Learn how Trend Vision One™ ingests Azure VNet Flow Logs to detect threats and attacks, provide response actions, and generate a visual representation of the logs.
 |
ImportantThis is a "Pre-release" feature and is not considered an official release. Please
review the Pre-release disclaimer before using the feature.
|
When connecting or updating an Azure subscription in Cloud Accounts, you can enable
the Cloud Detections for Azure VNet Flow Logs feature to gain deep visibility into
VNet traffic, with detection models to identify and provide alerts on malicious IP
traffic, SSH brute force attacks, data exfiltration, and more.
Trend Vision One™ ingests Azure VNet Flow Logs and analyzes the logs for suspicious or malicious traffic
activity. You can view the results in the following
Trend Vision One™ apps:
-
: The Workbench app provides insight into high-priority correlated alerts, which you can investigate to understand the scope of the issue, get a list of highlighted events, and view and act upon each alert.
Tip
To view a list of Workbench insights for Azure VNet Flow Logs, use the Data source/processor filter to display all Cloud Detections for Azure VNet Flow Logs insights.For more information, see Workbench. -
: View Azure VNet Flow Logs events detected in your Azure environment and drill down into an event to view details.
Tip
To view a list of events generated by Azure VNet Flow Logs, use the Data source/processor filter to display all Cloud Detections for Azure VNet Flow Logs events.For more information, see Observed Attack Techniques. -
: Use search queries to view Azure VNet Flow Logs logs and events.
To set up Cloud Detections for Azure VNet Flow Logs, do the following:
-
Estimate your XDR for Cloud credit usage and allocate credits by clicking XDR Credit Usage in .
-
Enable Cloud Detections for Azure VNet Flow Logs when connecting or updating an Azure subscription.