Select the subscription and provide a name for this new resource group.
Select a region. (example: (US) East US)
Click "Review + create" button.
Go to storage accounts section.
Click on Create button.
Select subscription and resource group that was just created.
Select the same region as the resource group.
Provide a name for the storage account.
Redundancy CANNOT be locally-redundant storage(LRS)
Click "Review + create" button. This will create a storage account where nsg flow log will be stored.
Go to subscription section and find your subscription.
Navigate to resource providers.
Ensure that microsoft.insights and Microsoft.EventGrid providers are registered. If they are not registered, click on Register button.
Go to Network Watcher section.
Click on Add and add the regions that you want nsg flow logs to be enabled.
Go to Network Watcher -> NSG flow logs.
Create flow logs for the NSG where you want to enable NSG flow log. Provide the storage account created above and retention days as 30.
Navigate to the storage account created and click on Events.
Click on Event Subscription
Provide a name for this event subscription.
Select the resource group that was created above.
Provide a System Topic Name.
For Filter to Event Types, default is "Blob Created" and "Blob Deleted".
For Endpoint Type, select "Web Hook".
Click on the "Select an endpoint" link.
Subscriber Endpoint is https://prod1-webhook.vtxsecurityservices.com:8093/webhook/<tenant_name>/azure. Tenant name is assigned by Valtix. You can find tenant name by clicking on the username in Valtix Controller.