az network firewall policy draft intrusion-detection
Note
This reference is part of the azure-firewall extension for the Azure CLI (version 2.67.0 or higher). The extension will automatically install the first time you run an az network firewall policy draft intrusion-detection command. Learn more about extensions.
Manage intrusion signature rules and bypass rules.
Commands
| Name | Description | Type | Status |
|---|---|---|---|
| az network firewall policy draft intrusion-detection add |
Update a draft Firewall Policy. |
Extension | Preview |
| az network firewall policy draft intrusion-detection list |
List all intrusion detection configuration. |
Extension | Preview |
| az network firewall policy draft intrusion-detection remove |
Update a draft Firewall Policy. |
Extension | Preview |
az network firewall policy draft intrusion-detection add
This command is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus
Update a draft Firewall Policy.
az network firewall policy draft intrusion-detection add [--add]
[--auto-learn-private-ranges --learn-ranges {Disabled, Enabled}]
[--configuration]
[--dns-servers]
[--enable-dns-proxy {0, 1, f, false, n, no, t, true, y, yes}]
[--explicit-proxy]
[--force-string {0, 1, f, false, n, no, t, true, y, yes}]
[--fqdns]
[--idps-mode {Alert, Deny, Off}]
[--ids]
[--ip-addresses]
[--mode {Alert, Deny, Off}]
[--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
[--policy-name]
[--private-ranges]
[--remove]
[--resource-group]
[--rule-description]
[--rule-dest-addresses]
[--rule-dest-ip-groups]
[--rule-dest-ports]
[--rule-name]
[--rule-protocol {Any, ICMP, TCP, UDP}]
[--rule-src-addresses]
[--rule-src-ip-groups]
[--set]
[--signature-id]
[--sql {0, 1, f, false, n, no, t, true, y, yes}]
[--subscription]
[--tags]
[--threat-intel-mode {Alert, Deny, Off}]Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Add an object to a list of objects by specifying a path and key value pairs. Example: --add property.listProperty <key=value, string or JSON string>.
| Property | Value |
|---|---|
| Parameter group: | Generic Update Arguments |
The operation mode for automatically learning private ranges to not be SNAT.
| Property | Value |
|---|---|
| Parameter group: | Snat Arguments |
| Accepted values: | Disabled, Enabled |
Intrusion detection configuration properties. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | IntrusionDetection Arguments |
Space-separated list of DNS server IP addresses. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | DNS Arguments |
Enable DNS Proxy.
| Property | Value |
|---|---|
| Parameter group: | DNS Arguments |
| Accepted values: | 0, 1, f, false, n, no, t, true, y, yes |
Explicit Proxy Settings definition. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | Explicit Proxy Arguments |
When using 'set' or 'add', preserve string literals instead of attempting to convert to JSON.
| Property | Value |
|---|---|
| Parameter group: | Generic Update Arguments |
| Accepted values: | 0, 1, f, false, n, no, t, true, y, yes |
Space-separated list of FQDNs. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | Threat Intel Allowlist Arguments |
IDPS mode.
| Property | Value |
|---|---|
| Parameter group: | Intrustion Detection Arguments |
| Accepted values: | Alert, Deny, Off |
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Space-separated list of IPv4 addresses. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | Threat Intel Allowlist Arguments |
The signature state.
| Property | Value |
|---|---|
| Accepted values: | Alert, Deny, Off |
Do not wait for the long-running operation to finish.
| Property | Value |
|---|---|
| Accepted values: | 0, 1, f, false, n, no, t, true, y, yes |
The name of the Firewall Policy.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
List of private IP addresses/IP address ranges to not be SNAT. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | Snat Arguments |
Remove a property or an element from a list. Example: --remove property.list <indexToRemove> OR --remove propertyToRemove.
| Property | Value |
|---|---|
| Parameter group: | Generic Update Arguments |
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Description of the bypass traffic rule.
Space-separated list of destination IP addresses or ranges for this rule Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Space-separated list of destination IpGroups for this rule Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Space-separated list of destination ports or ranges Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Name of the bypass traffic rule.
