Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Azure

 

Use the JSA Azure Content Extension to closely monitor your Azure deployment.

JSA Azure Content Extension V1.0.2

In JSA Azure Content Extension V1.0.2, the QID for the Target User Name custom property is updated.

JSA Azure Content Extension V1.0.1

The following table shows the custom properties in JSA Azure Content Extension V1.0.1.

Table 1: Custom Properties in JSA Azure Content Extension V1.0.1

Name

Optimized

Capture Group

Regex

Bytes Received

Yes

1

\"receivedBytes\":(\d+)

BytesSent

Yes

1

\"sentBytes\":(\d+)

Filename

Yes

1

\"file\":".*\/([^"]+)"

Group Name

Yes

1

"scope":"[^"]*\/resourceGroups\/([^\/]+)

"resourceId":"[^"]*\/RESOURCEGROUPS\/([^"]*?)\/

resourceGroupName=([^\t]+)

Local Network Gateway

No

1

"scope":"[^"]*\/localNetworkGateways\/([^"]*)"

Machine ID

Yes

1

"scope":"[^"]*\/virtualMachines\/(.*?)(?:\/|\")

resourceId=.*?\/virtualMachines\/(.*?)\s

Message

No

1

\"Message\":\"(.*?)\"

\"message\":\"(.*?)\"

Network Interface

No

1

"scope":"[^"]*\/networkInterfaces\/([^"]*)"

Network Security Group

No

1

"resourceId":"[^"]*\/NETWORKSECURITYGROUPS\/([^"]*)"

"scope":"[^"]*\/networkSecurityGroups\/([^"]*)"

Network Watcher

No

1

"scope":"[^"]*\/networkWatchers\/([^"]*)"

Operation ID

No

1

\"operationId\":\"(.*?)\"

operationId=([^\t]+)

Public IP Name

No

1

"scope":"[^"]*\/publicIPAddresses\/([^"]*)"

Region

Yes

1

site\"\:\"([^\"]+)

location\"\:\"([^\"]+)

Resource ID

No

1

resourceId=([^\t]+)

\"resourceId\":\"(.*?)\"

Role Name

Yes

1

roleDefinitions\/(.*?)\\",

Rule Name

Yes

1

\"ruleName\":\"(.*?)\"

Security Rule

No

1

"scope":"[^"]*\/securityRules\/([^"]*)"

Subscription ID

No

1

subscriptionId=([^\t]+)

"scope":"[^"]*\/subscriptions\/([^\/]+)

"resourceId":"[^"]*\/SUBSCRIPTIONS\/([^"]*?)\/

Target User Name

Yes

1

PrincipalId\\":\\"([^\\].*?)\\",

User Agent

No

1

\"userAgent\":\"(.*?)\"

Virtual Network

No

1

"scope":"[^"]*\/virtualNetworks\/([^"]*)"

JSA Azure Content Extension V1.0.0

The following table shows the rules that are included in JSA Azure Content Extension V1.0.0.

Table 2: Rules in JSA Azure Content Extension V1.0.0

Type

Name

Description

Rule

Azure Cloud: Security Rule was Deleted

Detects when a security rule is deleted.

Rule

Azure Cloud: Network Security Group has been Created or Updated

Detects when a security group is created or updated.

Rule

Azure Cloud: Virtual Network Deleted

Detects when a virtual network is deleted.

Rule

Azure Cloud: Virtual Network Subnet Deleted

Detects when a virtual network subnet is deleted.

Rule

Azure Cloud: Virtual Network Gateway Connection Deleted

Detects when a virtual network gateway connection is deleted.

Rule

Azure Cloud: Local Network Gateway Deleted

Detects when a local network gateway is deleted.

Rule

Azure Cloud: Security Rule has been Created or Updated

Detects when a security rule is created or updated.

Rule

Azure Cloud: Virtual Network Peering Deleted

Detects when a virtual network peering is deleted.

Rule

Azure Cloud: Network Watcher was Deleted

Detects when a Network Watcher is deleted.

Rule

Azure Cloud: Network Security Group was Deleted

Detects when a network security group is deleted.

The following table shows the reports in JSA Azure Content Extension V1.0.0.

Table 3: Reports in JSA Azure Content Extension V1.0.0

Report Name

Description

Azure Web Apps Virtual Connections Deleted - Weekly

Provides greater monitoring and trending for Azure web app virtual connections.

Azure Web Apps Virtual Connections Deleted - Monthly

Provides greater monitoring and trending for Azure web app virtual connections.

Azure Virtual Network Created or Updated - Weekly

Provides greater monitoring and trending for Azure virtual networks.

Azure Virtual Network Created or Updated - Monthly

Provides greater monitoring and trending for Azure virtual networks.

Azure Network Security Group Created or Updated - Weekly

Provides greater monitoring and trending for Azure security groups.

Azure Network Security Group Created or Updated - Monthly

Provides greater monitoring and trending for Azure security groups.

Azure Security Rule Created or Updated - Weekly

Provides greater monitoring and trending for Azure security rules.

Azure Security Rule Created or Updated - Monthly

Provides greater monitoring and trending for Azure security rules.

Azure Security Rule Deleted - Weekly

Provides greater monitoring and trending for Azure security rules.

Azure Security Rule Deleted - Monthly

Provides greater monitoring and trending for Azure security rules.

The following table shows the saved searches in JSA Azure Content Extension V1.0.0.

Table 4: Saved Searches in JSA Azure Content Extension V1.0.0

Name

Description

Azure: Security Rule Deleted

This search is used by the Security Rule Deleted reports.

Azure: Network Security Group Created or Updated

This search is used by the Security Group Created or Updated reports.

Azure: Security Rule Created or Updated

This search is used by the Security Rule Created or Updated reports.

Azure: Virtual Network Created or Updated

This search is used by the Virtual Network Created or Updated reports.

Azure: Web Apps Virtual Connections Deleted

This search is used by the Web Apps Virtual Connections Deleted reports.