nicolgit
diff --git a/‎INSTALL.md
Lines changed: 34 additions & 25 deletions b/‎INSTALL.md
Lines changed: 34 additions & 25 deletions
diff --git a/‎README.md
Lines changed: 18 additions & 18 deletions b/‎README.md
Lines changed: 18 additions & 18 deletions
@@ -1,26 +1,27 @@
 # Install az-firewall-mon in your environment
 
-az-firewall-mon once installed in your environment will result in the following architecture:
+When installed in your environment, `az-firewall-mon` will deploy the following resources:
 
-![architecture](./images/architecture.png)
+![architecture](./images/deployment.png)
 
-The steps to follow to install a private copy of az-firewall-mon in your environment are:
+Follow these steps to install a private copy of `az-firewall-mon` in your environment:
 
 * Fork the GitHub repository
 * Create a GitHub Personal Access Token (PAT)
 * Create all Azure resources
 * Configure the GitHub Action to deploy both the SPA and the backend API
-* Environment variables
-
+* Review Environment variables
+* Limit access
+  
 # Fork the GitHub repository
 
-The first thing to do is clone the az-firewall-mon repository. This will also allow you to pull down and build the latest changes and updates from the original repo while having the stability of maintaining your own personal copy.
+The first step is to fork the `az-firewall-mon` repository. This allows you to pull down and build the latest changes and updates from the original repository while maintaining your own personal copy.
 
-* Navigate to: <https://github.com/nicolgit/azure-firewall-mon>.
-* Click Fork > create a new fork (top right of the repository)
-* Click [Create fork]
+* Navigate to: <https://github.com/nicolgit/azure-firewall-mon>
+* Click **Fork** > **Create a new fork** (top right of the repository)
+* Click **Create fork**
 
-> You have now a fork of the 'az-firewall-mon' repository; when a new update comes out - you can also select 'Sync fork' - to keep your fork up-to-date and trigger a new build.
+> You now have a fork of the `az-firewall-mon` repository. When a new update is available, you can select **Sync fork** to keep your fork up-to-date and trigger a new build.
 
 # Create a GitHub Personal Access Token (PAT)
 
@@ -36,44 +37,52 @@ The first thing to do is clone the az-firewall-mon repository. This will also al
 8. **Copy your token** (you won't be able to see it again)
 
 # Create all Azure resources
-An instance of `az-firewall-mon` is composed of:
+An instance of `az-firewall-mon` consists of:
 * 1 Azure Static Web App (standard plan)
 * 1 Azure Maps account
 * 1 Azure OpenAI account
 * 1 Application Insights instance
 
-All these resources can be deployed to your subscription by clicking the button below:
+You can deploy all these resources to your subscription by clicking the button below:
 
 [![Deploy to Azure](https://aka.ms/deploytoazurebutton)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2Fnicolgit%2Fazure-firewall-mon%2Fmain%2Fbicep%2Fsetup.json)
 
-Remember to fill in the following parameters:
+When deploying, fill in the following parameters:
    - `staticWebAppName`: Name for your static web app
    - `repositoryUrl`: Your GitHub repository URL (e.g., `https://github.com/username/azure-firewall-mon`)
-   - `repositoryToken`: Your GitHub PAT created in the above paragraph
-   - `branch`: Your main branch ('main')
+   - `repositoryToken`: Your GitHub PAT created in the previous step
+   - `branch`: Your main branch (typically 'main')
 
-This will create an action in your repository that will build and deploy the solution to Azure.
+This will create also an action in your repository that builds and deploys the solution to Azure.
 
