Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
Reference for AWSVPCFlow table in Azure Monitor Logs.
| Attribute | Value |
|---|---|
| Category | AWS |
| Basic Logs Eligible | ✓ Yes (source) |
| Supports Transformations | ✓ Yes (source) |
| Ingestion API Supported | ✓ Yes |
| Azure Monitor Tables Reference | View Documentation |
| Azure Monitor Logs Ingestion API | View Documentation |
Source: Azure Monitor documentation
| Column Name | Type | Description |
|---|---|---|
| _BilledSize | real | The record size in bytes |
| _IsBillable | string | Specifies whether ingesting the data is billable. When _IsBillable isfalseingestion isn't billed to your Azure account |
| AccountId | string | The AWS account ID of the owner of the source network interface for which traffic is recorded. If the network interface is created by an AWS service, for example when creating a VPC endpoint or Network Load Balancer, the record may display unknown for this field. |
| Action | string | The action that is associated with the traffic. |
| AzId | string | The ID of the Availability Zone. |
| Bytes | long | The number of bytes transferred during the flow. |
| DstAddr | string | The destination address for outgoing traffic. |
| DstPort | int | The destination port of the traffic. |
| EcsClusterArn | string | Optional. Providing a unique identifier for the log entry allows Logging to remove duplicate entries with the same timestamp and insertId in a single query result. |
| EcsClusterName | string | Optional. Providing a unique identifier for the log entry allows Logging to remove duplicate entries with the same timestamp and insertId in a single query result. |
| EcsContainerId | string | Optional. Providing a unique identifier for the log entry allows Logging to remove duplicate entries with the same timestamp and insertId in a single query result. |
| EcsContainerInstanceArn | string | Optional. Providing a unique identifier for the log entry allows Logging to remove duplicate entries with the same timestamp and insertId in a single query result. |
| EcsContainerInstanceId | string | Optional. Providing a unique identifier for the log entry allows Logging to remove duplicate entries with the same timestamp and insertId in a single query result. |
| EcsSecondContainerId | string | Optional. Providing a unique identifier for the log entry allows Logging to remove duplicate entries with the same timestamp and insertId in a single query result. |
| EcsServiceName | string | Optional. Providing a unique identifier for the log entry allows Logging to remove duplicate entries with the same timestamp and insertId in a single query result. |
| EcsTaskArn | string | Optional. Providing a unique identifier for the log entry allows Logging to remove duplicate entries with the same timestamp and insertId in a single query result. |
| EcsTaskDefinitionArn | string | Optional. Providing a unique identifier for the log entry allows Logging to remove duplicate entries with the same timestamp and insertId in a single query result. |
| EcsTaskId | string | Optional. Providing a unique identifier for the log entry allows Logging to remove duplicate entries with the same timestamp and insertId in a single query result. |
| End | datetime | The time when the last packet of the flow was received within the aggregation interval. |
| FlowDirection | string | The direction of the flow with respect to the interface where traffic is captured. |
| InstanceId | string | The ID of the instance that's associated with network interface for which the traffic is recorded. |
| InterfaceId | string | The ID of the network interface for which the traffic is recorded. |
| LogStatus | string | The logging status of the flow log. |
| Packets | int | The number of packets transferred during the flow. |
| PktDstAddr | string | The packet-level (original) destination IP address for the traffic. |
| PktDstAwsService | string | The name of the subset of IP address ranges for the PktDstAddr field, if the destination IP address is for an AWS service. |
| PktSrcAddr | string | The packet-level (original) source IP address of the traffic. |
| PktSrcAwsService | string | The name of the subset of IP address ranges for the PktSrcAddr field, if the source IP address is for an AWS service. |
| Protocol | int | The IANA protocol number of the traffic. |
| Region | string | The Region that contains the network interface for which traffic is recorded. |
| SourceSystem | string | The type of agent the event was collected by. For example,OpsManagerfor Windows agent, either direct connect or Operations Manager,Linuxfor all Linux agents, orAzurefor Azure Diagnostics |
| SrcAddr | string | The source address for incoming traffic. |
| SrcPort | int | The source port of the traffic. |
| Start | datetime | The remote ip of the request. |
| SublocationId | string | The ID of the sublocation that contains the network interface for which traffic is recorded. |
| SublocationType | string | The type of sublocation that is returned in the sublocationId field. |
| SubnetId | string | The ID of the subnet. |
| TcpFlags | int | The bitmask value for the following TCP flags. |
| TenantId | string | The Log Analytics workspace ID |
| TimeGenerated | datetime | The timestamp (UTC) of when the event was generated. This value will be the same as 'start' input field or the data arrival time to Azure Monitor in case the 'start' input field is empty or missing. |
| TrafficPath | string | The path that egress traffic takes to the destination. |
| TrafficType | string | The type of traffic. The possible values are: IPv4, IPv6, and EFA. For more information search for 'Elastic Fabric Adapter (EFA)'. |
| Type | string | The name of the table |
| Version | int | The VPC Flow Logs version. |
| VpcId | string | The ID of the VPC. |
This table is used by the following solutions:
This table is ingested by the following connectors:
| Connector | Selection Criteria |
|---|---|
| Amazon Web Services S3 VPC Flow Logs | |
| Amazon Web Services S3 |
In solution ContinuousDiagnostics&Mitigation:
| Workbook | Selection Criteria |
|---|---|
| ContinuousDiagnostics&Mitigation |
In solution MaturityModelForEventLogManagementM2131:
| Workbook | Selection Criteria |
|---|---|
| MaturityModelForEventLogManagement_M2131 |
In solution NISTSP80053:
| Workbook | Selection Criteria |
|---|---|
| NISTSP80053 |
In solution ZeroTrust(TIC3.0):
| Workbook | Selection Criteria |
|---|---|
| ZeroTrustTIC3 |
GitHub Only:
| Workbook | Selection Criteria |
|---|---|
| AWSS3 | |
| DoDZeroTrustWorkbook | |
| ZeroTrustStrategyWorkbook |
| Parser | Schema | Product | Selection Criteria |
|---|---|---|---|
| ASimNetworkSessionAWSVPC | NetworkSession | AWS VPC |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