networkWatchers
Summary
Details
Deploy Network Watcher in all regions where you have networking services
Impact: Low Category: Monitoring and Alerting
APRL GUID: 4e133bd0-8762-bc40-a95b-b29142427d73
Description:
Azure Network Watcher offers tools for monitoring, diagnosing, viewing metrics, and managing logs for IaaS resources. It helps maintain the health of VMs, VNets, application gateways, load balancers, but not for PaaS or Web analytics.
Potential Benefits:
Enhanced monitoring and diagnostics for Azure IaaS
Learn More:
ARG Query:
Click the Azure Resource Graph tab to view the query
// Azure Resource Graph Query
// This query will return all locations that do not have a Network Watcher deployed
resources
| where location != "global"
| union (Resources
| where type =~ "microsoft.network/networkwatchers")
| summarize NetworkWatcherCount = countif(type =~ 'Microsoft.Network/networkWatchers') by location
| where NetworkWatcherCount == 0
| project recommendationId = "4e133bd0-8762-bc40-a95b-b29142427d73", name=location, id="n/a", param1 = strcat("LocationMisingNetworkWatcher:", location)
Fix Flow Log configurations in Failed state or Disabled Status
Impact: Low Category: Monitoring and Alerting
APRL GUID: 22a769ed-0ecb-8b49-bafe-8f52e6373d9c
Description:
Network security group flow logging is a feature of Azure Network Watcher that logs IP traffic info through a network security group. If in Failed state, monitoring data from the associated resource is not collected.
Potential Benefits:
Ensures IP traffic logging
Learn More:
ARG Query:
Click the Azure Resource Graph tab to view the query
// Azure Resource Graph Query
// This query will return all Network Watcher Flow Logs that are not enabled or in a succeeded state
resources
| where type =~ "microsoft.network/networkwatchers/flowlogs" and isnotnull(properties)
| extend targetResourceId = tostring(properties.targetResourceId)
| extend status = iff(properties.enabled =~ 'true', "Enabled", "Disabled")
| extend provisioningState = tostring(properties.provisioningState)
| extend flowLogType = iff(properties.targetResourceId contains "Microsoft.Network/virtualNetworks", 'Virtual network', 'Network security group')
| where provisioningState != "Succeeded" or status != "Enabled"
| project recommendationId = "22a769ed-0ecb-8b49-bafe-8f52e6373d9c", name, id, tags, param1 = strcat("provisioningState:", provisioningState), param2=strcat("Status:", status), param3=strcat("targetResourceId:",targetResourceId), param4=strcat("flowLogType:",flowLogType)
Configure Network Watcher Connection monitor
Impact: High Category: Monitoring and Alerting
APRL GUID: 1e28bbc1-1eb7-486f-8d7f-93943f40219c
Description:
Improves monitoring for Azure and Hybrid connectivity
Potential Benefits:
Improves monitoring for Azure and Hybrid connectivity
Learn More:
ARG Query:
Click the Azure Resource Graph tab to view the query
// under-development
Enable Network Security Group and Virtual Network Flow Logs
Impact: High Category: Monitoring and Alerting
APRL GUID: a1317a0b-402d-4604-be40-a25a004ba171
Description:
Improves monitoring and security for Azure and Hybrid connectivity
Potential Benefits:
Improves monitoring and security for Azure connectivity
Learn More:
ARG Query:
Click the Azure Resource Graph tab to view the query
// under-development
Enable traffic analytics in Network Security Group and Virtual Network Flow Logs configuration.
Impact: High Category: Monitoring and Alerting
APRL GUID: bf0b7dbd-016d-458c-af99-70fcb03ad451
Description:
Improves monitoring, security and troubleshooting for Azure and Hybrid connectivity
Potential Benefits:
Improves monitoring, security and troubleshooting.
Learn More:
ARG Query:
Click the Azure Resource Graph tab to view the query
// under-development