Network security group (NSG) flow logs are a feature of Network Watcher that allows you to view information about ingress and egress IP traffic through an NSG. Flow logs show outbound and inbound flows on a per rule basis, and contain information regarding the network interface (NIC) the flow applies to, 5-tuple information about the flow (Source/destination IP, source/destination port, and protocol), and if the traffic was allowed or denied. Flow logs are stored within an Azure storage account and using an Azure Function, are converted to CEF format and sent via syslog to ArcSight.
Suggested for you are based on app category, product compatibility, popularity, rating and newness. Some apps may not show based on entitlements. Learn more about entitlements.
This guide provides information for configuring the Microsoft Azure NSG Flow log integration for ArcSight ESM. This integration is supported on ESM versions 188.8.131.523 and later for NSG Flow Logs version 1.0.
Related content and resources
Please upgrade to one of the following broswers: Internet Explorer 11 (or greater) or the latest version of Chrome or Firefox