Last active
April 2, 2017 15:03
-
-
Save kongou-ae/7c39302c0ec7511662df7dbc39ca0d16 to your computer and use it in GitHub Desktop.
Azure NSG Flow log
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "records": [ | |
| { | |
| "time": "2017-04-02T14:40:25.5360000Z", | |
| "systemId": "19dbc05a-4461-47de-a3cc-842db1e5fc14", | |
| "category": "NetworkSecurityGroupFlowEvent", | |
| "resourceId": "/SUBSCRIPTIONS/YOUR-SUBSCRIPTION-ID/RESOURCEGROUPS/AZURELAB/PROVIDERS/MICROSOFT.NETWORK/NETWORKSECURITYGROUPS/US-WEST", | |
| "operationName": "NetworkSecurityGroupFlowEvents", | |
| "properties": { | |
| "Version": 1, | |
| "flows": [ | |
| { | |
| "rule": "DefaultRule_AllowInternetOutBound", | |
| "flows": [ | |
| { | |
| "mac": "000D3A36C783", | |
| "flowTuples": [ | |
| "1491143966,10.2.0.4,23.99.34.232,37560,443,T,O,A", | |
| "1491143966,10.2.0.4,23.99.34.232,37562,443,T,O,A", | |
| "1491143966,10.2.0.4,23.99.34.232,37564,443,T,O,A", | |
| "1491143966,10.2.0.4,23.99.34.232,37566,443,T,O,A", | |
| "1491143967,10.2.0.4,23.99.34.232,37568,443,T,O,A", | |
| "1491143967,10.2.0.4,23.99.34.232,37570,443,T,O,A", | |
| "1491143984,10.2.0.4,91.189.89.199,56559,123,U,O,A", | |
| "1491143987,10.2.0.4,91.189.89.199,37185,123,U,O,A", | |
| "1491143992,10.2.0.4,91.189.89.199,54045,123,U,O,A", | |
| "1491143997,10.2.0.4,91.189.89.199,57632,123,U,O,A", | |
| "1491144002,10.2.0.4,91.189.89.199,53216,123,U,O,A", | |
| "1491144007,10.2.0.4,91.189.89.199,35513,123,U,O,A", | |
| "1491144012,10.2.0.4,91.189.89.199,34070,123,U,O,A", | |
| "1491144017,10.2.0.4,91.189.89.199,54582,123,U,O,A", | |
| "1491144022,10.2.0.4,91.189.89.199,38351,123,U,O,A" | |
| ] | |
| } | |
| ] | |
| }, | |
| { | |
| "rule": "DefaultRule_DenyAllInBound", | |
| "flows": [ | |
| { | |
| "mac": "000D3A36C783", | |
| "flowTuples": [ | |
| "1491143992,xxx.xxx.xxx.xxx,10.2.0.4,31639,22,T,I,D", | |
| "1491143995,xxx.xxx.xxx.xxx,10.2.0.4,31639,22,T,I,D", | |
| "1491144001,xxx.xxx.xxx.xxx,10.2.0.4,31639,22,T,I,D" | |
| ] | |
| } | |
| ] | |
| } | |
| ] | |
| } | |
| }, | |
| { | |
| "time": "2017-04-02T14:41:25.5380000Z", | |
| "systemId": "19dbc05a-4461-47de-a3cc-842db1e5fc14", | |
| "category": "NetworkSecurityGroupFlowEvent", | |
| "resourceId": "/SUBSCRIPTIONS/YOUR-SUBSCRIPTION-ID/RESOURCEGROUPS/AZURELAB/PROVIDERS/MICROSOFT.NETWORK/NETWORKSECURITYGROUPS/US-WEST", | |
| "operationName": "NetworkSecurityGroupFlowEvents", | |
| "properties": { | |
| "Version": 1, | |
| "flows": [ | |
| { | |
| "rule": "DefaultRule_AllowInternetOutBound", | |
| "flows": [ | |
| { | |
| "mac": "000D3A36C783", | |
| "flowTuples": [ | |
| "1491144026,10.2.0.4,23.99.34.232,37576,443,T,O,A", | |
| "1491144027,10.2.0.4,52.190.240.88,34604,8443,T,O,A", | |
| "1491144027,10.2.0.4,52.190.240.88,34606,8443,T,O,A", | |
| "1491144027,10.2.0.4,52.190.240.88,34608,8443,T,O,A", | |
| "1491144027,10.2.0.4,91.189.89.199,42037,123,U,O,A", | |
| "1491144032,10.2.0.4,91.189.89.199,48784,123,U,O,A", | |
