Enable Virtual Machine IP Forwarding Monitoring

More Info:

Ensure that IP forwarding enabled on your Azure virtual machines (VMs) is being monitored.

Risk Level

Medium

Address

Security, Operational Maturity

Compliance Standards

CISAZURE, CBP, NISTCSF, PCIDSS

Triage and Remediation

Remediation

Using Console

Using CLI

Using Python

To enable Virtual Machine IP Forwarding Monitoring in Azure using Python, you can follow these steps:

Import the necessary libraries:

from azure.common.credentials import ServicePrincipalCredentials
from azure.mgmt.compute import ComputeManagementClient
from azure.mgmt.monitor import MonitorManagementClient
from azure.mgmt.monitor.models import DiagnosticSettingsResource, LogSettings, \
    MetricSettings, DiagnosticSettingsCategoryResource, RetentionPolicy

Authenticate and create a compute and monitor management client:

# Define the credentials and subscription ID
credentials = ServicePrincipalCredentials(
    client_id='<client_id>',
    secret='<client_secret>',
    tenant='<tenant_id>'
)

subscription_id = '<subscription_id>'

# Create the compute and monitor management client
compute_client = ComputeManagementClient(credentials, subscription_id)
monitor_client = MonitorManagementClient(credentials, subscription_id)

Get the virtual machine resource ID:

# Define the resource group and virtual machine name
resource_group_name = '<resource_group_name>'
vm_name = '<vm_name>'

# Get the virtual machine resource ID
vm = compute_client.virtual_machines.get(resource_group_name, vm_name)
vm_id = vm.id

Create a diagnostic settings resource:

# Define the diagnostic settings resource name
diag_settings_name = '<diag_settings_name>'

# Define the log settings
log_settings = LogSettings(enabled=True, retention_policy=RetentionPolicy(enabled=False))

# Define the metric settings
metric_settings = MetricSettings(enabled=True, retention_policy=RetentionPolicy(enabled=False))

# Define the diagnostic settings categories
categories = [
    DiagnosticSettingsCategoryResource(category_id='NetworkSecurityGroupFlowLogs', enabled=True),
    DiagnosticSettingsCategoryResource(category_id='NetworkSecurityGroupEventLogs', enabled=True),
    DiagnosticSettingsCategoryResource(category_id='AllMetrics', enabled=True)
]

# Create the diagnostic settings resource
diag_settings = DiagnosticSettingsResource(
    storage_account_id=None,
    workspace_id=None,
    event_hub_authorization_rule_id=None,
    event_hub_name=None,
    log_analytics_destination_type=None,
    metrics=metric_settings,
    logs=log_settings,
    workspace_resource_id=None,
    storage_account_subscription_id=None,
    event_hub_resource_id=None,
    workspace_resource_id_for_log_analytics=None,
    categories=categories
)

Enable IP forwarding monitoring:

# Add the IPForwarding property to the NetworkSecurityGroupFlowLogs category
for category in diag_settings.categories:
    if category.category_id == 'NetworkSecurityGroupFlowLogs':
        category.properties = {'IPForwarding': 'true'}

# Create or update the diagnostic settings resource
monitor_client.diagnostic_settings.create_or_update(
    resource_uri=vm_id,
    name=diag_settings_name,
    parameters=diag_settings
)

This code will enable IP forwarding monitoring for the virtual machine in Azure.

Azure Introduction

Azure Pricing

Azure Threats

Azure Misconfigurations

Enable Virtual Machine IP Forwarding Monitoring

More Info:

Risk Level

Address

Compliance Standards

Triage and Remediation

Remediation

Azure Introduction

Azure Pricing

Azure Threats

Azure Misconfigurations

​More Info:

​Risk Level

​Address

​Compliance Standards

​Triage and Remediation

​Remediation

More Info:

Risk Level

Address

Compliance Standards

Triage and Remediation

Remediation