The rule bypass protocol.
| Property | Value |
|---|---|
| Accepted values: | Any, ICMP, TCP, UDP |
Space-separated list of source IP addresses or ranges for this rule Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Space-separated list of source IpGroups Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Update an object by specifying a property path and value to set. Example: --set property1.property2=<value>.
| Property | Value |
|---|---|
| Parameter group: | Generic Update Arguments |
Signature id.
A flag to indicate if SQL Redirect traffic filtering is enabled.
| Property | Value |
|---|---|
| Accepted values: | 0, 1, f, false, n, no, t, true, y, yes |
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Space-separated tags: key[=value] [key[=value] ...]. Use "" to clear existing tags. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
The operation mode for Threat Intelligence.
| Property | Value |
|---|---|
| Accepted values: | Alert, Deny, Off |
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az network firewall policy draft intrusion-detection list
This command is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus
List all intrusion detection configuration.
az network firewall policy draft intrusion-detection list --policy-name
--resource-groupRequired Parameters
The name of the Firewall Policy.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az network firewall policy draft intrusion-detection remove
This command is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus
Update a draft Firewall Policy.
az network firewall policy draft intrusion-detection remove [--add]
[--auto-learn-private-ranges --learn-ranges {Disabled, Enabled}]
[--configuration]
[--dns-servers]
[--enable-dns-proxy {0, 1, f, false, n, no, t, true, y, yes}]
[--explicit-proxy]
[--force-string {0, 1, f, false, n, no, t, true, y, yes}]
[--fqdns]
[--idps-mode {Alert, Deny, Off}]
[--ids]
[--ip-addresses]
[--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
[--policy-name]
[--private-ranges]
[--remove]
[--resource-group]
[--rule-name]
[--set]
[--signature-id]
[--sql {0, 1, f, false, n, no, t, true, y, yes}]
[--subscription]
[--tags]
[--threat-intel-mode {Alert, Deny, Off}]Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Add an object to a list of objects by specifying a path and key value pairs. Example: --add property.listProperty <key=value, string or JSON string>.
| Property | Value |
|---|---|
| Parameter group: | Generic Update Arguments |
The operation mode for automatically learning private ranges to not be SNAT.
| Property | Value |
|---|---|
| Parameter group: | Snat Arguments |
| Accepted values: | Disabled, Enabled |
Intrusion detection configuration properties. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | IntrusionDetection Arguments |
Space-separated list of DNS server IP addresses. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | DNS Arguments |
Enable DNS Proxy.
| Property | Value |
|---|---|
| Parameter group: | DNS Arguments |
| Accepted values: | 0, 1, f, false, n, no, t, true, y, yes |
Explicit Proxy Settings definition. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | Explicit Proxy Arguments |
When using 'set' or 'add', preserve string literals instead of attempting to convert to JSON.
| Property | Value |
|---|---|
| Parameter group: | Generic Update Arguments |
| Accepted values: | 0, 1, f, false, n, no, t, true, y, yes |
Space-separated list of FQDNs. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | Threat Intel Allowlist Arguments |
IDPS mode.
| Property | Value |
|---|---|
| Parameter group: | Intrustion Detection Arguments |
| Accepted values: | Alert, Deny, Off |
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Space-separated list of IPv4 addresses. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | Threat Intel Allowlist Arguments |
Do not wait for the long-running operation to finish.
| Property | Value |
|---|---|
| Accepted values: | 0, 1, f, false, n, no, t, true, y, yes |
The name of the Firewall Policy.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
List of private IP addresses/IP address ranges to not be SNAT. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | Snat Arguments |
Remove a property or an element from a list. Example: --remove property.list <indexToRemove> OR --remove propertyToRemove.
| Property | Value |
|---|---|
| Parameter group: | Generic Update Arguments |
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Name of the bypass traffic rule.
Update an object by specifying a property path and value to set. Example: --set property1.property2=<value>.
| Property | Value |
|---|---|
| Parameter group: | Generic Update Arguments |
Signature id.
A flag to indicate if SQL Redirect traffic filtering is enabled.
| Property | Value |
|---|---|
| Accepted values: | 0, 1, f, false, n, no, t, true, y, yes |
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Space-separated tags: key[=value] [key[=value] ...]. Use "" to clear existing tags. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
The operation mode for Threat Intelligence.
| Property | Value |
|---|---|
| Accepted values: | Alert, Deny, Off |
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
