Skip to content

AWS Network Firewall CCF #12414

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
v-atulyadav merged 14 commits into from
Jul 3, 2025
Merged

AWS Network Firewall CCF #12414

Show file tree
Hide file tree
Changes from 11 commits
Commits
Show all changes
14 commits
Select commit Hold shift + click to select a range
0293394
Updated
v-sreddyt May 15, 2025
83ab4b4
Updated
v-sreddyt Jun 3, 2025
083c957
updated
v-sreddyt Jun 12, 2025
4668d61
Merge branch 'Srinivas-AWS-Netwrok-Firewall' of https://github.com/Az…
v-sreddyt Jun 12, 2025
017403d
updated
v-sreddyt Jun 12, 2025
15d46ba
updated
v-sreddyt Jun 16, 2025
2a6e78b
updated
v-sreddyt Jun 17, 2025
d4afddb
Updated
v-sreddyt Jun 20, 2025
93f708e
Updated
v-sreddyt Jun 25, 2025
af04609
Updated
v-sreddyt Jun 25, 2025
4840544
Merge branch 'master' into Srinivas-AWS-Netwrok-Firewall
v-sreddyt Jun 25, 2025
59eac13
updated
v-sreddyt Jun 26, 2025
7290884
updated
v-sreddyt Jun 27, 2025
6dd17e9
solution packaged for Amazon Web Services NetworkFirewall
v-maheshbh Jul 3, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
141 changes: 0 additions & 141 deletions ...Firewall/Data Connectors/AWSNetworkFirewallLogs_CCP/AWSNetworkFirewallAlertLog_Table.json
View file
Open in desktop

This file was deleted.

151 changes: 0 additions & 151 deletions ...kFirewall/Data Connectors/AWSNetworkFirewallLogs_CCP/AWSNetworkFirewallFlowLog_Table.json
View file
Open in desktop

This file was deleted.

44 changes: 33 additions & 11 deletions ...Data Connectors/AWSNetworkFirewallLogs_CCP/AWSNetworkFirewallLog_ConnectorDefinition.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@
"logo": "amazon_web_services_Logo.svg",
"publisher": "Microsoft",
"descriptionMarkdown": "This data connector allows you to ingest AWS Network Firewall logs into Microsoft Sentinel for advanced threat detection and security monitoring. By leveraging Amazon S3 and Amazon SQS, the connector forwards network traffic logs, intrusion detection alerts, and firewall events to Microsoft Sentinel, enabling real-time analysis and correlation with other security data",
"graphQueriesTableName": "AWSNetworkFirewall_FlowLog_CL",
"graphQueriesTableName": "AWSNetworkFirewallFlow",
"graphQueries": [
{
"metricName": "Total Flow events received",
Expand All @@ -21,12 +21,12 @@
{
"metricName": "Total Alerts received",
"legend": "Amazon Web Services NetworkFirewall AlertLog",
"baseQuery": "AWSNetworkFirewall_AlertLog_CL"
"baseQuery": "AWSNetworkFirewallAlert"
},
{
"metricName": "Total Alerts received",
"metricName": "Total TLS logs received",
"legend": "Amazon Web Services NetworkFirewall TLSLog",
"baseQuery": "AWSNetworkFirewall_TlsLog_CL"
"baseQuery": "AWSNetworkFirewallTls"
}
],
"sampleQueries": [
Expand All @@ -36,11 +36,11 @@
},
{
"description": "Get Sample of Alert logs",
"query": "AWSNetworkFirewall_AlertLog_CL\n | take 10"
"query": "AWSNetworkFirewallAlert\n | take 10"
},
{
"description": "Get Sample of Tls logs",
"query": "AWSNetworkFirewall_TlsLog_CL\n | take 10"
"query": "AWSNetworkFirewallTls\n | take 10"
}
],
"dataTypes": [
Expand All @@ -49,12 +49,12 @@
"lastDataReceivedQuery": "{{graphQueriesTableName}}\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)"
},
{
"name": "AWSNetworkFirewall_AlertLog_CL",
"lastDataReceivedQuery": "AWSNetworkFirewall_AlertLog_CL\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)"
"name": "AWSNetworkFirewallAlert",
"lastDataReceivedQuery": "AWSNetworkFirewallAlert\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)"
},
{
"name": "AWSNetworkFirewall_TlsLog_CL",
"lastDataReceivedQuery": "AWSNetworkFirewall_TlsLog_CL\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)"
"name": "AWSNetworkFirewallTls",
"lastDataReceivedQuery": "AWSNetworkFirewallTls\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)"
}
],
"connectivityCriteria": [
Expand Down Expand Up @@ -85,11 +85,33 @@
},
"instructionSteps": [
{
"title": "Ingesting AWS NetworkFirewall logs in Microsoft Sentinel",
"description": "### List of Resources Required:\n\n* Open ID Connect (OIDC) web identity provider\n* IAM Role\n* Amazon S3 Bucket\n* Amazon SQS\n* AWSNetworkFirewall configuration\n* Follow this instructions for [AWS NetworkFirewall Data connector](https://github.com/v-sreddyt/AWS_Networkfirewall/blob/main/readme.md) configuration \n\n",
"instructions": [
{
"type": "Markdown",
"parameters": {
"content": "#### 1. AWS CloudFormation Deployment \n To configure access on AWS, two templates need to be executed in AWS \n You can find the OIDC Web Identity Provider, AWS Network Firewall Configuration Templates [Here](https://github.com/v-sreddyt/AWS_Networkfirewall/tree/main/CloudFormationTemplates) \n You can find the detailed steps for deploying the templates [Here](https://github.com/v-sreddyt/AWS_Networkfirewall/blob/main/readme.md)"
"content": "#### 1. AWS CloudFormation Deployment \n To configure access on AWS, two templates has been generated to set up the AWS environment to send logs from an S3 bucket to your Log Analytics Workspace.\n #### For each template, create Stack in AWS: \n 1. Go to [AWS CloudFormation Stacks](https://aka.ms/awsCloudFormationLink#/stacks/create). \n 2. Choose the ‘**Specify template**’ option, then ‘**Upload a template file**’ by clicking on ‘**Choose file**’ and selecting the appropriate CloudFormation template file provided below. click ‘**Choose file**’ and select the downloaded template. \n 3. Click '**Next**' and '**Create stack**'."
}
},
{
"type": "CopyableLabel",
"parameters": {
"label": "Template 1: OpenID connect authentication deployment",
"isMultiLine": true,
"fillWith": [
"Oidc"
]
}
},
{
"type": "CopyableLabel",
"parameters": {
"label": "Template 2: AWSNetworkFirewall resources deployment",
"isMultiLine": true,
"fillWith": [
"AWSNetworkFirewall"
]
}
},
{
Expand Down
Loading
Loading