Enable and configure DDoS Alerting, Logging and Metrics
Implementation Effort: Medium
User Impact: Low
Overview
Enable and configure DDoS alerting, logging, and metrics to gain actionable insights into volumetric and protocol-based attacks and validate your protection posture.
First, turn on diagnostic settings for your DDoS Protection Plan (and any protected public IPs) to stream 'DDoSProtectionNotifications', 'DDoSMitigationReports', and DDoSMitigationFlowLogs
logs into a Log Analytics workspace or Event Hub. Next, configure Azure Monitor metric alerts on key metrics—such as IfUnderDDoSAttack
to notify your security teams or trigger automated playbooks when DDoS events occur.