Enable and configure DDoS Alerting, Logging and Metrics

Implementation Effort: Medium

User Impact: Low

Overview

Enable and configure DDoS alerting, logging, and metrics to gain actionable insights into volumetric and protocol-based attacks and validate your protection posture.

First, turn on diagnostic settings for your DDoS Protection Plan (and any protected public IPs) to stream 'DDoSProtectionNotifications', 'DDoSMitigationReports', and DDoSMitigationFlowLogs logs into a Log Analytics workspace or Event Hub. Next, configure Azure Monitor metric alerts on key metrics—such as IfUnderDDoSAttack to notify your security teams or trigger automated playbooks when DDoS events occur.

Reference

Azure Monitor overview
Monitor Azure DDoS Protection
Azure DDoS Protection monitoring data reference
Create or edit a metric alert rule

Overview​

Reference​

Overview

Reference