Overview
Table name: azure_nsg_flow_logs
Azure NSG Flow Logs are logs that provide information about network traffic to and from resources in an Azure virtual network and can be used for security, troubleshooting, and compliance purposes.
Send data to Hunters
Follow this guide to route NSG Flow Logs from Azure to Hunters using Azure Block Storage.
Expected format
Logs are expected to arrive in Azure NSG-JSON format.
{"records": [{"time": "2020-04-22T09:00:02.7822187Z", "systemId": "400f249e-a8fc-4903-8d90-5f61c7cd006a", "macAddress": "000D3A0F3A64", "category": "NetworkSecurityGroupFlowEvent", "resourceId": "/SUBSCRIPTIONS/728F502E-AF9E-4EB4-A4B6-8F2B7ECE4D81/RESOURCEGROUPS/HQ-COMMON-RG/PROVIDERS/MICROSOFT.NETWORK/NETWORKSECURITYGROUPS/HQ-ALLOW-ALL-SECURITY-GROUP", "operationName": "NetworkSecurityGroupFlowEvents", "properties": {"Version": 2, "flows": [{"rule": "UserRule_allow-all-outbound", "flows": [{"mac": "000D3A0F3A64", "flowTuples": ["1587545941,10.0.1.1,2.3.4.19,37038,443,T,O,A,E,8,1445,13,13951", "1587545941,10.0.1.12,1.2.3.4,32850,443,T,O,A,E,8,1528,10,10057"]}]}]}}]}