100, maximum value us 65000. | Optional |
action | The action type of a rule collection. Possible values are: Allow, Deny. | Optional |
interval | Indicates how long to wait between command executions (in seconds) when the 'polling' argument is true. Minimum value is 10 seconds. Default is 30. | Optional |
timeout | Indicates the time in seconds until the polling sequence times out. Default is 60. | Optional |
subscription_id | The subscription ID. Note: This argument will override the instance parameter ‘Default Subscription ID'. | Optional |
resource_group_name | The name of the resource group. Note: This argument will override the instance parameter ‘Default Resource Group Name'. | Optional |
#
Context OutputThere is no context output for this command.
#
Command example!azure-firewall-network-rule-collection-update policy=xsoar-policy collection_name=playbook-collection priority=201 action=Deny interval=10 timeout=600
#
Context Example#
Human Readable Output#
Successfully Updated Policy "xsoar-policy"
Name Id Tier Location Firewalls Base Policy Child Policies Provisioning State xsoar-policy /subscriptions/xsoar-subscription/resourceGroups/xsoar-resource-group/providers/Microsoft.Network/firewallPolicies/xsoar-policy Standard eastus Succeeded
#
azure-firewall-service-tag-listRetrieve service tags information.
#
Base Commandazure-firewall-service-tag-list
#
InputArgument Name | Description | Required |
---|---|---|
location | The location that will be used as a reference for a version (not as a filter based on location, the command will retrieve the list of service tags with prefix details across all regions but limited to the cloud that your subscription belongs to). Possible values are: northcentralus, eastus, northeurope, westeurope, eastasia, southeastasia, eastus2, centralus, southcentralus, westus, japaneast, japanwest, australiaeast, australiasoutheast, brazilsouth, centralindia, southindia, westindia, canadacentral, canadaeast, uksouth, ukwest, westcentralus, westus2, koreacentral, francecentral, australiacentral, uaenorth, southafricanorth, switzerlandnorth, germanywestcentral, norwayeast, westus3, jioindiawest. | Required |
limit | The maximum number of results to retrieve. Minimum value is 1. Default is 50. | Optional |
page | The page number of the results to retrieve. Minimum value is 1. Default is 1. | Optional |
subscription_id | The subscription ID. Note: This argument will override the instance parameter ‘Default Subscription ID'. | Optional |
resource_group_name | The name of the resource group. Note: This argument will override the instance parameter ‘Default Resource Group Name'. | Optional |
#
Context OutputThere is no context output for this command.
#
Command example!azure-firewall-service-tag-list location=eastus limit=1 page=3
#
Context Example#
Human Readable Output#
Service Tag List:Current page size: 1 Showing page 3 out others that may exist.
Name Id ApiManagement.AustraliaCentral ApiManagement.AustraliaCentral
#
azure-firewall-ip-group-createCreate an IP group.
#
Base Commandazure-firewall-ip-group-create
#
InputArgument Name | Description | Required |
---|---|---|
ip_group_name | The name of the IP group resource to create. | Required |
ips | Comma-separated list of IP addresses or IP address prefixes in the IP group resource. | Optional |
location | The location of the IP group resource. Possible values are: northcentralus, eastus, northeurope, westeurope, eastasia, southeastasia, eastus2, centralus, southcentralus, westus, japaneast, japanwest, australiaeast, australiasoutheast, brazilsouth, centralindia, southindia, westindia, canadacentral, canadaeast, uksouth, ukwest, westcentralus, westus2, koreacentral, francecentral, australiacentral, uaenorth, southafricanorth, switzerlandnorth, germanywestcentral, norwayeast, westus3, jioindiawest. | Required |
interval | Indicates how long to wait between command executions (in seconds) when the 'polling' argument is true. Minimum value is 10 seconds. Default is 30. | Optional |
timeout | Indicates the time in seconds until the polling sequence times out. Default is 60. | Optional |
subscription_id | The subscription ID. Note: This argument will override the instance parameter ‘Default Subscription ID'. | Optional |
resource_group_name | The name of the resource group. Note: This argument will override the instance parameter ‘Default Resource Group Name'. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
AzureFirewall.IPGroup.id | String | IP group resource ID. |
AzureFirewall.IPGroup.name | String | IP group resource name. |
AzureFirewall.IPGroup.properties.ipAddresses | String | List of IP addresses or IP address prefixes in the IP groups resource. |
#
Command example!azure-firewall-ip-group-create ip_group_name=xsoar-ip-group ips=189.160.40.11 location=eastus interval=10 timeout=600
#
Context Example#
Human Readable Output#
Successfully Created IP Group "xsoar-ip-group"
Name Id Ip Addresses Firewalls Firewall Policies Provisioning State xsoar-ip-group /subscriptions/xsoar-subscription/resourceGroups/xsoar-resource-group/providers/Microsoft.Network/ipGroups/xsoar-ip-group 189.160.40.11 Updating
#
azure-firewall-ip-group-updateUpdate an IP group. Add or remove IP addresses from the group.
