![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(60.8, 70%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKG%3C/text%3E%3C/svg%3E)
Azure Firewall
An Azure network security service that is used to protect Azure Virtual Network resources.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(131.20000000000002, 48%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJS%3C/text%3E%3C/svg%3E)
Hello @Kashyap Gandhi,
Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.
I understand that you currently have an active Microsoft Azure subscription and have configured Azure Firewall for testing purposes, aiming to integrate it with QRadar. You raised that you need sample event payload logs in JSON format for log categories including Threat Intelligence, IDPS, DNS proxy failures, Application rule aggregation, Network rule aggregation, NAT rule aggregation, Top flows, and Flow trace.
Azure Firewall can generate the log types what you need, but Microsoft does not provide the sample event payload logs in JSON. If you need these logs, you will need to enable diagnostic settings on your Azure Firewall and select the required log categories. Once you are enabled, you can send the logs to Log Analytics, Event Hub, or a Storage Account.
1. To enable diagnostic settings, just go to your Azure Firewall resource in the portal -> Monitoring -> Diagnostic settings and select the log categories what you need.
2. Generate traffic that activates each rule type, such as using a known blocked domain for Threat Intel or creating traffic that matches your NAT/Application rules. This will help ensure the firewall generates actual log entries.
3. You have the option to send the logs via Event Hub or a Storage Account, allowing you to download them directly in JSON format. Alternatively, you can send the logs to Log Analytics and use KQL queries to obtain the JSON payloads. Once you get the log samples, you can set up QRadar to process and import them.
Below link will help you on Firewall logs:
Monitor Azure Firewall | Microsoft Learn
https://learn.microsoft.com/en-us/azure/azure-monitor/platform/resource-logs?tabs=log-analytics
Kindly let us know if the above helps or you need further assistance on this issue.
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.