-Go to <https://github.com/YOURGITHUBACCOUNT/azure-firewall-mon/actions> to see the deployment status. When deployment is complete, go to Azure Portal > Static Web Apps > View app in browser
+Go to `https://github.com/YOUR-GITHUB-ACCOUNT/azure-firewall-mon/actions` to see the deployment status. When deployment is complete, navigate to Azure Portal > Static Web Apps > View app in browser
 
-# Environment variables 
+# Review environment variables 
 
-az-firewall-mon requires a few environment variables to work. These variables are configured automatically by the deployment. Here's the reference in case you want to change any:
+`az-firewall-mon` requires several environment variables to function properly. These variables are configured automatically during deployment. Here's a reference in case you need to change any:
 
- APPLICATIONINSIGHTS_CONNECTION_STRING: Application Insights connection string 
+* **APPLICATIONINSIGHTS_CONNECTION_STRING**: Application Insights connection string 
 
-Azure Maps settings
+Azure Maps settings:
 * **ip_api_key**: Azure Maps API key
 * **ip_throttling_calls**: '1'
 * **ip_throttling_window_milliseconds**: '1000'
 
-IP API will return a 429 status code if you make more than 1 call to IP API per second (1000 milliseconds)
+With these settings IP API will return a `429` status code if you make more than 1 call to IP API per second (1000 milliseconds)
 
-Azure OpenAI settings
+Azure OpenAI settings:
 * **aoai_api_key**: Azure OpenAI key
 * **aoai_endpoint**: Azure OpenAI endpoint
 * **aoai_deployment**: Azure OpenAI deployment name
-
 * **llm_throttling_calls**: '5'
 * **llm_throttling_window_milliseconds**: '60000'
-Chat API will return a 429 status code if you make more than 5 calls per minute (60000 milliseconds)
+
+With these settings Chat API will return a `429` status code if you make more than 5 calls per minute (60000 milliseconds)
+
+# Limit access
+After setup is complete, anyone with a valid Microsoft account can access your copy of `az-firewall-mon`. If you want to restrict access, you have several options:
+
+* [Static Web App Private Endpoint](https://learn.microsoft.com/en-us/azure/static-web-apps/private-endpoint): Expose `az-firewall-mon` on a private IP in your virtual network connected via site-to-site VPN or ExpressRoute to your intranet. This makes the tool available only to your company's employees.
+
+* [Static Web App Authorization](https://learn.microsoft.com/en-us/azure/static-web-apps/authentication-authorization): Since `az-firewall-mon` is a Microsoft account-authenticated app, you can configure a list of emails authorized to access it. The file to update, `staticwebapp.config.json`, is located in [./firewall-mon-app/src/assets](./firewall-mon-app/src/assets/staticwebapp.config.json).
+
@@ -4,7 +4,7 @@
 <h1 align="center">az-firewall-mon🧑‍🚒</h1>
 
 <div align="center">
-  an <i>alternative and opinionable</i> way to access and inspect Azure Firewall logs
+  an <i>alternative and opinionated</i> way to access and inspect Azure Firewall logs
 </div>
 
 <br/>
@@ -21,9 +21,9 @@
 
 ![azure-firewall-mon-app](images/firewall-mon-app.png)
 
-We all know that Microsoft's recommended approach for analysing Azure Firewall logs is to set up a Log Analytics Workspace to collect all the data and use Kusto (KQL) queries to check the results. 
+We all know that Microsoft's recommended approach for analyzing Azure Firewall logs is to set up a Log Analytics Workspace to collect all the data and use Kusto Query Language (KQL) queries to check the results. 
 
-Azure-Firewall-mon focuses more on providing a tool that can answer the simple question "_what is happening right now?_" in an alternative and hopefully practical way: the idea is to provide an approach much more like [Sysinternals Process Monitor](https://learn.microsoft.com/en-us/sysinternals/downloads/procmon) or [Check Point's SmartView/SmartLog](https://sc1.checkpoint.com/documents/R80.40/WebAdminGuides/EN/CP_R80.40_LoggingAndMonitoring_AdminGuide/Topics-LMG/Using-log-view.htm?tocpath=Logging%7C_____2), where there is no KUSTO queries or dashboards that you need to implement first to get working. Still, all events are available as a _log-stream_.
+Azure-Firewall-mon focuses more on providing a tool that can answer the simple question "_what is happening right now?_" in an alternative and practical way. The idea is to provide an approach similar to [Sysinternals Process Monitor](https://learn.microsoft.com/en-us/sysinternals/downloads/procmon) or [Check Point's SmartView/SmartLog](https://sc1.checkpoint.com/documents/R80.40/WebAdminGuides/EN/CP_R80.40_LoggingAndMonitoring_AdminGuide/Topics-LMG/Using-log-view.htm?tocpath=Logging%7C_____2), where you don't need to implement KQL queries or dashboards first to get it working. All events are available as a _log-stream_.
 