| "1491144037,10.2.0.4,91.189.89.199,41974,123,U,O,A", | |
| "1491144042,10.2.0.4,91.189.89.199,50176,123,U,O,A", | |
| "1491144047,10.2.0.4,91.189.89.199,56445,123,U,O,A", | |
| "1491144052,10.2.0.4,52.190.240.88,34612,8443,T,O,A", | |
| "1491144052,10.2.0.4,52.190.240.88,34614,8443,T,O,A", | |
| "1491144052,10.2.0.4,52.190.240.88,34616,8443,T,O,A", | |
| "1491144052,10.2.0.4,91.189.89.199,45109,123,U,O,A", | |
| "1491144057,10.2.0.4,91.189.89.199,45522,123,U,O,A", | |
| "1491144062,10.2.0.4,91.189.89.199,49295,123,U,O,A", | |
| "1491144067,10.2.0.4,91.189.89.199,56197,123,U,O,A", | |
| "1491144072,10.2.0.4,91.189.89.199,59370,123,U,O,A", | |
| "1491144077,10.2.0.4,91.189.89.199,60332,123,U,O,A", | |
| "1491144078,10.2.0.4,52.190.240.88,34620,8443,T,O,A", | |
| "1491144078,10.2.0.4,52.190.240.88,34622,8443,T,O,A", | |
| "1491144078,10.2.0.4,52.190.240.88,34624,8443,T,O,A", | |
| "1491144082,10.2.0.4,91.189.89.199,39881,123,U,O,A" | |
| ] | |
| } | |
| ] | |
| }, | |
| { | |
| "rule": "DefaultRule_DenyAllInBound", | |
| "flows": [ | |
| { | |
| "mac": "000D3A36C783", | |
| "flowTuples": [ | |
| "1491144042,94.102.49.193,10.2.0.4,64129,389,U,I,D", | |
| "1491144076,xxx.xxx.xxx.xxx,10.2.0.4,61417,22,T,I,D", | |
| "1491144079,xxx.xxx.xxx.xxx,10.2.0.4,61417,22,T,I,D", | |
| "1491144081,104.236.148.188,10.2.0.4,55772,2082,T,I,D" | |
| ] | |
| } | |
| ] | |
| } | |
| ] | |
| } | |
| }, | |
| { | |
| "time": "2017-04-02T14:42:25.5400000Z", | |
| "systemId": "19dbc05a-4461-47de-a3cc-842db1e5fc14", | |
| "category": "NetworkSecurityGroupFlowEvent", | |
| "resourceId": "/SUBSCRIPTIONS/YOUR-SUBSCRIPTION-ID/RESOURCEGROUPS/AZURELAB/PROVIDERS/MICROSOFT.NETWORK/NETWORKSECURITYGROUPS/US-WEST", | |
| "operationName": "NetworkSecurityGroupFlowEvents", | |
| "properties": { | |
| "Version": 1, | |
| "flows": [ | |
| { | |
| "rule": "DefaultRule_AllowInternetOutBound", | |
| "flows": [ | |
| { | |
| "mac": "000D3A36C783", | |
| "flowTuples": [ | |
| "1491144087,10.2.0.4,91.189.89.199,57301,123,U,O,A", | |
| "1491144092,10.2.0.4,91.189.89.199,39211,123,U,O,A", | |
| "1491144097,10.2.0.4,91.189.89.199,37205,123,U,O,A", | |
| "1491144102,10.2.0.4,91.189.89.199,41655,123,U,O,A", | |
| "1491144103,10.2.0.4,52.190.240.88,34630,8443,T,O,A", | |
| "1491144103,10.2.0.4,52.190.240.88,34632,8443,T,O,A", | |
| "1491144103,10.2.0.4,52.190.240.88,34634,8443,T,O,A", | |
| "1491144107,10.2.0.4,91.189.89.199,36851,123,U,O,A", | |
| "1491144112,10.2.0.4,91.189.89.199,38341,123,U,O,A", | |
| "1491144116,10.2.0.4,91.189.95.15,42982,80,T,O,A", | |
| "1491144117,10.2.0.4,91.189.89.199,59093,123,U,O,A", | |
| "1491144122,10.2.0.4,91.189.89.199,59827,123,U,O,A", | |
| "1491144127,10.2.0.4,91.189.89.199,38476,123,U,O,A", | |
| "1491144128,10.2.0.4,52.190.240.88,34640,8443,T,O,A", | |
| "1491144128,10.2.0.4,52.190.240.88,34642,8443,T,O,A", | |
| "1491144128,10.2.0.4,52.190.240.88,34644,8443,T,O,A", | |
