Azure Network Watcher - Learn more about the Azure Network Watcher standard data source in Cortex XDR. - Administrator Guide - Cortex XDR - Cortex

Azure Network Watcher - Learn more about the Azure Network Watcher standard data source in Cortex XDR. - Administrator Guide - Cortex XDR - Cortex - Security Operations

Cortex XDR 5.x Documentation

Product

Cortex XDR

License

XDR + Cloud

Creation date

2025-07-13

Last date published

2026-06-11

Category

Administrator Guide

Abstract

Learn more about the Azure Network Watcher standard data source in Cortex XDR.

You can configure collecting Azure Network Watcher logs using a standard data source:

Azure Network Watcher vendor	Description
Standard data source overview	Forward different types of flow logs to Cortex XDR from Azure Network Watcher using the Azure Network Watcher data source.
Link to standard data source instructions	The following types of flow logs can be ingested from Azure Network Watcher: Network security group (NSG) flow logs Virtual network (VNet) flow logs For more information, see Ingest network flow logs from Microsoft Azure Network Watcher.

Azure Network Watcher vendor

Description

Standard data source overview

Forward different types of flow logs to Cortex XDR from Azure Network Watcher using the Azure Network Watcher data source.

Link to standard data source instructions

The following types of flow logs can be ingested from Azure Network Watcher:

Network security group (NSG) flow logs
Virtual network (VNet) flow logs

For more information, see Ingest network flow logs from Microsoft Azure Network Watcher.