 The real strength of the tool is the search field available in the top toolbar. To search for an event, simply start typing and the log flow will be automatically filtered according to those parameters.
 
@@ -33,7 +33,7 @@ The timestamp field displays the event date in UTC or local format. You can filt
 
 ![text filter](images/02-time-filtering.png)
 
-Within this tool, only events from the last 24 hours will appear because this is the duration set on the Event Hub Namespace. A longer duration would slow down the tool and not help answer the question "_what is happening right now_" that az-firewall-mon aims to address.
+Within this tool, only events from the last 24 hours will appear because this is the duration set on the Event Hub Namespace. A longer duration would slow down the tool and not help answer the question "_what is happening right now?_" that az-firewall-mon aims to address.
 
 As an alternative to full-text search, you can use the **chatGPT mode**: in the top search field, you can enter a request in natural language, and the system will filter the content accordingly.
 
@@ -51,20 +51,20 @@ Some examples of queries are as follows:
 ![chatgpt](images/03-chatgpt.gif)
 
 # Set up a connection with your Azure Firewall
-Azure-Firewall-mon is an open source, [Single Page Application](https://en.wikipedia.org/wiki/Single-page_application), written in [Angular](https://angular.io/) with an [Azure function](https://learn.microsoft.com/en-us/azure/azure-functions/functions-overview) backend written in C# .NET. 
+Azure-Firewall-mon is an open-source [Single Page Application](https://en.wikipedia.org/wiki/Single-page_application) written in [Angular](https://angular.io/) with an [Azure Functions](https://learn.microsoft.com/en-us/azure/azure-functions/functions-overview) backend written in C# .NET. 
 
 Here's the current architecture:
 
 ![architecture](./images/architecture.png)
 
-To use this app with **YOUR FIREWALL data** you have 2 options:
+To use this app with **YOUR FIREWALL data**, you have 2 options:
 
-1. Use Azure Firewall mon sample deployment available at <https://az-firewall-mon.duckiesfarm.com> 
+1. Use the Azure Firewall mon sample deployment available at <https://az-firewall-mon.duckiesfarm.com> 
 2. Deploy Azure Firewall mon in your environment
 
-The recommended option is number 2, because this way you are 100% sure your logs are not going outside your environment. I suggest you use the public deployment only for testing purposes.
+The recommended option is number 2, as this way you can be 100% sure your logs are not going outside your environment. I suggest using the public deployment only for testing purposes.
 
-> <https://az-firewall-mon.duckiesfarm.com> uses resources of my subscription (Azure Maps API, Azure OpenAI, Azure Static Web App Standard). These resources have a cost, so consider that I am limiting their cost as much as possible. The result is that the tool can be quite slow. In your deployment, you can dedicate more resources and also have better performance. 
+> <https://az-firewall-mon.duckiesfarm.com> uses resources from my subscription (Azure Maps API, Azure OpenAI, Azure Static Web App Standard). These resources have a cost, so I am limiting their usage as much as possible. As a result, the tool may be quite slow. In your own deployment, you can dedicate more resources and achieve better performance.
 
