Network Security Group Flow Logs Analyzer #23
Description
Is your feature request related to a problem? Please describe.
The Network Security Group Flow Logs analysis tool is not very advanced and comfortable. I think it would be very useful to have a functionality to read and analyze NSG Flog logs directly from the Azure Storage Account, being able to carry out the advanced analyzes already existing in the library, as well as the existing data enrichment mechanisms.
https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-overview
Describe the solution you'd like
I propose an object to research NGS FLow Logs stored in a BlobStorage. This object could have some funtions:
- Azure data summary (read data in blobstorage and create a summary, given the possibility to filter out non-relevant data)
- Download data from blobstorage, having the possibilitie to download all data in all blobs that fit in datetime filter or content filter and creating a result DataFrame.
- Perform data analysis with graphs or statistical analisys.
Describe alternatives you've considered
I have developed a notebook that performs these actions more or less. The code is not very sophisticated (it is only a first approach).
Additional context
https://github.com/lucky-luk3/Infosec_Notebooks/blob/main/NGS_Log_Analysis-Public.ipynb
