Azure DDoS Protection
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
| Attribute | Value |
|---|---|
| Connector ID | DDOS |
| Publisher | Microsoft |
| Used in Solutions | Azure DDoS Protection |
| Collection Method | Azure Diagnostics |
| Connector Definition Files | DDOS.JSON |
| Custom Log V1 Tables | Yes 🔶 — ingests into tables with type-suffixed columns |
Connect to Azure DDoS Protection Standard logs via Public IP Address Diagnostic Logs. In addition to the core DDoS protection in the platform, Azure DDoS Protection Standard provides advanced DDoS mitigation capabilities against network attacks. It's automatically tuned to protect your specific Azure resources. Protection is simple to enable during the creation of new virtual networks. It can also be done after creation and requires no application or resource changes. For more information, see the Microsoft Sentinel documentation.
Tables Ingested
This connector ingests data into the following tables:
| Table | Selection Criteria | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|---|
AzureDiagnostics 🔶 |
Category == "DDoSMitigationReports"ResourceType == "PUBLICIPADDRESSES" |
? | ✗ | ? |
Permissions
Resource Provider Permissions: - Workspace (Workspace): read and write permissions.
Custom Permissions: - Azure DDoS protection plan: A configured Azure DDoS Standard protection plan read more about Azure DDoS protection plans. - Enabled Azure DDoS for virtual network: A configured virtual network with Azure DDoS Standard enabled read more about configuring virtual network with Azure DDoS.
Setup Instructions
⚠️ Note: These instructions were automatically generated from the connector's user interface definition file using AI and may not be fully accurate. Please verify all configuration steps in the Microsoft Sentinel portal.
1. Connect Azure DDoS Protection to Microsoft Sentinel
Enable Diagnostic Logs on All Public IP Addresses. - Open Azure Monitoring
2. Inside your Diagnostics settings portal, select your Public IP Address resource:
Inside your Public IP Address resource:
- Select + Add diagnostic setting.
- In the Diagnostic setting blade: - Type a Name, within the Diagnostics settings name field. - Select Send to Log Analytics. - Choose the log destination workspace. - Select the categories that you want to analyze (recommended: DDoSProtectionNotifications, DDoSMitigationFlowLogs, DDoSMitigationReports) - Click Save.
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