Loading...

Utilizing Azure DDoS Protection Workbook for DDoS attack traffic Analysis

Utilizing Azure DDoS Protection Workbook for DDoS attack traffic Analysis

In today's digital age, the security of applications, servers, and networks is paramount. One of the most significant threats to this security is Distributed Denial of Service (DDoS) attacks. These attacks can cripple your infrastructure, leading to downtime, loss of revenue, and damage to your reputation. Therefore, it is crucial to implement robust protection mechanisms to safeguard your digital assets.

 

Azure DDoS Protection offers a comprehensive solution to defend against these malicious attacks. It provides automatic attack detection and mitigation, ensuring that your applications and services remain available even during an attack. Azure DDoS Protection is seamlessly integrated with Azure's native services, making it an ideal choice for businesses already leveraging the Azure ecosystem. Some of the salient features of Azure DDoS Protection include Adaptive Tuning, Attack Analytics and Metrics, DDoS Rapid Response etc. By leveraging Azure DDoS Protection, businesses can ensure the resilience and availability of their digital infrastructure, providing peace of mind in an increasingly hostile cyber environment.

 

In this blog we will be focusing on how to understand the current DDoS attacks landscape within our environment using Azure DDoS Workbook.

 

Investigating DDoS Attacks Landscape with Azure DDoS Workbook

When a DDoS attack occurs, it's crucial to have the right tools to investigate and understand the attack's impact. The Azure DDoS Workbook is an invaluable resource for this purpose. It provides detailed insights into DDoS attack traffic over a given period of time in a single dashboard. For more information on a deep dive investigation of a DDoS Attack, check the detailed steps mentioned here.

 

Setting up the DDoS Workbook: Outlined below are the necessary steps to set up and effectively utilize the DDoS workbook.

 

  • Configure Diagnostic Logging and Metrics: Ensure that diagnostic settings are enabled for the public IP addresses you want to monitor. This will allow you to collect the required DDoS mitigation flow logs, reports and Metrics as shown below.

ShabazShaik_0-1726657626814.png

 

  • Access the Azure DDoS Workbook: The Azure DDoS Workbook can be deployed from either installing the Sentinel Solution for Azure DDoS Protection or using the deployment template in the Azure Network Security GitHub repository as shown below. It provides a comprehensive view of DDoS attack metrics and logs in a single dashboard.

 

1. Sentinel Solution: Navigate to the Sentinel Blade’s Content Hub tab and install the Azure DDoS Protection Solution.

 

ShabazShaik_1-1726657626821.png

 

2. Net Sec GitHub Repository: Navigate to the Net Sec GitHub Repository and deploy the workbook using Azure Deploy button as shown below:

 

ShabazShaik_2-1726657626832.png

 

  • Configuring the Azure DDoS Workbook: The Azure DDoS Workbook needs to be provided with the Log Analytic Workspace, TimeRange and Public IP resource details as shown below:

ShabazShaik_3-1726657626835.png

 

Analyzing the Workbook Details:

 

    • Traffic Overview: This section offers comprehensive details on the total number of packets and the various categories of dropped packets during the DDoS attacks for the timeline defined in the above step.

ShabazShaik_4-1726657626837.png

 

    • Last Ten DDoS Attack Reports: This section provides the details of Attack reports, resources affected, attack vectors and packet information as we can see below.

ShabazShaik_5-1726657626841.png

 

    • Location and Protocol details: This section provides categorized details on the protocols involved in the DDoS attacks, the origins of these attacks, and the protocol violations that occurred during past DDoS incidents.

ShabazShaik_6-1726657626847.png

 

    • Raw DDoS Mitigation and Flow Logs: Furthermore, if we would like to take a look at the Raw DDoS Logs those are also available as part of the workbook so that we do not have to separately look for them in the log analytic workspace. DDoS mitigation flow logs listed here are based on the sampled data.

ShabazShaik_7-1726657626860.png

 

    • DDoS Metrics Tab: The DDoS Metrics Tab provides graphical representation of all the important metrics like Packet count, Syn packets threshold to trigger DDoS mitigation, inbound DDoS TCP/UDP packets and Under DDoS attack or not as shown below. For detailed information on these metrics, check the blog referenced here. Most of the metrics here are based on number of Packets Per Second and Packets/Byte Counts.

ShabazShaik_8-1726657626866.png

 

    • Investigation Tab: The Investigation Tab in the workbook offers specific details on the number of packets that were dropped or allowed during past DDoS attacks, including the ports involved. Additionally, this tab provides information on the top attacking IPs and the timeline of the mitigation activities, as illustrated below.

ShabazShaik_9-1726657626878.png

 

 

Conclusion:

Azure DDoS Protection is a powerful service that helps protect your Azure resources from DDoS attacks. By leveraging the Azure DDoS Workbook, you can gain valuable insights into attack traffic and mitigation actions, enabling you to respond effectively and maintain the availability of your applications. Stay vigilant and proactive in defending against DDoS attacks to ensure the resilience of your online services.

Published on:

Learn more
Azure Network Security Blog articles
Azure Network Security Blog articles

Azure Network Security Blog articles

Share post:

Related posts

Azure Queue Storage vs Azure Service Bus for Integrating Dynamics 365 Business Central with External Systems – Part1

When developing cloud-native integrations for Dynamics 365 Business Central (BC), especially in SaaS environments, choosing the right messagin...

3 hours ago

Important Update: Server Name Indication (SNI) Now Mandatory for Azure DevOps Services

Earlier this year, we announced an upgrade to our network infrastructure and the new IP addresses you need to allow list in your firewall R...

13 hours ago

Azure Function | Publish | ‘attempt to publish the ZIP file failed’ error

While publishing a C# Azure Function from Visual Studio, I encountered the following error: The attempt to publish the ZIP file through XXXXX ...

1 day ago

Azure SDK Release (March 2025)

Azure SDK releases every month. In this post, you find this month's highlights and release notes. The post Azure SDK Release (March 2025) appe...

5 days ago

New Overlapping Secrets on Azure DevOps OAuth

As you may have read, Azure DevOps OAuth apps are due for deprecation in 2026. All developers are encouraged to migrate their applications to ...

6 days ago

Azure Cosmos DB Conf 2025: Learn, Build, and Connect with the Community

Join us for the 5th annual Azure Cosmos DB Conf, a free virtual developer event co-hosted by Microsoft and the Azure Cosmos DB community. This...

8 days ago
Stay up to date with latest Microsoft Dynamics 365 and Power Platform news!
* Yes, I agree to the privacy policy