Network Watcher

Azure Network Watcher Service

Azure Network Watcher is a comprehensive network monitoring, diagnostics, and analytics service designed to provide deep insights into your Azure network infrastructure. It helps in monitoring, diagnosing, and gaining operational insights about your network, ensuring it is secure, reliable, and performing optimally.

Capabilities

  1. Network Monitoring:

    • Topology: Visualize your network resources and their relationships.

    • Connection Monitor: Track the connectivity status between various network endpoints.

    • Metrics: Gather performance metrics for network interfaces, public IP addresses, and other network resources.

  2. Diagnostics:

    • Packet Capture: Capture and analyze network traffic in real-time for troubleshooting and threat analysis.

    • IP Flow Verify: Verify whether a packet is allowed or denied by Azure Network Security Groups (NSGs) and diagnose connectivity issues.

    • Next Hop: Determine the next hop in the network route for a specific VM.

    • Security Group View: View the effective security rules applied to a VM.

  3. Network Insights:

    • Network Performance Monitor: Monitor network performance, detect network anomalies, and identify the root cause of issues.

    • Connection Troubleshoot: Diagnose connection issues between VMs and endpoint services, both on-premises and in Azure.

    • Flow Logs: Collect, analyze, and store network flow logs for network security group rules, useful for identifying suspicious traffic patterns and potential threats.

Features

  • Integration with Azure Security Center: Enhanced security monitoring, providing security alerts and recommendations based on network activity.

  • Automated Diagnostics: Automated troubleshooting and recommendations for resolving network issues.

  • Customizable Alerts: Set up alerts for various network conditions, such as connectivity issues or traffic anomalies.

  • Scalability: Supports scaling to monitor large and complex network environments.

Use Cases for Threat Hunters

  • Anomaly Detection: Use packet capture and flow logs to detect unusual or malicious network traffic.

  • Incident Response: Leverage diagnostic tools to quickly pinpoint and resolve network issues during a security incident.

  • Security Policy Verification: Ensure network security groups and other policies are correctly configured and not inadvertently allowing unauthorized access.

  • Performance Monitoring: Identify performance bottlenecks that could be exploited by attackers.

Azure Network Watcher is a vital tool for threat hunters, providing the necessary capabilities to monitor, diagnose, and secure Azure network infrastructures effectively.

PreviousAzure Key Vault Logging OverviewNextRBAC Permissions

Last updated