Network Security Groups connector for Microsoft Sentinel
Azure network security groups (NSG) allow you to filter network traffic to and from Azure resources in an Azure virtual network. A network security group includes rules that allow or deny traffic to a virtual network subnet, network interface, or both.
When you enable logging for an NSG, you can gather the following types of resource log information:
- Event: Entries are logged for which NSG rules are applied to VMs, based on MAC address.
- Rule counter: Contains entries for how many times each NSG rule is applied to deny or allow traffic. The status for these rules is collected every 300 seconds.
This connector lets you stream your NSG diagnostics logs into Microsoft Sentinel, allowing you to continuously monitor activity in all your instances. For more information, see the Microsoft Sentinel documentation.
Connector attributes
| Connector attribute | Description |
|---|---|
| Log Analytics table(s) | NetworkSecurityGroupEvent NetworkSecurityGroupRuleCounter |
| Data collection rules support | Not currently supported |
| Supported by | Microsoft Corporation |
Next steps
For more information, go to the related solution in the Azure Marketplace.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for