Microsoft Azure Network Watcher
This source has been deprecated
observIQ is in the process of transitioning a subset of BindPlane's monitoring capabilities to the observIQ OpenTelemetry Collector. As a result, this Source is no longer publicly available in BindPlane. If you need access to this Source, please reach out to our support via chat or via [email protected].
Please refer to the Microsoft Azure Sources topic for additional information on how to configure the LPU, and general Azure Data Collection setup details.
Least Privileged User
Steps:
- Using the Azure CLI Client, find the Subscription ID and Tenant ID from your account list
- Create a custom RBAC role using the JSON provided. Include your Subscription ID and rename the file to azure.json
- Create an Active Directory Service Principal and assign the custom RBAC role t it.
Creating custom roles using the Azure CLI:
https://docs.microsoft.com/en-us/azure/role-based-access-control/custom-roles
Assigning roles using the Azure CLI:
https://docs.microsoft.com/en-us/azure/role-based-access-control/role-assignments-portal
{
"Name": "LPU Network Watcher",
"Description": "LPU for Network Watcher",
"Actions": [
"Microsoft.Network/networkWatchers/*/read",
"Microsoft.Insights/metrics/*/read",
"Microsoft.Authorization/*/read"
],
"AssignableScopes": [
"/subscriptions/[Subscription ID]"
]
}
Connection Parameters
Name | Required? | Description |
---|---|---|
Subscription ID | Required | GUID Subscription ID |
Tenant ID | Required | GUID Tenant ID (also known as Directory ID) |
Client ID | Required | GUID Client ID (also known as Application ID) |
Client Secret | Required | The Secret (also known as Key) corresponding to the Client ID. |
Maximum HTTP Retry Time (seconds) | The maximum amount of time in seconds to retry each API request when the API is throttling. | |
HTTP Request Timeout (seconds) | The maximum amount of time in seconds before a single HTTP request will fail. |
Metrics
API Usage
Name | Description |
---|---|
Average Pages | The average amount of pages needed for a paged resource type. |
Average Request Retries | The average number of retry requests per unique requests made. |
Average Retry Attempts | The average number of retry requests made per unique request that was retried. |
Average Retry Wait (Milliseconds) | The average amount of time retried requests spent waiting. |
Client ID | The client ID used to make API calls. |
Failed Requests | The total number of requests that returned a failure response. |
Maximum Pages | The most amount of pages needed for a paged resource type. |
Maximum Retries | The highest number of retries made for a single request. |
Maximum Retry Wait (Milliseconds) | The most amount of time a retried request spent waiting. |
Minimum Pages | The least amount of pages needed for a paged resource type. |
Minimum Retry Wait (Milliseconds) | The least amount of time a retried request spent waiting. |
Other Status Responses | The total number of successful requests that responded with some other accepted status. |
Request Timeouts | The total number of requests that timed out waiting for a response. |
Requests Retried | The number of unique requests that were retried. |
Retry Status Responses | The total number of successful requests that responded with the status TOO MANY REQUESTS (429). |
Retry Timeouts | The total number of requests that needed to be retried, but the request retry time exceeded the maximum retry time. |
Status OK Responses | The total number of successful requests that responded with the status OK (200). |
Subscription ID | The subscription ID used to make API calls. |
Successful Requests | The total number of requests that returned a successful response. |
Tenant ID | The tenant ID used to make API calls. |
Total Monitor Requests | The total number of requests made to get monitor metrics. |
Total Paged Requests | The total amount of resource types that required paging. |
Total Requests | The total number of requests made during collection. |
Total Retries | The total number of retry requests that were made. |
Unique Monitor Requests | The number of unique requests made to get monitor metrics. |
Unique Requests | The number of requests made with unique endpoints. |
Connection Monitor
Name | Description |
---|---|
Auto Start | Determines if the connection monitor will start automatically once created. |
Average Round-Trip Time (Milliseconds) | Average network round-trip time for connectivity monitoring probes sent between source and destination. |
Destination Address | Address of the connection monitor destination (IP or domain name). |
Destination ID | The ID of the resource used as the destination by connection monitor. |
Destination Port | The destination port used by connection monitor. |
Failed Probes (%) | Ratio of connectivity monitoring probes failed. |
ID | Microsoft Azure resource ID. |
Location | Location where this resource lives. |
Monitoring Interval (Seconds) | Monitoring interval. |
Monitoring Status | The monitoring status of the connection monitor. |
Name | Resource name. |
Provisioning State | The provisioning state of the connection monitor. |
Source ID | The ID of the resource used as the source by connection monitor. |
Source Port | The source port used by connection monitor. |
Tags | Resource tags. |
Type | Microsoft Azure resource type. |
Network Watcher
Name | Description |
---|---|
ID | Microsoft Azure resource ID. |
Location | Location where this resource lives. |
Name | Microsoft Azure resource name. |
Provisioning State | The provisioning state of the resource. |
Tags | Resource tags. |
Type | Microsoft Azure resource type. |
Packet Capture
Name | Description |
---|---|
Capture Size (Bytes) | Capture size per packet, the remaining data are truncated. |
File Path | A valid local path on the targeting VM. Must include the name of the capture file (*.cap). For linux virtual machine it must start with /var/captures. Required if no storage ID is provided, otherwise optional. |
ID | Microsfot Azure resource ID. |
Name | Resource name. |
Provisioning State | The provisioning state of the packet capture session. |
Storage ID | The ID of the storage account to save the packet capture session. Required if no local file path is provided. |
Storage Path | The URI of the storage path to save the packet capture. Must be a well-formed URI describing the location to save the packet capture. |
Target | The ID of the targeted resource, only VM is currently supported. |
Time Limit (Seconds) | Maximum duration of the capture session. |
Total Size | Maximum size of the capture output. |
Packet Capture Filter
Name | Description |
---|---|
Local IP Address | Local IP Address to be filtered on. Notation: "127.0.0.1" for single address entry. "127.0.0.1-127.0.0.255" for range. "127.0.0.1;127.0.0.5"? for multiple entries. Multiple ranges not currently supported. Mixing ranges with multiple entries not currently supported. Default = null. |
Local Port | Local port to be filtered on. Notation: "80" for single port entry."80-85" for range. "80;443;" for multiple entries. Multiple ranges not currently supported. Mixing ranges with multiple entries not currently supported. Default = null. |
Protocol | Protocol to be filtered on. |
Remote IP Address | Local IP Address to be filtered on. Notation: "127.0.0.1" for single address entry. "127.0.0.1-127.0.0.255" for range. "127.0.0.1;127.0.0.5;" for multiple entries. Multiple ranges not currently supported. Mixing ranges with multiple entries not currently supported. Default = null. |
Remote Port | Remote port to be filtered on. Notation: "80" for single port entry."80-85" for range. "80;443;" for multiple entries. Multiple ranges not currently supported. Mixing ranges with multiple entries not currently supported. Default = null. |
Updated about 2 years ago