Azure Network Watcher provides you the ability to monitor, diagnose, and gain insights into your network in Azure.
Among its suite of capabilities, Network Watcher offers the ability to log network traffic through Network Security Group (NSG) Flow Logging. When NSG Flow Logging is enabled, you gain access to Network flow-level data that has endless applications in security, compliance, and traffic monitoring use cases. Deeper analysis of this NSG flow data is available in Network Watcher using Traffic Analytics, which is currently in preview.
Since Azure Network Watcher’s inception, we have continuously partnered with leaders in the SIEM and Log Management industry to provide a rich ecosystem of tools that seamlessly integrate and understand your network in Azure. I would like to highlight two of the most recent partners, offering customers additional choice and value through integration with Azure. On top of our growing ecosystem, we have now enabled the option to send NSG Flow Log data across subscriptions which greatly enhances log management in larger environments.
McAfee Cloud Workload Security integration
Recently, McAfee announced the general availability of the Cloud Workload Security (CWS) Platform in Azure including integration with Network Watcher. CWS automates the discovery and defense of elastic workloads and containers, eliminating blind spots, delivering advanced threat defense, and simplifying cloud management. McAfee CWS now leverages Network Watcher NSG Flow Logging data to provide comprehensive insights to your network traffic and management of security group configuration across your Azure subscriptions.
More about this integration and McAfee CWS can be found here.
Integration with RedLock
On April 17th RedLock announced support for Network Watcher through their Cloud 360 Platform. The Cloud 360 Platform provides visibility across a customer’s entire environment and leverages Azure API’s to help ensure that their enterprise is compliant and secure.
More about the RedLock and the integration can be found here.
NSG Flow Logging Data Across Subscriptions
Previously NSG Flow Logs could only be sent to storage accounts located in the same region and subscription as the NSG. We heard from customers running centralized monitoring teams managing multiple subscriptions, that consolidation of logs into as few storage accounts as possible was a one of the most desired features requested for the future roadmap of Network Watcher, so we made it happen! Now, you can configure NSG Flow Logs to be sent to a storage account located in a different subscription, provided you have the appropriate privileges, and that the storage account is located in the same region as the NSG. The NSG and the destination storage account must also share the same Azure Active Directory Tenant.
More information about Network Watcher can be found here.
If you have feedback on the Network Watcher service or would like to partner with us, please reach out to us at AzureNetworkWatcher@microsoft.com