Query all Azure WAF rules using Azure Resource Graph Explorer

Question

I am currently tasked with reviewing all the WAF rules within our Azure tenant - specifically, I need to review the Custom Rules.

In this journey, I've discovered the Azure Resource Graph Explorer, which I haven't used before. I'm know my KQL well enough, but can't quite figure out how to query the WAF custom rules.

So far, I can get a list of all the WAF policies using the below:

resources
| where type == "microsoft.network/applicationgatewaywebapplicationfirewallpolicies

But what I need is to query this table below "Application Gateway WAF Policies" which at first glance indicates to me it will contain a list of the WAF Custom Rules.

However, when I try to query that table like below, I get 0 results:

resources
| where type == "microsoft.network/applicationgatewaywebapplicationfirewallpolicies/customrules"

I assume I am just misunderstanding how to use Azure Resource Graph Explorer, but any advice would be greatly appreciated.

Answer 1

Query all Azure WAF rules using Azure Resource Graph Explorer

Here is the Resource Graph query to check multiple custom rules in different Web Application Firewall policies.

resources
| where type == "microsoft.network/applicationgatewaywebapplicationfirewallpolicies"
| extend customRules = properties.customRules
| mv-expand customRules  
| project 
    PolicyName = name,                     
    RuleName = customRules.name,            
    Priority = customRules.priority,        
    Action = customRules.action,            
    MatchConditions = customRules.matchConditions 

Output:

After running the query, it displayed all the custom rules name and action along with the WAF name.