#
Base Commandazure-firewall-ip-group-update
#
InputArgument Name | Description | Required |
---|---|---|
ip_group_name | The name of the IP group resource to update. | Required |
ips_to_add | Comma-separated list of IP addresses or IP address prefixes to add to the IP group resource. | Optional |
ips_to_remove | Comma-separated list of IP addresses or IP address prefixes to remove from the IP group resource. | Optional |
interval | Indicates how long to wait between command executions (in seconds) when the 'polling' argument is true. Minimum value is 10 seconds. Default is 30. | Optional |
timeout | Indicates the time in seconds until the polling sequence times out. Default is 60. | Optional |
subscription_id | The subscription ID. Note: This argument will override the instance parameter ‘Default Subscription ID'. | Optional |
resource_group_name | The name of the resource group. Note: This argument will override the instance parameter ‘Default Resource Group Name'. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
AzureFirewall.IPGroup.id | String | IP group resource ID. |
AzureFirewall.IPGroup.name | String | IP group resource name. |
AzureFirewall.IPGroup.properties.ipAddresses | String | List of IP addresses or IP address prefixes in the IP groups resource. |
#
Command example!azure-firewall-ip-group-update ip_group_name=xsoar-ip-group ips_to_add=189.160.40.11,189.160.40.11 ips_to_remove=189.160.40.11,1.1.1 interval=10 timeout=600
#
Context Example#
Human Readable Output#
xsoar-ip-group IP Group Information:
Name Id Ip Addresses Firewalls Firewall Policies Provisioning State xsoar-ip-group /subscriptions/xsoar-subscription/resourceGroups/xsoar-resource-group/providers/Microsoft.Network/ipGroups/xsoar-ip-group 189.160.40.11,
189.160.40.11Updating
#
azure-firewall-ip-group-listList IP groups in a resource group or subscription.
#
Base Commandazure-firewall-ip-group-list
#
InputArgument Name | Description | Required |
---|---|---|
resource | The resource that contains the IP groups to list. Possible values are: resource_group, subscription. Default is resource_group. | Required |
limit | The maximum number of results to retrieve. Minimum value is 1. Default is 50. | Optional |
page | The page number of the results to retrieve. Minimum value is 1. Default is 1. | Optional |
subscription_id | The subscription ID. Note: This argument will override the instance parameter ‘Default Subscription ID'. | Optional |
resource_group_name | The name of the resource group. Note: This argument will override the instance parameter ‘Default Resource Group Name'. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
AzureFirewall.IPGroup.id | String | IP group resource ID. |
AzureFirewall.IPGroup.name | String | IP group resource name. |
AzureFirewall.IPGroup.properties.ipAddresses | String | List of IP addresses or IP address prefixes in the IP groups resource. |
#
Command example!azure-firewall-ip-group-list resource=resource_group limit=1 page=1
#
Context Example#
Human Readable Output#
IP Group List:Current page size: 1 Showing page 1 out others that may exist.
Name Id Ip Addresses Firewalls Firewall Policies Provisioning State xsoar-ip-group /subscriptions/xsoar-subscription/resourceGroups/xsoar-resource-group/providers/Microsoft.Network/ipGroups/xsoar-ip-group 189.160.40.11 Succeeded
#
azure-firewall-ip-group-getRetrieve IP group information.
