Enable NSG Flow Logs
- Go to Resource Groups section in Azure portal
- Click on create button.
- Select the subscription and provide a name for this new resource group.
- Select a region. (example: (US) East US)
- Click "Review + create" button.
- Go to storage accounts section.
- Click on Create button.
- Select subscription and resource group that was just created.
- Select the same region as the resource group.
- Provide a name for the storage account.
- Click "Review + create" button. This will create a storage account where nsg flow log will be stored.
- Go to subscription section and find your subscription.
- Navigate to resource providers.
- Ensure that microsoft.insights provider is registered. If it is not registered, click on Register button.
- Go to Network Watcher section.
- Click on Add and add the regions that you want nsg flow logs to be enabled.
- Go to Network Watcher -> NSG flow logs.
- Create flow logs for the NSG where you want to enable NSG flow log. Provide the storage account created above and retention days as 30.
- Navigate to the storage account created and click on Events.
- Click on Event Subscription
- Provide a name for this event subscription.
- Select the resource group that was created above.
- Provide a System Topic Name.
- For Filter to Event Types, default is "Blob Created" and "Blob Deleted".
- For Endpoint Type, select "Web Hook".
- Click on the "Select an endpoint" link.
- Subscriber Endpoint is
https://prod1-webhook.vtxsecurityservices.com:8093/webhook/<tenant_name>/azure. Tenant name is assigned by Valtix.