You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/network-watcher/traffic-analytics-schema.md
+3-3Lines changed: 3 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -6,7 +6,7 @@ author: halkazwini
6
6
ms.author: halkazwini
7
7
ms.service: azure-network-watcher
8
8
ms.topic: concept-article
9
-
ms.date: 12/22/2024
9
+
ms.date: 02/06/2025
10
10
11
11
#CustomerIntent: As a administrator, I want learn about traffic analytics schema so I can easily use the queries and understand their output.
12
12
---
@@ -328,8 +328,8 @@ List of threat types:
328
328
-`S2S` (Site-To-Site): One of the IP addresses belongs to an Azure virtual network, while the other IP address belongs to customer network (Site) connected to the virtual network through VPN gateway or ExpressRoute.
329
329
-`P2S` (Point-To-Site): One of the IP addresses belongs to an Azure virtual network, while the other IP address belongs to customer network (Site) connected to the Azure Virtual Network through VPN gateway.
330
330
-`AzurePublic`: One of the IP addresses belongs to an Azure virtual network, while the other IP address is an Azure Public IP address owned by Microsoft. Customer owned Public IP addresses aren't part of this flow type. For instance, any customer owned VM sending traffic to an Azure service (Storage endpoint) would be categorized under this flow type.
331
-
-`ExternalPublic`: One of the IP addresses belongs to an Azure virtual network, while the other IP address is a public IP that isn't in Azure and isn't reported as malicious in the ASC feeds that traffic analytics consumes for the processing interval between “FlowIntervalStartTime_t” and “FlowIntervalEndTime_t”.
332
-
-`MaliciousFlow`: One of the IP addresses belong to an Azure virtual network, while the other IP address is a public IP that isn't in Azure and is reported as malicious in the ASC feeds that traffic analytics consumes for the processing interval between “FlowIntervalStartTime_t” and “FlowIntervalEndTime_t”.
331
+
-`ExternalPublic`: One of the IP addresses belongs to an Azure virtual network, while the other IP address is a public IP that is neither owned by Microsoft nor part of a customer-owned subscription visible to traffic analytics and isn't reported as malicious in the ASC feeds that traffic analytics consumes for the processing interval between `FlowIntervalStartTime_t` and `FlowIntervalEndTime_t`.
332
+
-`MaliciousFlow`: One of the IP addresses belong to an Azure virtual network, while the other IP address is a public IP that is neither owned by Microsoft nor part of a customer-owned subscription visible to traffic analytics and is reported as malicious in the ASC feeds that traffic analytics consumes for the processing interval between `FlowIntervalStartTime_t` and `FlowIntervalEndTime_t`.
333
333
-`UnknownPrivate`: One of the IP addresses belong to an Azure virtual network, while the other IP address belongs to the private IP range defined in RFC 1918 and couldn't be mapped by traffic analytics to a customer owned site or Azure virtual network.
334
334
-`Unknown`: Unable to map either of the IP addresses in the flow with the customer topology in Azure and on-premises (site).
![prmerger-automator[bot]](https://avatars.githubusercontent.com/u/22479449?v=4&size=40){kind=avatar}
0 commit comments