#
Base Commandazure-firewall-ip-group-get
#
InputArgument Name | Description | Required |
---|---|---|
ip_group_names | Comma-separated list of IP group names resource to retrieve. | Required |
polling | Indicates if the command was scheduled. Possible values are: True, False. Default is True. | Optional |
interval | Indicates how long to wait between command executions (in seconds) when the 'polling' argument is true. Minimum value is 10 seconds. Default is 30. | Optional |
timeout | Indicates the time in seconds until the polling sequence times out. Default is 60. | Optional |
subscription_id | The subscription ID. Note: This argument will override the instance parameter ‘Default Subscription ID'. | Optional |
resource_group_name | The name of the resource group. Note: This argument will override the instance parameter ‘Default Resource Group Name'. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
AzureFirewall.IPGroup.id | String | IP group resource ID. |
AzureFirewall.IPGroup.name | String | IP group resource name. |
AzureFirewall.IPGroup.properties.ipAddresses | String | List of IP addresses or IP address prefixes in the IP groups resource. |
#
Command example!azure-firewall-ip-group-get ip_group_names=xsoar-ip-group interval=10 timeout=600
#
Context Example#
Human Readable Output#
xsoar-ip-group IP Group Information:
Name Id Ip Addresses Firewalls Firewall Policies Provisioning State xsoar-ip-group /subscriptions/xsoar-subscription/resourceGroups/xsoar-resource-group/providers/Microsoft.Network/ipGroups/xsoar-ip-group 189.160.40.11 Succeeded
#
azure-firewall-ip-group-deleteDelete an IP group resource.
#
Base Commandazure-firewall-ip-group-delete
#
InputArgument Name | Description | Required |
---|---|---|
ip_group_names | Comma-separated list of IP group names resource to delete. | Required |
subscription_id | The subscription ID. Note: This argument will override the instance parameter ‘Default Subscription ID'. | Optional |
resource_group_name | The name of the resource group. Note: This argument will override the instance parameter ‘Default Resource Group Name'. | Optional |
#
Context OutputThere is no context output for this command.
#
Command example!azure-firewall-ip-group-delete ip_group_names=xsoar-ip-group
#
Human Readable OutputIP Group xsoar-ip-group deleted successfully.
#
azure-firewall-subscriptions-listList all subscriptions for a tenant.
#
Base Commandazure-firewall-subscriptions-list
#
InputThere are no input arguments for this command.
#
Context OutputPath | Type | Description |
---|---|---|
AzureFirewall.Subscription.authorizationSource | String | The authorization source of the request. |
AzureFirewall.Subscription.displayName | String | The subscription display name. |
AzureFirewall.Subscription.id | String | The fully qualified ID for the subscription. For example, /subscriptions/8d65815f-a5b6-402f-9298-045155da7d74. |
AzureFirewall.Subscription.managedByTenants | Unknown | An array containing the tenants managing the subscription. |
AzureFirewall.Subscription.state | Unknown | The subscription state. Possible values are Enabled, Warned, PastDue, Disabled, and Deleted. |
AzureFirewall.Subscription.subscriptionId | String | The subscription ID. |
AzureFirewall.Subscription.subscriptionPolicies | Unknown | The subscription policies. |
AzureFirewall.Subscription.tags | Object | The tags attached to the subscription. |
AzureFirewall.Subscription.tenantId | String | The subscription tenant ID. |
#
azure-firewall-resource-group-listList all resource groups for a subscription.
#
Base Commandazure-firewall-resource-group-list
#
InputArgument Name | Description | Required |
---|---|---|
subscription_id | The subscription ID. Note: This argument will override the instance parameter ‘Default Subscription ID'. | Optional |
limit | Limit on the number of resource groups to return. Default is 50. | Optional |
tag | A single tag in the form of '{"Tag Name":"Tag Value"}' to filter the list by. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
AzureFirewall.ResourceGroup.id | String | The ID of the resource group. |
AzureFirewall.ResourceGroup.location | String | The location of the resource group. |
AzureFirewall.ResourceGroup.managedBy | String | The ID of the resource that manages this resource group. |
AzureFirewall.ResourceGroup.name | String | The name of the resource group. |
AzureFirewall.ResourceGroup.properties.provisioningState | String | The provisioning state. |
AzureFirewall.ResourceGroup.tags | Object | The tags attached to the resource group. |
AzureFirewall.ResourceGroup.type | String | The type of the resource group. |