az network firewall policy intrusion-detection
Note
This reference is part of the azure-firewall extension for the Azure CLI (version 2.75.0 or higher). The extension will automatically install the first time you run an az network firewall policy intrusion-detection command. Learn more about extensions.
Manage intrusion signature rules and bypass rules.
Commands
| Name | Description | Type | Status |
|---|---|---|---|
| az network firewall policy intrusion-detection add |
Update an Azure firewall policy. |
Extension | GA |
| az network firewall policy intrusion-detection list |
List all intrusion detection configuration. |
Extension | GA |
| az network firewall policy intrusion-detection remove |
Update an Azure firewall policy. |
Extension | GA |
az network firewall policy intrusion-detection add
Update an Azure firewall policy.
az network firewall policy intrusion-detection add [--acquire-policy-token]
[--add]
[--auto-learn-private-ranges --learn-ranges {Disabled, Enabled}]
[--cert-name]
[--change-reference]
[--configuration]
[--dns-servers]
[--enable-dns-proxy {0, 1, f, false, n, no, t, true, y, yes}]
[--explicit-proxy]
[--force-string {0, 1, f, false, n, no, t, true, y, yes}]
[--fqdns]
[--identity-type {None, SystemAssigned, SystemAssigned, UserAssigned, UserAssigned}]
[--idps-mode {Alert, Deny, Off}]
[--idps-profile {Core, Emerging, Extended, Off}]
[--ids]
[--ip-addresses]
[--key-vault-secret-id]
[--mode {Alert, Deny, Off}]
[--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
[--policy-name]
[--private-ranges]
[--remove]
[--resource-group]
[--rule-description]
[--rule-dest-addresses]
[--rule-dest-ip-groups]
[--rule-dest-ports]
[--rule-name]
[--rule-protocol {Any, ICMP, TCP, UDP}]
[--rule-src-addresses]
[--rule-src-ip-groups]
[--set]
[--signature-id]
[--sku {Basic, Premium, Standard}]
[--sql {0, 1, f, false, n, no, t, true, y, yes}]
[--subscription]
[--tags]
[--threat-intel-mode {Alert, Deny, Off}]Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Acquiring an Azure Policy token automatically for this resource operation.
| Property | Value |
|---|---|
| Parameter group: | Global Policy Arguments |
Add an object to a list of objects by specifying a path and key value pairs. Example: --add property.listProperty <key=value, string or JSON string>.
| Property | Value |
|---|---|
| Parameter group: | Generic Update Arguments |
The operation mode for automatically learning private ranges to not be SNAT.
| Property | Value |
|---|---|
| Parameter group: | Snat Arguments |
| Accepted values: | Disabled, Enabled |
Name of the CA certificate.
| Property | Value |
|---|---|
| Parameter group: | TLS Inspection Arguments |
The related change reference ID for this resource operation.
| Property | Value |
|---|---|
| Parameter group: | Global Policy Arguments |
Intrusion detection configuration properties. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | IntrusionDetection Arguments |
Space-separated list of DNS server IP addresses. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | DNS Arguments |
Enable DNS Proxy.
| Property | Value |
|---|---|
| Parameter group: | DNS Arguments |
| Accepted values: | 0, 1, f, false, n, no, t, true, y, yes |
Explicit Proxy Settings definition. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | Explicit Proxy Arguments |
When using 'set' or 'add', preserve string literals instead of attempting to convert to JSON.
| Property | Value |
|---|---|
| Parameter group: | Generic Update Arguments |
| Accepted values: | 0, 1, f, false, n, no, t, true, y, yes |
Space-separated list of FQDNs. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | Threat Intel Allowlist Arguments |
The type of identity used for the resource. The type 'SystemAssigned, UserAssigned' includes both an implicitly created identity and a set of user assigned identities. The type 'None' will remove any identities from the virtual machine.
| Property | Value |
|---|---|
| Parameter group: | Identity Instance Arguments |
| Accepted values: | None, SystemAssigned, SystemAssigned, UserAssigned, UserAssigned |
IDPS mode.
| Property | Value |
|---|---|
| Parameter group: | Intrusion Detection Arguments |
| Accepted values: | Alert, Deny, Off |
IDPS mode.
| Property | Value |
|---|---|
| Parameter group: | Intrusion Detection Arguments |
| Accepted values: | Core, Emerging, Extended, Off |
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Space-separated list of IPv4 addresses. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | Threat Intel Allowlist Arguments |
Secret Id of (base-64 encoded unencrypted pfx) Secret or Certificate object stored in KeyVault.
| Property | Value |
|---|---|
| Parameter group: | TLS Inspection Arguments |
The override signature state.
| Property | Value |
|---|---|
| Accepted values: | Alert, Deny, Off |
Do not wait for the long-running operation to finish.
| Property | Value |
|---|---|
| Accepted values: | 0, 1, f, false, n, no, t, true, y, yes |
The name of the Firewall Policy.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
List of private IP addresses/IP address ranges to not be SNAT. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | Snat Arguments |
Remove a property or an element from a list. Example: --remove property.list <indexToRemove> OR --remove propertyToRemove.
| Property | Value |
|---|---|
| Parameter group: | Generic Update Arguments |
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Description of the bypass traffic rule.
Space-separated list of destination IP addresses or ranges for bypass traffic rule Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Space-separated list of destination IpGroups for bypass traffic rule Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Space-separated list of destination ports or ranges for bypass traffic rule Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Name of the bypass traffic rule.
The bypass traffic rule protocol.
| Property | Value |
|---|---|
| Accepted values: | Any, ICMP, TCP, UDP |
Space-separated list of source IP addresses or ranges for this rule Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Space-separated list of source IpGroups for bypass traffic rule Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Update an object by specifying a property path and value to set. Example: --set property1.property2=<value>.
| Property | Value |
|---|---|
| Parameter group: | Generic Update Arguments |
Signature id for override.
