- name: Activity Log Azure Firewall Delete description: Activity Log Alert for Azure Firewall Delete type: ActivityLog verified: false visible: true tags: - alz properties: category: Administrative operationName: Microsoft.Network/azureFirewalls/delete status: - succeeded references: - name: Activity Log Service Notifications url: https://learn.microsoft.com/azure/service-health/alerts-activity-log-service-notifications-portal - name: Best practices for setting up service health alerts url: https://www.microsoft.com/videoplayer/embed/RE2OtUa deployments: - name: Deploy Activity Log Azure Firewall Delete Alert template: Deploy-ActivityLog-AzureFirewall-Del.json type: Policy tags: - alz properties: scope: Resource policyScope: managementGroup documented: false alertName: ActivityAzureFirewallDelete enabled: true guid: 0b0c11e3-3598-4b2f-8cd8-77a24806bb9d - name: FirewallHealth description: Indicates the overall health of this firewall type: Metric verified: false visible: true tags: - alz properties: metricName: FirewallHealth metricNamespace: Microsoft.Network/azureFirewalls severity: 0 windowSize: PT5M evaluationFrequency: PT1M timeAggregation: Average operator: LessThan threshold: 90 criterionType: StaticThresholdCriterion autoMitigate: false enabled: true references: - name: Overview of Azure Firewall logs and metrics url: https://docs.microsoft.com/en-us/azure/firewall/logs-and-metrics#metrics deployments: - name: Deploy AFW FirewallHealth Alert template: Deploy-AFW-FirewallHealth-Alert.json type: Policy tags: - alz properties: scope: Resource multiResource: false guid: 0ff72493-3822-4315-a146-8977a0963e39 - name: SNATPortUtilization description: Percentage of outbound SNAT ports currently in use type: Metric verified: false visible: true tags: - alz properties: metricName: SNATPortUtilization metricNamespace: Microsoft.Network/azureFirewalls severity: 1 windowSize: PT5M evaluationFrequency: PT1M timeAggregation: Average operator: GreaterThan threshold: 80 criterionType: StaticThresholdCriterion autoMitigate: false enabled: true references: - name: Overview of Azure Firewall logs and metrics url: https://docs.microsoft.com/en-us/azure/firewall/logs-and-metrics#metrics deployments: - name: Deploy AFW SNATPortUtilization Alert template: Deploy-AFW-SNATPortUtilization-Alert.json type: Policy tags: - alz properties: scope: Resource multiResource: false guid: b23f1e82-a791-4610-aaa6-2d960b48b81d - name: Throughput description: Throughput processed by this firewall type: Metric verified: false visible: true tags: - auto-generated - agc-446 properties: metricName: Throughput metricNamespace: Microsoft.Network/azureFirewalls severity: 2 windowSize: PT5M evaluationFrequency: PT1M timeAggregation: Average operator: GreaterThan criterionType: StaticThresholdCriterion threshold: 27000000000.0 enabled: true guid: e8fdab4c-cc9a-4729-8619-a0f468f4dfdc