Views:

Review the required and recommended configuration settings for Azure Network Watcher and Azure VNet Flow Logs.

Before enabling Cloud Detections forAzure VNet Flow Logs, review the following recommendations and requirements for the feature:
  • Flow Log configuration: Additional configuration of flow log fields is not required. Azure VNet Flow Logs automatically populate all mandatory fields in each flow log record. To review the flow log record format, see Virtual network flow logs format in the Azure documentation.
  • Storage account requirements:
    • The storage account must be in the same region as the virtual network. For example, if the virtual network is in East US, the storage account must also be located in East US.
    • The storage account must be in the same subscription as the virtual network, or in a subscription associated with the same Microsoft Entra tenant of the virtual network's subscription.
  • Data collection and aggregation interval: Flow logs are collected in one minute intervals through the Azure platform and do not affect your Azure resources or network performance. This interval is automatic and does not require configuration. Trend Vision One aggregates flow logs every 10 minutes.
For more information on creating and managing Azure VNet Flow Logs, see the following topics in the Azure documentation: