Azure NSG Flow Logs

Prev Next

Overview

Table name: azure_nsg_flow_logs

Azure NSG Flow Logs are logs that provide information about network traffic to and from resources in an Azure virtual network and can be used for security, troubleshooting, and compliance purposes.

Send data to Hunters

Follow this guide to route NSG Flow Logs from Azure to Hunters using Azure Block Storage.

Expected format

Logs are expected to arrive in Azure NSG-JSON format.

{"records": [{"time": "2020-04-22T09:00:02.7822187Z", "systemId": "400f249e-a8fc-4903-8d90-5f61c7cd006a", "macAddress": "000D3A0F3A64", "category": "NetworkSecurityGroupFlowEvent", "resourceId": "/SUBSCRIPTIONS/728F502E-AF9E-4EB4-A4B6-8F2B7ECE4D81/RESOURCEGROUPS/HQ-COMMON-RG/PROVIDERS/MICROSOFT.NETWORK/NETWORKSECURITYGROUPS/HQ-ALLOW-ALL-SECURITY-GROUP", "operationName": "NetworkSecurityGroupFlowEvents", "properties": {"Version": 2, "flows": [{"rule": "UserRule_allow-all-outbound", "flows": [{"mac": "000D3A0F3A64", "flowTuples": ["1587545941,10.0.1.1,2.3.4.19,37038,443,T,O,A,E,8,1445,13,13951", "1587545941,10.0.1.12,1.2.3.4,32850,443,T,O,A,E,8,1528,10,10057"]}]}]}}]}