Views:
Use these steps to trigger the detection model and create a Workbench alert for Azure VNet Flow Logs.

Procedure

  1. Create a script file with the following Python code:
    import socket

def send_udp_message():
    sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
    
    try:
        # Target IP and port
        target_ip = "79.124.59.78"
        target_port = 9999
        
        message = "test"
        
        # Send the message
        sock.sendto(message.encode('utf-8'), (target_ip, target_port))
        print(f"Sent '{message}' to {target_ip}:{target_port}")
        
    except Exception as e:
        print(f"Error: {e}")
    finally:
        sock.close()

if __name__ == "__main__":
    send_udp_message()
  2. Sign in to the Azure account you want to use to test Cloud Detections for VNet Flow Logs.
  3. Set up an Azure Virtual Machine (VM).
  4. Connect to the Azure VM and run the script file.
  5. In the Trend Vision One console, go to Agentic SIEM & XDRWorkbench to view the generated alert.