Bindplane

The Bindplane Developer Hub

Welcome to the Bindplane developer hub. You'll find comprehensive guides and documentation to help you start working with Bindplane as quickly as possible, as well as support if you get stuck. Let's jump right in!

Microsoft Azure Network Watcher

For more information on how to use the below LPU and other Azure Data Collection setup. See the Microsoft Azure Sources topic

Least Privileged User

Steps:

  1. Using the Azure CLI Client, find the Subscription ID and Tenant ID from your account list
  2. Create a custom RBAC role using the JSON provided. Include your Subscription ID and rename the file to azure.json
  3. Create an Active Directory Service Principal and assign the custom RBAC role t it.

Creating custom roles using the Azure CLI:

https://docs.microsoft.com/en-us/azure/role-based-access-control/custom-roles

Assigning roles using the Azure CLI:

https://docs.microsoft.com/en-us/azure/role-based-access-control/role-assignments-portal

{
  "Name": "LPU Network Watcher",
  "Description": "LPU for Network Watcher",
  "Actions": [
    "Microsoft.Network/networkWatchers/*/read",
    "Microsoft.Insights/metrics/*/read",
    "Microsoft.Authorization/*/read"
  ],
  "AssignableScopes": [
    "/subscriptions/[Subscription ID]"
  ]
}

Connection Parameters

Name
Required?
Description

Subscription ID

Required

GUID Subscription ID

Tenant ID

Required

GUID Tenant ID (also known as Directory ID)

Client ID

Required

GUID Client ID (also known as Application ID)

Client Secret

Required

The Secret (also known as Key) corresponding to the Client ID.

Maximum HTTP Retry Time (seconds)

The maximum amount of time in seconds to retry each API request when the API is throttling.

HTTP Request Timeout (seconds)

The maximum amount of time in seconds before a single HTTP request will fail.

Metrics

API Usage

Name
Description

Average Pages

The average amount of pages needed for a paged resource type.

Average Request Retries

The average number of retry requests per unique requests made.

Average Retry Attempts

The average number of retry requests made per unique request that was retried.

Average Retry Wait (Milliseconds)

The average amount of time retried requests spent waiting.

Client ID

The client ID used to make API calls.

Failed Requests

The total number of requests that returned a failure response.

Maximum Pages

The most amount of pages needed for a paged resource type.

Maximum Retries

The highest number of retries made for a single request.

Maximum Retry Wait (Milliseconds)

The most amount of time a retried request spent waiting.

Minimum Pages

The least amount of pages needed for a paged resource type.

Minimum Retry Wait (Milliseconds)

The least amount of time a retried request spent waiting.

Other Status Responses

The total number of successful requests that responded with some other accepted status.

Request Timeouts

The total number of requests that timed out waiting for a response.

Requests Retried

The number of unique requests that were retried.

Retry Status Responses

The total number of successful requests that responded with the status TOO MANY REQUESTS (429).

Retry Timeouts

The total number of requests that needed to be retried, but the request retry time exceeded the maximum retry time.

Status OK Responses

The total number of successful requests that responded with the status OK (200).

Subscription ID

The subscription ID used to make API calls.

Successful Requests

The total number of requests that returned a successful response.

Tenant ID

The tenant ID used to make API calls.

Total Monitor Requests

The total number of requests made to get monitor metrics.

Total Paged Requests

The total amount of resource types that required paging.

Total Requests

The total number of requests made during collection.

Total Retries

The total number of retry requests that were made.

Unique Monitor Requests

The number of unique requests made to get monitor metrics.

Unique Requests

The number of requests made with unique endpoints.

Connection Monitor

Name
Description

Auto Start

Determines if the connection monitor will start automatically once created.

Average Round-Trip Time (Milliseconds)

Average network round-trip time for connectivity monitoring probes sent between source and destination.

Destination Address

Address of the connection monitor destination (IP or domain name).

Destination ID

The ID of the resource used as the destination by connection monitor.

Destination Port

The destination port used by connection monitor.

Failed Probes (%)

Ratio of connectivity monitoring probes failed.

ID

Microsoft Azure resource ID.

Location

Location where this resource lives.

Monitoring Interval (Seconds)

Monitoring interval.

Monitoring Status

The monitoring status of the connection monitor.

Name

Resource name.

Provisioning State

The provisioning state of the connection monitor.

Source ID

The ID of the resource used as the source by connection monitor.

Source Port

The source port used by connection monitor.

Tags

Resource tags.

Type

Microsoft Azure resource type.

Network Watcher

Name
Description

ID

Microsoft Azure resource ID.

Location

Location where this resource lives.

Name

Microsoft Azure resource name.

Provisioning State

The provisioning state of the resource.

Tags

Resource tags.

Type

Microsoft Azure resource type.

Packet Capture

Name
Description

Capture Size (Bytes)

Capture size per packet, the remaining data are truncated.

File Path

A valid local path on the targeting VM. Must include the name of the capture file (*.cap). For linux virtual machine it must start with /var/captures. Required if no storage ID is provided, otherwise optional.

ID

Microsfot Azure resource ID.

Name

Resource name.

Provisioning State

The provisioning state of the packet capture session.

Storage ID

The ID of the storage account to save the packet capture session. Required if no local file path is provided.

Storage Path

The URI of the storage path to save the packet capture. Must be a well-formed URI describing the location to save the packet capture.

Target

The ID of the targeted resource, only VM is currently supported.

Time Limit (Seconds)

Maximum duration of the capture session.

Total Size

Maximum size of the capture output.

Packet Capture Filter

Name
Description

Local IP Address

Local IP Address to be filtered on. Notation: "127.0.0.1" for single address entry. "127.0.0.1-127.0.0.255" for range. "127.0.0.1;127.0.0.5"? for multiple entries. Multiple ranges not currently supported. Mixing ranges with multiple entries not currently supported. Default = null.

Local Port

Local port to be filtered on. Notation: "80" for single port entry."80-85" for range. "80;443;" for multiple entries. Multiple ranges not currently supported. Mixing ranges with multiple entries not currently supported. Default = null.

Protocol

Protocol to be filtered on.

Remote IP Address

Local IP Address to be filtered on. Notation: "127.0.0.1" for single address entry. "127.0.0.1-127.0.0.255" for range. "127.0.0.1;127.0.0.5;" for multiple entries. Multiple ranges not currently supported. Mixing ranges with multiple entries not currently supported. Default = null.

Remote Port

Remote port to be filtered on. Notation: "80" for single port entry."80-85" for range. "80;443;" for multiple entries. Multiple ranges not currently supported. Mixing ranges with multiple entries not currently supported. Default = null.