| "1491144132,10.2.0.4,91.189.89.199,52765,123,U,O,A", | |
| "1491144137,10.2.0.4,91.189.89.199,35438,123,U,O,A", | |
| "1491144142,10.2.0.4,91.189.89.199,39958,123,U,O,A" | |
| ] | |
| } | |
| ] | |
| }, | |
| { | |
| "rule": "DefaultRule_DenyAllInBound", | |
| "flows": [ | |
| { | |
| "mac": "000D3A36C783", | |
| "flowTuples": [ | |
| "1491144085,xxx.xxx.xxx.xxx,10.2.0.4,61417,22,T,I,D", | |
| "1491144105,49.4.142.229,10.2.0.4,28317,3306,T,I,D" | |
| ] | |
| } | |
| ] | |
| }, | |
| { | |
| "rule": "UserRule_ssh", | |
| "flows": [ | |
| { | |
| "mac": "000D3A36C783", | |
| "flowTuples": [ | |
| "1491144100,xxx.xxx.xxx.xxx,10.2.0.4,52223,22,T,I,A" | |
| ] | |
| } | |
| ] | |
| } | |
| ] | |
| } | |
| }, | |
| { | |
| "time": "2017-04-02T14:43:25.5420000Z", | |
| "systemId": "19dbc05a-4461-47de-a3cc-842db1e5fc14", | |
| "category": "NetworkSecurityGroupFlowEvent", | |
| "resourceId": "/SUBSCRIPTIONS/YOUR-SUBSCRIPTION-ID/RESOURCEGROUPS/AZURELAB/PROVIDERS/MICROSOFT.NETWORK/NETWORKSECURITYGROUPS/US-WEST", | |
| "operationName": "NetworkSecurityGroupFlowEvents", | |
| "properties": { | |
| "Version": 1, | |
| "flows": [ | |
| { | |
| "rule": "DefaultRule_AllowInternetOutBound", | |
| "flows": [ | |
| { | |
| "mac": "000D3A36C783", | |
| "flowTuples": [ | |
| "1491144147,10.2.0.4,91.189.89.199,39665,123,U,O,A", | |
| "1491144152,10.2.0.4,91.189.89.199,37240,123,U,O,A", | |
| "1491144154,10.2.0.4,52.190.240.88,34648,8443,T,O,A", | |
| "1491144154,10.2.0.4,52.190.240.88,34650,8443,T,O,A", | |
| "1491144154,10.2.0.4,52.190.240.88,34652,8443,T,O,A", | |
| "1491144157,10.2.0.4,91.189.89.199,57690,123,U,O,A", | |
| "1491144162,10.2.0.4,91.189.89.199,35084,123,U,O,A", | |
| "1491144167,10.2.0.4,91.189.89.199,48955,123,U,O,A", | |
| "1491144172,10.2.0.4,91.189.89.199,42500,123,U,O,A", | |
| "1491144177,10.2.0.4,91.189.89.199,40779,123,U,O,A", | |
| "1491144179,10.2.0.4,52.190.240.88,34656,8443,T,O,A", | |
| "1491144179,10.2.0.4,52.190.240.88,34658,8443,T,O,A", | |
| "1491144179,10.2.0.4,52.190.240.88,34660,8443,T,O,A", | |
| "1491144182,10.2.0.4,91.189.89.199,36211,123,U,O,A", | |
| "1491144187,10.2.0.4,91.189.89.199,47091,123,U,O,A", | |
| "1491144192,10.2.0.4,91.189.89.199,60225,123,U,O,A", | |
| "1491144197,10.2.0.4,91.189.89.199,45852,123,U,O,A", | |
| "1491144202,10.2.0.4,91.189.89.199,48631,123,U,O,A" | |
| ] | |
| } | |
| ] | |
| }, | |
| { | |
| "rule": "DefaultRule_DenyAllInBound", | |
| "flows": [ | |
| { | |
| "mac": "000D3A36C783", | |
| "flowTuples": [ | |
| "1491144185,115.74.53.236,10.2.0.4,22197,23,T,I,D" | |
| ] | |
| } | |
| ] | |
| }, | |
| { | |
| "rule": "UserRule_ssh", | |
| "flows": [] | |
| } | |
| ] | |
| } | |
| }, | |
| { | |
| "time": "2017-04-02T14:44:25.5440000Z", | |
| "systemId": "19dbc05a-4461-47de-a3cc-842db1e5fc14", | |
| "category": "NetworkSecurityGroupFlowEvent", | |
| "resourceId": "/SUBSCRIPTIONS/YOUR-SUBSCRIPTION-ID/RESOURCEGROUPS/AZURELAB/PROVIDERS/MICROSOFT.NETWORK/NETWORKSECURITYGROUPS/US-WEST", | |
