See all internet based traffic leaving azure natively - report

Question

Hi,

Does anyone know if it is possible or what type of report we can generate that will essentially show all internet-based traffic leaving Azure natively (not via the FortiGate FW’s etc.) - KQL?

Thank you in advance!

Answer 1

@Jason Crawford

Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.

Getting a report on "all internet-based traffic leaving Azure" is a pretty wide topic.

When you say "Azure", do you mean all the PaaS and IaaS services?

• This case will not be feasible with a single report
• For PaaS services, every PaaS service will have it's own individual logs which you have to refer to check the traffic to Internet.

However, for IaaS VMs, we can use something called Traffic Analytics.

• This requires you enable NSG Flow Logs.
• This would include VMs, VMSSs, Traffic distribution per Application gateway & Load Balancer

Now the scenarios that applies to you are,

• View ports and virtual machines receiving traffic from the internet
  • Which open ports are conversing over the internet?
    • Do you have malicious traffic in your environment? Where is it originating from? Where is it destined to?
• View information about public IPs' interacting with your deployment
  • Which public IPs' are conversing with my network? What is the WHOIS data and geographic location of all public IPs'?
    • Which malicious IPs' are sending traffic to my deployments? What is the threat type and threat description for malicious IPs'?

A complete list of use cases can be found here : Usage scenarios of Azure Network Watcher traffic analytics

Kindly let us know if this helps or you need further assistance on this issue.

Thanks,

Kapil