Skip to main content
Sumo Logic

Install the Azure Network Watcher App and view the Dashboards

Install the Sumo Logic App

Now that you have configured Azure Network Watcher, install the Sumo Logic App for Azure Network Watcher to take advantage of the preconfigured searches and dashboards to analyze your data. 

To install the app:

  1. Select App Catalog, search for and select the app, and click Add to Library. (In the classic UI, click Library, click Apps, select the app, and click Install. If you don't find the app under Apps, it might be a preview app. Try clicking Preview to find the app.)
  2. Click Preview Dashboards if you'd like to see a preview of the dashboards included with the app before installing.
  3. In the Install Application dialog box, select the installation path (the default is the Personal folder in the library), or click New Folder to add a new folder.
  4. Select either of these options for the log data source.
  • Choose Select from Existing Source Categories, and select the source catalog from the Source Category list.
  • Choose Enter a Custom Data Filter and enter a custom source category beginning with an underscore. Example: (_sourceCategory=MyCategory).
  1. Click Add to Library.

Once an app is installed, it will appear in your Personal folder, or other folder that you specified. From here, you can share it with your organization. See Welcome to the New Library for information on working with the library in the new UI.

Panels will start to fill automatically. It's important to note that each Panel slowly fills with data matching the time range query and received since the Panel was created. Results won't immediately be available, but with a bit of time, you'll see full graphs and maps. 

Dashboards

All Dashboards include filters that you can use in Interactive Mode for further analysis of your data.

Network Watcher - Overview

This Dashboard provides general information of the NSG flow logs, including Panels that drill-down into queries with NIC, tuple and traffic flow information. The Overview Dashboard gives a good starting point for detecting outlier in denied traffic and geographic hotspots for inbound traffic. In addition, this Dashboard allows users to filter data by rule name, source/destination IP and port, and other metadata fields.

Screen Shot 2017-02-15 at 3.50.40 PM.png

Source Address Location of Inbound Traffic. Displays geo-location of Inbound Traffic.

Flow Traffic by Rule Name. Shows breakdown of all traffic, by Security Rule name, set up at NSG level.

Denied Traffic per Minute. Shows trend in Denied Inbound traffic flow per minute.

Breakdown of Traffic (Allowed or Denied). Displays traffic breakdown by Allowed or Denied flow.

Top 10 Destination Ports.  Shows top 10 destination ports in last 24 hours.

Flow Traffic by Protocol. Displays trend of traffic by protocol (TCP/UDP).

Denied Traffic per Hour - Outlier. Using Sumo Logic machine learning Outlier operator, shows any unexpected sequence in denied traffic.

Denied Traffic Comparison (Today Vs Yesterday) - Outlier. Compares denied traffic of last 24 hours with previous 24 hours and shows any unexpected difference between two time periods.

Network Watcher - Denied Traffic Flow

This Dashboard drills down on denied traffic flow logs, shows geographic hotspots of denied traffic, top denied IPs and ports, and denied traffic trends by rule name.

Screen Shot 2017-02-16 at 1.48.16 PM.png

Denied Traffic Flow by Source Location. Shows geographic hotspots of denied traffic flow.

Top 10 Denied Source IP. Displays a table of source IP addresses with denied traffic flow.

Top 10 Denied Destination IP. Displays a table of destination IP addresses with denied traffic flow.

Denied Flow Traffic by Rule Name. Shows trends in denied traffic flow with rule name over last 24 hours.

Top 10 Denied Source IP, Port. Displays a table of source IP addresses and ports with denied traffic flow.

Top 10 Denied Destination IP, Port. Displays a table of destination IP addresses and ports with denied traffic flow.

Denied Traffic per Hour -  Outlier. Using Sumo Logic machine learning Outlier operator, shows any unexpected sequence in denied traffic.