Microsoft Azure Firewall

The IBM QRadar DSM for Microsoft Azure Firewall parses events from the Microsoft Azure Firewall log.

The Microsoft Azure Firewall DSM collects events that occur in the Firewall of Azure, such as Azure Network Rule, Azure Application Rule, etc. For a list of supported event types,, see Microsoft Azure Firewall DSM specifications.

To integrate Microsoft Azure Firewall with QRadar, complete the following steps:
  1. If automatic updates are not enabled, RPMs are available for download from the IBM® support website. Download and install the most recent version of the following RPMs on your QRadar® Console.
    • Microsoft Azure Event Hubs Protocol RPM (In case setting for Event Hubs)
    • Microsoft Azure Firewall DSM RPM
  2. Configure the Microsoft Azure Firewall Logs to send events to a Microsoft Azure Event Hub. For more information see, Deploy and configure Azure Firewall using the Azure portal.
  3. Configure QRadar to collect events from Microsoft Azure Event Hubs by using the Microsoft Azure Event Hubs protocol. For more information about the protocol, see Microsoft Azure log source parameters for Microsoft Azure Event Hubs.