Microsoft Azure Network Watcher

❗️

This source has been deprecated

observIQ is in the process of transitioning a subset of BindPlane's monitoring capabilities to the observIQ OpenTelemetry Collector. As a result, this Source is no longer publicly available in BindPlane. If you need access to this Source, please reach out to our support via chat or via [email protected].

Please refer to the Microsoft Azure Sources topic for additional information on how to configure the LPU, and general Azure Data Collection setup details.

Least Privileged User

Steps:

  1. Using the Azure CLI Client, find the Subscription ID and Tenant ID from your account list
  2. Create a custom RBAC role using the JSON provided. Include your Subscription ID and rename the file to azure.json
  3. Create an Active Directory Service Principal and assign the custom RBAC role t it.

Creating custom roles using the Azure CLI:

https://docs.microsoft.com/en-us/azure/role-based-access-control/custom-roles

Assigning roles using the Azure CLI:

https://docs.microsoft.com/en-us/azure/role-based-access-control/role-assignments-portal

{
  "Name": "LPU Network Watcher",
  "Description": "LPU for Network Watcher",
  "Actions": [
    "Microsoft.Network/networkWatchers/*/read",
    "Microsoft.Insights/metrics/*/read",
    "Microsoft.Authorization/*/read"
  ],
  "AssignableScopes": [
    "/subscriptions/[Subscription ID]"
  ]
}

Connection Parameters

NameRequired?Description
Subscription IDRequiredGUID Subscription ID
Tenant IDRequiredGUID Tenant ID (also known as Directory ID)
Client IDRequiredGUID Client ID (also known as Application ID)
Client SecretRequiredThe Secret (also known as Key) corresponding to the Client ID.
Maximum HTTP Retry Time (seconds)The maximum amount of time in seconds to retry each API request when the API is throttling.
HTTP Request Timeout (seconds)The maximum amount of time in seconds before a single HTTP request will fail.

Metrics

API Usage

NameDescription
Average PagesThe average amount of pages needed for a paged resource type.
Average Request RetriesThe average number of retry requests per unique requests made.
Average Retry AttemptsThe average number of retry requests made per unique request that was retried.
Average Retry Wait (Milliseconds)The average amount of time retried requests spent waiting.
Client IDThe client ID used to make API calls.
Failed RequestsThe total number of requests that returned a failure response.
Maximum PagesThe most amount of pages needed for a paged resource type.
Maximum RetriesThe highest number of retries made for a single request.
Maximum Retry Wait (Milliseconds)The most amount of time a retried request spent waiting.
Minimum PagesThe least amount of pages needed for a paged resource type.
Minimum Retry Wait (Milliseconds)The least amount of time a retried request spent waiting.
Other Status ResponsesThe total number of successful requests that responded with some other accepted status.
Request TimeoutsThe total number of requests that timed out waiting for a response.
Requests RetriedThe number of unique requests that were retried.
Retry Status ResponsesThe total number of successful requests that responded with the status TOO MANY REQUESTS (429).
Retry TimeoutsThe total number of requests that needed to be retried, but the request retry time exceeded the maximum retry time.
Status OK ResponsesThe total number of successful requests that responded with the status OK (200).
Subscription IDThe subscription ID used to make API calls.
Successful RequestsThe total number of requests that returned a successful response.
Tenant IDThe tenant ID used to make API calls.
Total Monitor RequestsThe total number of requests made to get monitor metrics.
Total Paged RequestsThe total amount of resource types that required paging.
Total RequestsThe total number of requests made during collection.
Total RetriesThe total number of retry requests that were made.
Unique Monitor RequestsThe number of unique requests made to get monitor metrics.
Unique RequestsThe number of requests made with unique endpoints.

Connection Monitor

NameDescription
Auto StartDetermines if the connection monitor will start automatically once created.
Average Round-Trip Time (Milliseconds)Average network round-trip time for connectivity monitoring probes sent between source and destination.
Destination AddressAddress of the connection monitor destination (IP or domain name).
Destination IDThe ID of the resource used as the destination by connection monitor.
Destination PortThe destination port used by connection monitor.
Failed Probes (%)Ratio of connectivity monitoring probes failed.
IDMicrosoft Azure resource ID.
LocationLocation where this resource lives.
Monitoring Interval (Seconds)Monitoring interval.
Monitoring StatusThe monitoring status of the connection monitor.
NameResource name.
Provisioning StateThe provisioning state of the connection monitor.
Source IDThe ID of the resource used as the source by connection monitor.
Source PortThe source port used by connection monitor.
TagsResource tags.
TypeMicrosoft Azure resource type.

Network Watcher

NameDescription
IDMicrosoft Azure resource ID.
LocationLocation where this resource lives.
NameMicrosoft Azure resource name.
Provisioning StateThe provisioning state of the resource.
TagsResource tags.
TypeMicrosoft Azure resource type.

Packet Capture

NameDescription
Capture Size (Bytes)Capture size per packet, the remaining data are truncated.
File PathA valid local path on the targeting VM. Must include the name of the capture file (*.cap). For linux virtual machine it must start with /var/captures. Required if no storage ID is provided, otherwise optional.
IDMicrosfot Azure resource ID.
NameResource name.
Provisioning StateThe provisioning state of the packet capture session.
Storage IDThe ID of the storage account to save the packet capture session. Required if no local file path is provided.
Storage PathThe URI of the storage path to save the packet capture. Must be a well-formed URI describing the location to save the packet capture.
TargetThe ID of the targeted resource, only VM is currently supported.
Time Limit (Seconds)Maximum duration of the capture session.
Total SizeMaximum size of the capture output.

Packet Capture Filter

NameDescription
Local IP AddressLocal IP Address to be filtered on. Notation: "127.0.0.1" for single address entry. "127.0.0.1-127.0.0.255" for range. "127.0.0.1;127.0.0.5"? for multiple entries. Multiple ranges not currently supported. Mixing ranges with multiple entries not currently supported. Default = null.
Local PortLocal port to be filtered on. Notation: "80" for single port entry."80-85" for range. "80;443;" for multiple entries. Multiple ranges not currently supported. Mixing ranges with multiple entries not currently supported. Default = null.
ProtocolProtocol to be filtered on.
Remote IP AddressLocal IP Address to be filtered on. Notation: "127.0.0.1" for single address entry. "127.0.0.1-127.0.0.255" for range. "127.0.0.1;127.0.0.5;" for multiple entries. Multiple ranges not currently supported. Mixing ranges with multiple entries not currently supported. Default = null.
Remote PortRemote port to be filtered on. Notation: "80" for single port entry."80-85" for range. "80;443;" for multiple entries. Multiple ranges not currently supported. Mixing ranges with multiple entries not currently supported. Default = null.