Azure Network Watcher
Azure Network Watcher provides tools to monitor, diagnose, view metrics, and enable or disable logs for resources in an Azure virtual network. It also allows to log information about IP traffic flowing through a network security group: NSG flow logs.
The following table lists the data source offered by this integration.
||every packets passing through the Network Security Group are logged|
||Azure Network Watcher NSG Flow Logs are Netflow-like|
||packets logged by NSG Flow Logs|
||traffic analysis at levels 2/3/4|
Please contact us to discuss about the network security group to monitor in your Azure infrastructure in order to find the appropriate solution to forward your logs to SEKOIA.IO.
This setup guide will show you a method to enable and give us access to NSG flow logs produced by Azure Network Watcher service to SEKOIA.IO.
Enable NSG flow logs
The following instructions are provided for the Azure web portal (https://portal.azure.com).
As a prerequisite you need at least one virtual machine with a network security group, to enable Network Watcher and to register the Microsoft.Insights provider.
Navigate to the Network Watcher service, and select
NSG flow logs under
LOGS. From the list of NSGs, select your VM(s), and under
Flow logs settings, select
On to enable the NSG flow logs. Please, select the Version 2 NSG flow log format sample which is integrated to the Operations Center.
These instructions are illustrated and more detailled here.
Share access to logs
This part should be discussed with SEKOIA.IO people to find an appropriate solution to forward your flow logs to SEKOIA.IO.
A possible solution consists to share us: - An access key for the Azure Blob Storage - A storage token associated with the resources to share - The name of the container where the NSG flow logs are stored
From this information, we will be able to retrieve each PT1h.json blob which contains the flow logs.