 # Use az-firewall-mon sample deployment
 To use this version with your data, you must perform the following steps on your Azure Subscription:
@@ -78,11 +78,11 @@ To use this version with your data, you must perform the following steps on your
     - Select the Event Hub Namespace and Hub created above
     - click `SAVE`
 
-If you are a lazy engineer, like me, you can perform all these steps by clicking the following button😊
+If you are a lazy engineer, like me, you can perform all these steps by clicking the following button 😊
 
 [![Deploy to Azure](https://aka.ms/deploytoazurebutton)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2Fnicolgit%2Fazure-firewall-mon%2Fmain%2Fbicep%2Ffirewall-mon-azure-stuff.json)
 
-Open the Azure Firewall instance you want to monitor from Azure portal, go to Monitoring > Diagnostic Settings > Add Diagnostic Settings:
+Open the Azure Firewall instance you want to monitor from the Azure portal, go to Monitoring > Diagnostic Settings > Add Diagnostic Settings:
 
 * Select all logs and "Stream to Event Hub"
 * Select the Event Hub Namespace and Hub created above
@@ -96,27 +96,27 @@ Now, open <https://az-firewall-mon.duckiesfarm.com/> and do the following:
 
 # Install az-firewall-mon in your environment
 
-To install az-firewall-mon in your environment, follow [this guide](INSTALL.md). Once the instance is ready and working, you can go back and follow instructions in the [Use az-firewall-mon sample deployment](#use-az-firewall-mon-sample-deployment) section. Just change the URL with the one of your deployment.
+To install az-firewall-mon in your environment, follow [this guide](INSTALL.md). Once the instance is ready and working, you can go back and follow the instructions in the [Use az-firewall-mon sample deployment](#use-az-firewall-mon-sample-deployment) section. Just replace the URL with the one from your deployment.
 
 # More Information
 
-[Azure Firewall](https://learn.microsoft.com/en-us/azure/firewall/overview) (AF) is a cloud-native and intelligent network firewall security service that provides the best of breed threat protection for your cloud workloads running in Azure. It's a fully stateful, firewall as a service with built-in high availability and unrestricted cloud scalability. It provides both east-west and north-south traffic inspection.
+[Azure Firewall](https://learn.microsoft.com/en-us/azure/firewall/overview) (AF) is a cloud-native and intelligent network firewall security service that provides best-of-breed threat protection for your cloud workloads running in Azure. It's a fully stateful, firewall-as-a-service with built-in high availability and unrestricted cloud scalability. It provides both east-west and north-south traffic inspection.
 
 [Azure Monitor](https://learn.microsoft.com/en-us/azure/azure-monitor/overview) helps you maximize the availability and performance of your applications and services. It delivers a comprehensive solution for collecting, analyzing, and acting on telemetry from your cloud and on-premises environments. 
 
-AF (Azure-Firewall-Mon) is integrated with Azure Monitor. This means you can forward AF metrics and logs to:
+Azure Firewall is integrated with Azure Monitor. This means you can forward Azure Firewall metrics and logs to:
 
 * Log Analytics Workspace
 * Azure Storage
-* Event hub
+* Event Hub
 
 A [Log Analytics workspace](https://docs.microsoft.com/en-us/azure/azure-monitor/logs/log-analytics-workspace-overview) is a unique environment for log data from Azure Monitor and other Azure services. Each workspace has its own data repository and configuration but might combine data from multiple services.
 
-Be mindful, that the ingest of logs into a Log Analytics workspace has some Latency, so you may see a delay with the logs displaying.
+Be mindful that the ingestion of logs into a Log Analytics workspace has some latency, so you may see a delay before logs are displayed.
 
-Latency refers to the time that data is created on the monitored system and the time that it comes available for analysis in Azure Monitor. 
+Latency refers to the time between when data is created on the monitored system and when it becomes available for analysis in Azure Monitor.
 
-The [Kusto](https://learn.microsoft.com/en-us/azure/data-explorer/kusto/query/) Query Language is a  tool to explore your data in a Log Analytics Workspace. The query uses schema entities that are organized in a hierarchy similar to SQL's: databases, tables, and columns.
+The [Kusto Query Language](https://learn.microsoft.com/en-us/azure/data-explorer/kusto/query/) (KQL) is a tool to explore your data in a Log Analytics Workspace. The query uses schema entities that are organized in a hierarchy similar to SQL's: databases, tables, and columns.
 
 # UIs and tools that inspired Az-Firewall-mon