Forum Discussion
Solved
Network Security Group - Flow Logs to Microsoft Sentinel
Hello everyone,
is there a way to have the NSG Flow logs logged in Microsoft Sentinel?
The tables "NetworkSecurityGroupEvent and NetworkSecurityGroupRuleCounter" are not sufficient for a customer.
Thanks.
Greetings,
Phil
- Have you enabled https://docs.microsoft.com/en-gb/azure/network-watcher/traffic-analytics ?
https://docs.microsoft.com/en-us/azure/network-watcher/traffic-analytics-schema - source and destination are in the schema for AzureNetworkAnalytics_CL
5 Replies
Phil123 Those are the only tables that get populated. Can you say what it is your customer is looking for?
- Thanks for your answer.
The customer does not have enough information about the network security groups.
He would like to have a detailed log file.
Is there any way to do this?- I just had contact with the customer again.
It is about, for example, seeing the source and destination IP. Likewise the port with which something is tried, for example.
In the NSG standard logs, only the rules are logged and thus communicated whether they took effect or not.
