Azure NAT gateway integration with wazuh
Gokul Suresh
I have a task to integrate Azure NAT gateway logs into wazuh for monitoring.
When I checked in Azure documentation I have seen that there are only three type of logs in Azure NAT gateway.
https://learn.microsoft.com/en-us/azure/nat-gateway/monitor-nat-gateway
https://learn.microsoft.com/en-us/azure/nat-gateway/nat-gateway-flow-logs
1. Metrics
2.Activity Logs
3. Flow logs ( only available in Standard V2)
From a security and compliance perspective, which logs should be integrated with Wazuh for monitoring?
Please also let me know if I have missed any logs that should be monitored by Wazuh.
Stuti Gupta
Hi Gokul
Wazuh sent Azure logs using Log Analytics, Storage Accounts, or Microsoft Graph.
Activity Logs:
These should be enabled. Wazuh already supports Azure Activity Logs, so any NAT Gateway changes will be collected normally. This is the main log type needed for security and compliance.
Flow Logs:
If your NAT Gateway is Standard V2, you can also enable Flow Logs and send them to Log Analytics or Storage. Wazuh can ingest these as diagnostic logs.Custom decoders may be needed depending on how you want to alert on them.
Other logs you may want:
For complete Azure security coverage, Wazuh also supports:
Azure platform Activity Logs
Diagnostic logs from NSG, Load Balancer, Application Gateway
Microsoft Graph (Entra ID sign-in, audit, directory logs)
Any Azure resource logs sent to Log Analytics
For that, you can refer to https://documentation.wazuh.com/current/cloud-security/azure/index.html