Bright Networking

Your paragraph text

Azure IPAM

Azure Kusto

Application Gateways

Average Throughput per second (Mb)


AzureMetrics

| where ResourceId contains "APPLICATIONGATEWAY"

| where MetricName == "Throughput"

| summarize avg(Average) by Resource, bin(TimeGenerated, 5m)

| extend ThroughputMb = todecimal((avg_Average/1000)/1000)

| project TimeGenerated, ThroughputMb, Resource

Search NSG Flow Logs


AzureNetworkAnalytics_CL

| where SubType_s == "FlowLog"

| extend FlowDirection = iff(FlowDirection_s == 'O', 'Outbound', 'Inbound')

| extend AllowedOrDenied = iff(FlowStatus_s == 'A', 'Allowed', 'Denied')

| extend SourceIP = iff(isempty(SrcIP_s), extract_all(@"(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})", SrcPublicIPs_s), SrcIP_s)

| extend DestinationIP = iff(isempty(DestIP_s), extract_all(@"(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})", DestPublicIPs_s), DestIP_s)

| extend Protocol = case(L4Protocol_s == 'T', "TCP", L4Protocol_s == 'U', "UDP", L4Protocol_s)

| project-rename NSGFL_Version = FASchemaVersion_s

| project TimeGenerated, FlowDirection, AllowedOrDenied, SourceIP, DestinationIP, DestPort_d, Protocol, L7Protocol_s, NSGList_s, NSGRule_s, NSGFL_Version

| where AllowedOrDenied == "Allowed"

| where SourceIP contains "10.81.36.70" and DestinationIP contains "10.180.8.4" and DestPort_d == 8080


Azure Resource Graph Queries

Find LB or App GW by IP


resources

| where type == "microsoft.network/virtualnetworks"

| mvexpand subnet=properties.subnets

| extend subnetip = tostring(subnet.properties.addressPrefix)

| mv-expand ipconfigs = subnet.properties.ipConfigurations limit 1000

| extend ipconfig = tostring(ipconfigs.id)

| extend ipar = split(ipconfig,'/')

| extend iptype = ipar[7]

| where isnotnull(ipconfigs)

| join kind=leftouter ( Resources

| where type == "microsoft.network/loadbalancers" or type == "microsoft.network/applicationgateways"

| mv-expand frontend = properties.frontendIPConfigurations limit 1000

| project ipconfig = tostring(frontend.id), lbname=name, lbip=frontend.properties.privateIPAddress) on ipconfig

| join kind=leftouter ( Resources

| where type == "microsoft.network/networkinterfaces"

| mv-expand ipconfig2 = properties.ipConfigurations limit 1000

| where isnotnull(ipconfig2.properties.privateIPAddress)

| extend virtualMachineName = extract('Microsoft.Compute/virtualMachines/(.*)', 1, tostring(properties.virtualMachine.id))

| project ipconfig = tostring(ipconfig2.id), virtualMachineName, nicname=name, nicip=ipconfig2.properties.privateIPAddress) on ipconfig

| extend ip3 = iff(isnull(nicip),lbip,nicip)

| extend name3 = iff(isnull(nicip),lbname,nicname)

| project ipconfig, iptype, ip3, name3, virtualMachineName

| where ip3 == 'X.X.X.X'