Nsg Log to Sentinel

Question

Hello,

Can any one provide me the exact process/Docs/link for how to enable Azure Firewall(NSG) to Sentinel.
Or how to see the (Azure Firewall) NSG logs in Sentinel.

Thanks
Rohit

Answer 1

Hi,

Something here might help:

Azure Sentinel: Collecting logs from Microsoft Services and Applications
https://techcommunity.microsoft.com/t5/azure-sentinel/azure-sentinel-collecting-logs-from-microsoft-services-and/ba-p/792669

Map data types with Azure Sentinel connection options
https://learn.microsoft.com/en-us/azure/sentinel/connect-data-sources#map-data-types-with-azure-sentinel-connection-options

Best regards,
Leon

Answer 2

Hi,

Enable NSG Flow logging if you want this part as well, be careful of the related storage cost
https://learn.microsoft.com/en-us/azure/network-watcher/traffic-analytics
https://learn.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-portal

Turn on Diagnostics logs on all NSG
Under MONITORING, select Diagnostics logs, and then select Turn on diagnostics.
https://learn.microsoft.com/en-us/azure/virtual-network/virtual-network-nsg-manage-log

Collect logs for sentinel following the paragraph "How can I collect from a supported Azure source?"
https://techcommunity.microsoft.com/t5/azure-sentinel/azure-sentinel-collecting-logs-from-microsoft-services-and/ba-p/792669

let me know if everything fine and mark this as answered in case it solve your issue please.
Thank you.
Ken