Actions to take in response to the various monitor alerts?

Mihir Raj Singh 120 Reputation points
2024-04-01T03:54:04.5966667+00:00

Hi,

For Azure Firewall If we do have monitors to implement, what actions should we take in response to the various monitor alerts?

Azure Monitor
Azure Monitor
An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.
3,365 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Swathi Dhanwada 18,781 Reputation points Microsoft Employee
    2024-04-01T05:00:21.61+00:00

    @Mihir Raj Singh You can use Azure Firewall logs and metrics to monitor your traffic and operations within the firewall. These logs and metrics serve several essential purposes, including:

    Traffic Analysis: Use logs to examine and analyze the traffic passing through the firewall. This includes examining permitted and denied traffic, inspecting source and destination IP addresses, URLs, port numbers, protocols, and more. These insights are essential for understanding traffic patterns, identifying potential security threats, and troubleshooting connectivity issues.

    Performance and Health Metrics: Azure Firewall metrics provide performance and health metrics, such as data processed, throughput, rule hit count, and latency. Monitor these metrics to assess the overall health of your firewall, identify performance bottlenecks, and detect any anomalies.

    Audit Trail: Activity logs enable auditing of operations related to firewall resources, capturing actions like creating, updating, or deleting firewall rules and policies. Reviewing activity logs helps maintain a historical record of configuration changes and ensures compliance with security and auditing requirements.

    The action to be taken depends on the metric or logs you are monitoring. Is there specific metric you are looking for?

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.