Skip to content

Azure Front Door

Azure Front Door

About

Azure Front Door is Microsoft’s modern cloud Content Delivery Network (CDN) that provides fast, reliable, and secure access between your users and your applications’ static and dynamic web content across the globe. Azure Front Door delivers your content using Microsoft’s global edge network with hundreds of global and local points of presence (PoPs) distributed around the world close to both your enterprise and consumer end users.

Product Details

Vendor URL: Azure Front Door

Product Type: CDN

Product Tier: Tier III

Integration Method: API

Log Guide: Metrics and Logs in Azure Front Door

Parser Details

Log Format: JSON

Expected Normalization Rate: 100%

Data Label: AZURE_FRONT_DOOR

UDM Fields (list of all UDM fields leveraged in the Parser):

Log File Field UDM Field
average security_result.detection_fields
category metadata.description
count security_result.detection_fields
maximum security_result.detection_fields
metricName metadata.product_event_type
minimum security_result.detection_fields
operationName metadata.product_event_type
properties.clientCountry principal.location.country_or_region
properties.clientIp principal.ip
properties.clientPort principal.port
properties.connectionLatencyMilliseconds security_result.detection_fields
properties.details.matches security_result.detection_fields
properties.details.msg security_result.summary
properties.DNSLatencyMicroseconds security_result.detection_fields
properties.domain target.domain.name
properties.endpoint intermediary.hostname
properties.ErrorInfo security_result.action_details
properties.healthProbeId metadata.product_log_id
properties.host target.hostname
properties.httpMethod network.http.method
properties.httpStatusCode network.http.response_code
properties.httpVerb network.http.method
properties.originIP target.ip
properties.originName target.hostname
properties.originUrl target.url
properties.policy security_result.rule_labels
properties.policyMode security_result.rule_labels
properties.pop intermediary.resource.name
properties.probeUrl target.url
properties.referer network.http.referral_url
properties.requestBytes network.sent_bytes
properties.requestProtocol network.application_protocol
properties.requestUri principal.url
properties.responseBytes network.received_bytes
properties.result security_result.action_details
properties.routingRuleName security_result.rule_name
properties.ruleName security_result.rule_name
properties.rulesEngineMatchNames security_result.rule_labels
properties.securityCipher network.tls.cipher
properties.securityCurves network.tls.curve
properties.securityProtocol network.tls.version_protocol
properties.socketIp intermediary.asset.ip
properties.socketIp principal.asset.ip
properties.totalLatencyMilliseconds security_result.detection_fields
properties.trackingReference metadata.product_log_id
properties.userAgent network.http.user_agent
resourceId target.resource.id
timeGrain additional.fields
total security_result.detection_fields

Product Event Types

Event UDM Event Classification
Metrics GENERIC_EVENT
AccessLog, WebApplicationFirewallLog, FrontDoorHealthProbeLog NETWORK_HTTP

Log Sample

{"category":"FrontDoorAccessLog","operationName":"Microsoft.Cdn/Profiles/AccessLog/Write","properties":{"ErrorInfo":"NoError","cacheStatus":"CONFIG_NOCACHE","clientCountry":"United States","clientIp":"10.237.151.183","clientPort":"52505","domain":"api.example.org:443","endpoint":"api-abcdefg1234567.z01.azurefd.net","errorInfo":"NoError","hostName":"api.example.org","httpMethod":"POST","httpStatusCode":"200","httpStatusDetails":"200","httpVersion":"1.1.0.0","originCryptProtocol":"TLSv1.2","originIp":"10.100.46.72:443","originName":"apim-devtest.example.org:443","originUrl":"https://apim-devtest.example.org:443/qa/origins/ExecuteData","pop":"SJC","referer":"","requestBytes":"1760","requestProtocol":"HTTPS","requestUri":"https://api.example.org:443/qa/origins/ExecuteData","responseBytes":"1292","result":"N/A","routingRuleName":"api-devtest-dev-001","rulesEngineMatchNames":[],"securityCipher":"ECDHE-RSA-AES256-GCM-SHA384","securityCurves":"N/A","securityProtocol":"TLS 1.2","sni":"api.example.org","socketIp":"10.237.151.183","timeTaken":"0.051","timeToFirstByte":"0.051","trackingReference":"20241030T150528Z-17d9cd8886fwjz26df2syzv23c00000008r000000000pc9c","userAgent":""},"resourceId":"/SUBSCRIPTIONS/91743078-D0FC-4AAE-98BD-D57DA1AE7F19/RESOURCEGROUPS/RG-CNCT-CORE-WEST/PROVIDERS/MICROSOFT.CDN/PROFILES/AFD-CNCT-WEST-001","time":"2024-10-30T15:05:28.0000000Z"}

Sample Parsing

intermediary.hostname = "api-abcdefg1234567.z01.azurefd.net"
metadata.description = "FrontDoorAccessLog"
metadata.event_type = "NETWORK_HTTP"
metadata.log_type = "AZURE_FRONT_DOOR"
metadata.product_event_type = "Microsoft.Cdn/Profiles/AccessLog/Write"
metadata.product_log_id = "20241030T150528Z-17d9cd8886fwjz26df2syzv23c00000008r000000000pc9c"
metadata.product_name = "Azure Front Door"
metadata.vendor_name = "Microsoft"
network.application_protocol = "HTTPS"
network.http.method = "POST"
network.http.response_code = 200
network.received_bytes = 1292
network.sent_bytes = 1760
network.tls.cipher = "ECDHE-RSA-AES256-GCM-SHA384"
network.tls.version_protocol = "TLS 1.2"
principal.asset.ip = "10.237.151.183"
principal.ip = "10.237.151.183"
principal.location.country_or_region = "United States"
principal.port = 52505
principal.url = "https://api.example.org:443/qa/origins/ExecuteData"
security_result.action_details = "NoError"
security_result.action = "ALLOW"
security_result.rule_name = "api-devtest-dev-001"
target.administrative_domain = "example.org:443"
target.domain.name = "example.org:443"
target.hostname = "apim-devtest.example.org:443"
target.ip = "10.100.46.72"
target.resource.id = "/SUBSCRIPTIONS/91743078-D0FC-4AAE-98BD-D57DA1AE7F19/RESOURCEGROUPS/RG-CNCT-CORE-WEST/PROVIDERS/MICROSOFT.CDN/PROFILES/AFD-CNCT-WEST-001"
target.url = "https://apim-devtest.example.org:443/qa/origins/ExecuteData"