Azure Monitor for Networks provides a comprehensive view of health and metrics for all deployed network resources, without requiring any configuration. It also provides access to network monitoring capabilities like Connection Monitorflow logging for network security groups (NSGs), and Traffic Analytics. And it provides other network diagnostic features.

Azure Monitor for Networks is structured around these key components of monitoring:

In this post lets see how to enable NSG flow logs and configure alerts and visualize the logs

Click on NSG flow logs as shown below,

Turn on the Status and select the storage account to save the logs

Optionally you can also enable the traffic analysis and forward the logs to log analytics workspace

Verify the NSG flow logs status after enabling

Advertisements

Now lets set an alert based on the malicious flow type, Create a new alert and select the scope

Select the condition and select custom log search as below,

In the below log search select any condition, In this post lets see how to set custom log search for malicious flow.

AzureNetworkAnalytics_CL | where FlowType_s contains "Maliciousflow" 

If you want to know more details of the available field and usage please see Azure traffic analytics schema | Microsoft Docs

Select the Alert logic and thresholds

Add the desired action group

Enter the name of the alert and save, Remember to enable after saving

Now, you will receive an alert whenever you have a malicious flow detected!