Azure Monitor for Networks provides a comprehensive view of health and metrics for all deployed network resources, without requiring any configuration. It also provides access to network monitoring capabilities like Connection Monitor, flow logging for network security groups (NSGs), and Traffic Analytics. And it provides other network diagnostic features.
Azure Monitor for Networks is structured around these key components of monitoring:
In this post lets see how to enable NSG flow logs and configure alerts and visualize the logs
Click on NSG flow logs as shown below,
Turn on the Status and select the storage account to save the logs
Optionally you can also enable the traffic analysis and forward the logs to log analytics workspace
Verify the NSG flow logs status after enabling
Now lets set an alert based on the malicious flow type, Create a new alert and select the scope
Select the condition and select custom log search as below,
In the below log search select any condition, In this post lets see how to set custom log search for malicious flow.
AzureNetworkAnalytics_CL | where FlowType_s contains "Maliciousflow"
If you want to know more details of the available field and usage please see Azure traffic analytics schema | Microsoft Docs
Select the Alert logic and thresholds
Add the desired action group
Enter the name of the alert and save, Remember to enable after saving
Now, you will receive an alert whenever you have a malicious flow detected!