Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Azure Firewall DNS parser only apply to AzureDiagnostics table, not the new one #11401

Open
Grandma-Flexington opened this issue Nov 8, 2024 · 2 comments
Assignees
Labels

Comments

@Grandma-Flexington
Copy link

when using the _ASim_DNS parser, only Azurefirewalls using the old method of logging will be included, not the new AZFWDnsQuery table

i would like that the Azure Firewall DNS parser gets updated in the same way that the NetworkSession parser got updated to adjust for new table.

alternatively one needs to build DNS detections specifically for AzureFirewalls or start forking the built in parsers and use ones own.

there might also be parser that needs adjustment for the new tables

@v-rusraut v-rusraut added the Parser Parser specialty review needed label Nov 11, 2024
@v-rusraut
Copy link
Contributor

Hi @Grandma-Flexington , Thanks for flagging this issue, we will investigate this issue and get back to you with some updates. Thanks!

@v-sudkharat v-sudkharat added ASIM and removed Parser Parser specialty review needed labels Nov 11, 2024
@Grandma-Flexington
Copy link
Author

do you want me to open another issue on the fact that networksessions parser is not included in this either, or will this issue suffice?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

5 participants