| "operationName": "NetworkSecurityGroupFlowEvents", | |
| "properties": { | |
| "Version": 1, | |
| "flows": [ | |
| { | |
| "rule": "DefaultRule_AllowInternetOutBound", | |
| "flows": [ | |
| { | |
| "mac": "000D3A36C783", | |
| "flowTuples": [ | |
| "1491144204,10.2.0.4,52.190.240.88,34664,8443,T,O,A", | |
| "1491144204,10.2.0.4,52.190.240.88,34666,8443,T,O,A", | |
| "1491144204,10.2.0.4,52.190.240.88,34668,8443,T,O,A", | |
| "1491144207,10.2.0.4,91.189.89.199,34815,123,U,O,A", | |
| "1491144212,10.2.0.4,91.189.89.199,58198,123,U,O,A", | |
| "1491144217,10.2.0.4,91.189.89.199,42626,123,U,O,A", | |
| "1491144222,10.2.0.4,91.189.89.199,42537,123,U,O,A", | |
| "1491144227,10.2.0.4,91.189.89.199,42058,123,U,O,A", | |
| "1491144231,10.2.0.4,52.190.240.88,34672,8443,T,O,A", | |
| "1491144231,10.2.0.4,52.190.240.88,34674,8443,T,O,A", | |
| "1491144231,10.2.0.4,52.190.240.88,34676,8443,T,O,A", | |
| "1491144232,10.2.0.4,91.189.89.199,56820,123,U,O,A", | |
| "1491144237,10.2.0.4,91.189.89.199,35518,123,U,O,A", | |
| "1491144242,10.2.0.4,91.189.89.199,49245,123,U,O,A", | |
| "1491144247,10.2.0.4,91.189.89.199,39965,123,U,O,A", | |
| "1491144252,10.2.0.4,91.189.89.199,36672,123,U,O,A", | |
| "1491144256,10.2.0.4,52.190.240.88,34680,8443,T,O,A", | |
| "1491144256,10.2.0.4,52.190.240.88,34682,8443,T,O,A", | |
| "1491144256,10.2.0.4,52.190.240.88,34684,8443,T,O,A", | |
| "1491144257,10.2.0.4,91.189.89.199,53031,123,U,O,A", | |
| "1491144262,10.2.0.4,91.189.89.199,36847,123,U,O,A" | |
| ] | |
| } | |
| ] | |
| }, | |
| { | |
| "rule": "DefaultRule_DenyAllInBound", | |
| "flows": [ | |
| { | |
| "mac": "000D3A36C783", | |
| "flowTuples": [ | |
| "1491144226,120.80.202.29,10.2.0.4,24386,23,T,I,D", | |
| "1491144249,112.205.114.114,10.2.0.4,62799,23,T,I,D" | |
| ] | |
| } | |
| ] | |
| }, | |
| { | |
| "rule": "UserRule_ssh", | |
| "flows": [] | |
| } | |
| ] | |
| } | |
| }, | |
| { | |
| "time": "2017-04-02T14:45:25.5460000Z", | |
| "systemId": "19dbc05a-4461-47de-a3cc-842db1e5fc14", | |
| "category": "NetworkSecurityGroupFlowEvent", | |
| "resourceId": "/SUBSCRIPTIONS/YOUR-SUBSCRIPTION-ID/RESOURCEGROUPS/AZURELAB/PROVIDERS/MICROSOFT.NETWORK/NETWORKSECURITYGROUPS/US-WEST", | |
| "operationName": "NetworkSecurityGroupFlowEvents", | |
| "properties": { | |
| "Version": 1, | |
| "flows": [ | |
| { | |
| "rule": "DefaultRule_AllowInternetOutBound", | |
| "flows": [ | |
| { | |
| "mac": "000D3A36C783", | |
| "flowTuples": [ | |
| "1491144267,10.2.0.4,91.189.89.199,42372,123,U,O,A", | |
| "1491144272,10.2.0.4,91.189.89.199,39543,123,U,O,A", | |
| "1491144277,10.2.0.4,91.189.89.199,40849,123,U,O,A", | |
| "1491144281,10.2.0.4,52.190.240.88,34688,8443,T,O,A", | |
| "1491144281,10.2.0.4,52.190.240.88,34690,8443,T,O,A", | |
| "1491144281,10.2.0.4,52.190.240.88,34692,8443,T,O,A", | |
| "1491144282,10.2.0.4,91.189.89.199,57495,123,U,O,A", | |