SKU of Firewall policy.
| Property | Value |
|---|---|
| Accepted values: | Basic, Premium, Standard |
A flag to indicate if SQL Redirect traffic filtering is enabled.
| Property | Value |
|---|---|
| Accepted values: | 0, 1, f, false, n, no, t, true, y, yes |
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Space-separated tags: key[=value] [key[=value] ...]. Use "" to clear existing tags. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
The operation mode for Threat Intelligence.
| Property | Value |
|---|---|
| Accepted values: | Alert, Deny, Off |
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az network firewall policy intrusion-detection list
List all intrusion detection configuration.
az network firewall policy intrusion-detection list --policy-name
--resource-groupRequired Parameters
The name of the Firewall Policy.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az network firewall policy intrusion-detection remove
Update an Azure firewall policy.
az network firewall policy intrusion-detection remove [--acquire-policy-token]
[--add]
[--auto-learn-private-ranges --learn-ranges {Disabled, Enabled}]
[--cert-name]
[--change-reference]
[--configuration]
[--dns-servers]
[--enable-dns-proxy {0, 1, f, false, n, no, t, true, y, yes}]
[--explicit-proxy]
[--force-string {0, 1, f, false, n, no, t, true, y, yes}]
[--fqdns]
[--identity-type {None, SystemAssigned, SystemAssigned, UserAssigned, UserAssigned}]
[--idps-mode {Alert, Deny, Off}]
[--idps-profile {Core, Emerging, Extended, Off}]
[--ids]
[--ip-addresses]
[--key-vault-secret-id]
[--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
[--policy-name]
[--private-ranges]
[--remove]
[--resource-group]
[--rule-name]
[--set]
[--signature-id]
[--sku {Basic, Premium, Standard}]
[--sql {0, 1, f, false, n, no, t, true, y, yes}]
[--subscription]
[--tags]
[--threat-intel-mode {Alert, Deny, Off}]Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Acquiring an Azure Policy token automatically for this resource operation.
| Property | Value |
|---|---|
| Parameter group: | Global Policy Arguments |
Add an object to a list of objects by specifying a path and key value pairs. Example: --add property.listProperty <key=value, string or JSON string>.
| Property | Value |
|---|---|
| Parameter group: | Generic Update Arguments |
The operation mode for automatically learning private ranges to not be SNAT.
| Property | Value |
|---|---|
| Parameter group: | Snat Arguments |
| Accepted values: | Disabled, Enabled |
Name of the CA certificate.
| Property | Value |
|---|---|
| Parameter group: | TLS Inspection Arguments |
The related change reference ID for this resource operation.
| Property | Value |
|---|---|
| Parameter group: | Global Policy Arguments |
Intrusion detection configuration properties. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | IntrusionDetection Arguments |
Space-separated list of DNS server IP addresses. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | DNS Arguments |
Enable DNS Proxy.
| Property | Value |
|---|---|
| Parameter group: | DNS Arguments |
| Accepted values: | 0, 1, f, false, n, no, t, true, y, yes |
Explicit Proxy Settings definition. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | Explicit Proxy Arguments |
When using 'set' or 'add', preserve string literals instead of attempting to convert to JSON.
| Property | Value |
|---|---|
| Parameter group: | Generic Update Arguments |
| Accepted values: | 0, 1, f, false, n, no, t, true, y, yes |
Space-separated list of FQDNs. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | Threat Intel Allowlist Arguments |
The type of identity used for the resource. The type 'SystemAssigned, UserAssigned' includes both an implicitly created identity and a set of user assigned identities. The type 'None' will remove any identities from the virtual machine.
| Property | Value |
|---|---|
| Parameter group: | Identity Instance Arguments |
| Accepted values: | None, SystemAssigned, SystemAssigned, UserAssigned, UserAssigned |
IDPS mode.
| Property | Value |
|---|---|
| Parameter group: | Intrusion Detection Arguments |
| Accepted values: | Alert, Deny, Off |
IDPS mode.
| Property | Value |
|---|---|
| Parameter group: | Intrusion Detection Arguments |
| Accepted values: | Core, Emerging, Extended, Off |
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Space-separated list of IPv4 addresses. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | Threat Intel Allowlist Arguments |
Secret Id of (base-64 encoded unencrypted pfx) Secret or Certificate object stored in KeyVault.
| Property | Value |
|---|---|
| Parameter group: | TLS Inspection Arguments |
Do not wait for the long-running operation to finish.
| Property | Value |
|---|---|
| Accepted values: | 0, 1, f, false, n, no, t, true, y, yes |
The name of the Firewall Policy.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
List of private IP addresses/IP address ranges to not be SNAT. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | Snat Arguments |
Remove a property or an element from a list. Example: --remove property.list <indexToRemove> OR --remove propertyToRemove.
| Property | Value |
|---|---|
| Parameter group: | Generic Update Arguments |
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Name of the bypass traffic rule.
Update an object by specifying a property path and value to set. Example: --set property1.property2=<value>.
| Property | Value |
|---|---|
| Parameter group: | Generic Update Arguments |
Signature id.
SKU of Firewall policy.
| Property | Value |
|---|---|
| Accepted values: | Basic, Premium, Standard |
A flag to indicate if SQL Redirect traffic filtering is enabled.
| Property | Value |
|---|---|
| Accepted values: | 0, 1, f, false, n, no, t, true, y, yes |
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Space-separated tags: key[=value] [key[=value] ...]. Use "" to clear existing tags. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
The operation mode for Threat Intelligence.
| Property | Value |
|---|---|
| Accepted values: | Alert, Deny, Off |
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
