Leverage Sumo Logic’s machine learning platform and search capabilities to monitor your Azure Network and NSG flow logs to provide real-time visibility and analysis of your network traffic.
Why Sumo Logic App for Azure Network Watcher?
Identify Denied Traffic Outliers
Detect outlier in denied traffic and geographic hotspots for inbound traffic with pre-built visual dashboards and configurable alerts.
Integrate analysis of Network Watcher with other Sumo Logic Apps for Azure Web Apps and Azure Audit for more contextual information.
Improve your Security
Improve your overall security posture through real-time analysis of your network traffic flows that will help to identify suspicious network traffic and deviations from normal behaviors.
What is Azure Network Watcher?
Azure Network Watcher is a network performance and diagnostic service which enables you to monitor your Azure Network. This service lets you collect “Network Security Group (NSG) Flow Logs”. NSG flows logs have 5-tuple information (source, destination, Traffic Flow, Traffic : Allowed/Denied) about ingress and egress IP traffic that are either blocked or allowed by the NSG, allowing you to troubleshoot traffic and security issues.
With this Sumo Logic app you can gain real-time visibility into your Azure Network and alert on key metrics to rapidly identify problems and security issues
Discover Outliers in Denied Traffic and Improve your overall Security Posture
With Sumo Logic’s interactive, customizable dashboards, get real-time visibility to information from the NSG flow logs, including drill-down into queries with NIC, tuple and traffic flow information. Detect outliers in denied traffic and geographic hotspots for inbound traffic. Filter data by rule name, source/destination IP and port, and other metadata fields.
Delve deep into traffic flows, and flow tuple information of your Azure Network. Monitor details, such as:
- Denied Traffic Flow by Source Location. See geographic hotspots of denied traffic flow.
- Top 10 Denied Source and Destination IP. View source and destination IP addresses with denied traffic flow.
- Denied Flow Traffic by Rule Name. View trends in denied traffic flow with rule name over last 24 hours.
- Top 10 Denied Source and Destination IP, Port. See source and destination IP addresses and ports with denied traffic flow.
- Denied Traffic per Hour – Outlier. Rapidly identify any unexpected sequence in denied traffic using Sumo Logic’s machine learning Outlier operator.
Other Sumo Apps
Sumo Logic Apps help you quickly gain visibility into your applications and infrastructure by providing preconfigured searches and dashboards for your most popular data sources.See the full list