| "1491144287,10.2.0.4,91.189.89.199,37827,123,U,O,A", | |
| "1491144292,10.2.0.4,91.189.89.199,38216,123,U,O,A", | |
| "1491144297,10.2.0.4,91.189.89.199,39332,123,U,O,A", | |
| "1491144302,10.2.0.4,91.189.89.199,45309,123,U,O,A", | |
| "1491144307,10.2.0.4,52.190.240.88,34696,8443,T,O,A", | |
| "1491144307,10.2.0.4,52.190.240.88,34698,8443,T,O,A", | |
| "1491144307,10.2.0.4,52.190.240.88,34700,8443,T,O,A", | |
| "1491144307,10.2.0.4,91.189.89.199,52431,123,U,O,A", | |
| "1491144312,10.2.0.4,91.189.89.199,44254,123,U,O,A", | |
| "1491144317,10.2.0.4,91.189.89.199,48914,123,U,O,A", | |
| "1491144322,10.2.0.4,91.189.89.199,40513,123,U,O,A" | |
| ] | |
| } | |
| ] | |
| }, | |
| { | |
| "rule": "DefaultRule_DenyAllInBound", | |
| "flows": [ | |
| { | |
| "mac": "000D3A36C783", | |
| "flowTuples": [ | |
| "1491144283,114.35.45.130,10.2.0.4,51684,23,T,I,D" | |
| ] | |
| } | |
| ] | |
| }, | |
| { | |
| "rule": "UserRule_ssh", | |
| "flows": [] | |
| } | |
| ] | |
| } | |
| }, | |
| { | |
| "time": "2017-04-02T14:46:25.5480000Z", | |
| "systemId": "19dbc05a-4461-47de-a3cc-842db1e5fc14", | |
| "category": "NetworkSecurityGroupFlowEvent", | |
| "resourceId": "/SUBSCRIPTIONS/YOUR-SUBSCRIPTION-ID/RESOURCEGROUPS/AZURELAB/PROVIDERS/MICROSOFT.NETWORK/NETWORKSECURITYGROUPS/US-WEST", | |
| "operationName": "NetworkSecurityGroupFlowEvents", | |
| "properties": { | |
| "Version": 1, | |
| "flows": [ | |
| { | |
| "rule": "DefaultRule_AllowInternetOutBound", | |
| "flows": [ | |
| { | |
| "mac": "000D3A36C783", | |
| "flowTuples": [ | |
| "1491144327,10.2.0.4,91.189.89.199,55902,123,U,O,A", | |
| "1491144332,10.2.0.4,52.190.240.88,34704,8443,T,O,A", | |
| "1491144332,10.2.0.4,52.190.240.88,34706,8443,T,O,A", | |
| "1491144332,10.2.0.4,52.190.240.88,34708,8443,T,O,A", | |
| "1491144332,10.2.0.4,91.189.89.199,47896,123,U,O,A", | |
| "1491144337,10.2.0.4,91.189.89.199,58487,123,U,O,A", | |
| "1491144342,10.2.0.4,91.189.89.199,59776,123,U,O,A", | |
| "1491144347,10.2.0.4,91.189.89.199,59634,123,U,O,A", | |
| "1491144352,10.2.0.4,91.189.89.199,54708,123,U,O,A", | |
| "1491144357,10.2.0.4,52.190.240.88,34712,8443,T,O,A", | |
| "1491144357,10.2.0.4,91.189.89.199,55608,123,U,O,A", | |
| "1491144357,10.2.0.4,52.190.240.88,34714,8443,T,O,A", | |
| "1491144357,10.2.0.4,52.190.240.88,34716,8443,T,O,A", | |
| "1491144362,10.2.0.4,91.189.89.199,55326,123,U,O,A", | |
| "1491144367,10.2.0.4,91.189.89.199,58743,123,U,O,A", | |
| "1491144372,10.2.0.4,91.189.89.199,40806,123,U,O,A", | |
| "1491144382,10.2.0.4,91.189.89.199,55210,123,U,O,A" | |
| ] | |
| } | |
| ] | |
| }, | |
| { | |
| "rule": "DefaultRule_DenyAllInBound", | |
| "flows": [ | |
| { | |
| "mac": "000D3A36C783", | |
| "flowTuples": [ | |
| "1491144359,196.52.43.59,10.2.0.4,21888,502,T,I,D" | |
| ] | |
| } | |
| ] | |
| }, | |
| { | |
| "rule": "UserRule_ssh", | |
| "flows": [] | |
| } | |
| ] | |
| } | |
| } | |
| ] | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment