What is the best way to capture packet level data from Azure?

Houston Hutchison 21 Reputation points
2022-06-07T18:25:46.523+00:00

Hello Everybody,

We are currently leverage an IDS tool for an additional layer of security. One challenge that we are encountering is determining the best way to get packet level information from the Azure environment to the IDS appliance? The appliance will have to ingest packet level data and not log level data. Does Azure have any type of agent or application which will allow us to capture the packet level data and configure it to be sent to a Log Collector/IDS Appliance?

We are current dealing with on premise hardware, where we are configuring a SPAN/Mirrored port on the switch and connecting said port to the IDS appliance.

Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,140 questions
Azure Network Watcher
Azure Network Watcher
An Azure service that is used to monitor, diagnose, and gain insights into network performance and health.
157 questions
0 comments
Accepted answer
  1. msrini-MSFT 9,256 Reputation points Microsoft Employee
    2022-06-08T08:25:46.997+00:00

    Hi @Houston Hutchison ,

    You can use a Azure Networking VNET product named Virtual Network Tap to achieve your ask of tapping the packet level traffic and mirror it to your IDS appliance.

    Reference: https://learn.microsoft.com/en-us/azure/virtual-network/virtual-network-tap-overview

    Regards,
    Karthik Srinivas

    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest