12-13-2024 04:07 AM
I got a use case were user has enabled flow logs in Azure on Vnet level but Prisma Cloud ingest data from network watcher from NSG flow log right? can we have any way or method in Prisma Cloud to ingest data from VNet directly?
12-13-2024 07:21 AM
Prisma Cloud ingests network traffic data from Azure through Network Security Group (NSG) flow logs, a feature of Azure Network Watcher. It does not directly ingest Azure VNet flow logs. To enable this, you must configure NSG flow logs to send data to a storage account, and then ensure Prisma Cloud has the necessary permissions to access that storage account.
Here is a checklist on what to verify when configuring network flow logs:
Here is a list of our supported resources for flow logs:
12-13-2024 08:19 AM
Thanks for reply. That means there is no way to do something in Prisma cloud to ingest flow logs from VNet instead of NSG right?
12-16-2024 10:10 AM
That is correct, as of currently we do not support VNet flow logs ingestion but it is in the pipeline for future enhancements.
Please monitor our new releases notes.
Especially given the announcement from Microsoft "Network security group flow logs in Azure Network Watcher will be retired on 30 September 2027.As part of this retirement, you'll no longer be able to create new NSG flow logs starting 30 June 2025."
source: https://learn.microsoft.com/en-us/azure/network-watcher/vnet-flow-logs-overview
12-13-2024 07:21 AM
Prisma Cloud ingests network traffic data from Azure through Network Security Group (NSG) flow logs, a feature of Azure Network Watcher. It does not directly ingest Azure VNet flow logs. To enable this, you must configure NSG flow logs to send data to a storage account, and then ensure Prisma Cloud has the necessary permissions to access that storage account.
Here is a checklist on what to verify when configuring network flow logs:
Here is a list of our supported resources for flow logs:
12-13-2024 08:19 AM
Thanks for reply. That means there is no way to do something in Prisma cloud to ingest flow logs from VNet instead of NSG right?
12-16-2024 10:10 AM
That is correct, as of currently we do not support VNet flow logs ingestion but it is in the pipeline for future enhancements.
Please monitor our new releases notes.
Especially given the announcement from Microsoft "Network security group flow logs in Azure Network Watcher will be retired on 30 September 2027.As part of this retirement, you'll no longer be able to create new NSG flow logs starting 30 June 2025."
source: https://learn.microsoft.com/en-us/azure/network-watcher/vnet-flow-logs-overview
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
