- name: BytesInDDoS description: Metric Alert for Public IP Address Bytes IN DDOS type: Metric verified: false visible: true tags: - alz properties: metricName: BytesInDDoS metricNamespace: Microsoft.Network/publicIPAddresses severity: 4 windowSize: PT5M evaluationFrequency: PT5M timeAggregation: Maximum operator: GreaterThan threshold: 8000000 criterionType: StaticThresholdCriterion autoMitigate: false enabled: true references: - name: Monitor Public IP Addresses url: https://learn.microsoft.com/en-us/azure/virtual-network/ip-services/monitor-public-ip#alerts - name: Public IP Addresses Supported Metrics url: https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/metrics-supported#microsoftnetworkpublicipaddresses deployments: - name: Deploy PIP Bytes in DDoS Attack Alert template: Deploy-PIP-BytesInDDOSAttack-Alert.json type: Policy tags: - alz properties: scope: Resource multiResource: false guid: 652acaf1-c5a1-4a88-b3bb-822a14dece19 - name: IfUnderDDoSAttack description: Metric Alert for Public IP Address Under Attack type: Metric verified: true visible: true tags: - alz properties: metricName: IfUnderDDoSAttack metricNamespace: Microsoft.Network/publicIPAddresses severity: 1 windowSize: PT5M evaluationFrequency: PT5M timeAggregation: Maximum operator: GreaterThan threshold: 0 criterionType: StaticThresholdCriterion autoMitigate: false enabled: true references: - name: Monitor Public IP Addresses url: https://learn.microsoft.com/en-us/azure/virtual-network/ip-services/monitor-public-ip#alerts - name: Public IP Addresses Supported Metrics url: https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/metrics-supported#microsoftnetworkpublicipaddresses deployments: - name: Deploy PIP DDoS Attack Alert template: Deploy-PIP-DDOSAttack-Alert.json type: Policy tags: - alz properties: scope: Resource multiResource: false guid: cb9a5dd7-4ae2-4adf-ab11-95363032ee5d - name: PacketsInDDoS description: Inbound packets DDoS type: Metric verified: false visible: true tags: - alz properties: metricName: PacketsInDDoS metricNamespace: Microsoft.Network/publicIPAddresses severity: 4 windowSize: PT5M evaluationFrequency: PT5M timeAggregation: Total operator: GreaterThanOrEqual threshold: 40000 criterionType: StaticThresholdCriterion autoMitigate: false enabled: true references: - name: Monitor Public IP Addresses url: https://learn.microsoft.com/en-us/azure/virtual-network/ip-services/monitor-public-ip#alerts - name: Public IP Addresses Supported Metrics url: https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/metrics-supported#microsoftnetworkpublicipaddresses deployments: - name: Deploy PIP Packets in DDoS Attack Alert template: Deploy-PIP-PacketsInDDOS-Alert.json type: Policy tags: - alz properties: scope: Resource multiResource: false guid: a78addf1-4632-4fc2-9afc-d1fb75049872 - name: VipAvailability description: Average IP Address availability per time duration type: Metric verified: false visible: true tags: - alz properties: metricName: VipAvailability metricNamespace: Microsoft.Network/publicIPAddresses severity: 1 windowSize: PT5M evaluationFrequency: PT1M timeAggregation: Average operator: LessThan threshold: 90 criterionType: StaticThresholdCriterion autoMitigate: false enabled: true references: - name: Monitor Public IP Addresses url: https://learn.microsoft.com/en-us/azure/virtual-network/ip-services/monitor-public-ip#alerts - name: Public IP Addresses Supported Metrics url: https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/metrics-supported#microsoftnetworkpublicipaddresses deployments: - name: Deploy PIP VIP Availability Alert template: Deploy-PIP-VIPAvailability-Alert.json type: Policy tags: - alz properties: scope: Resource multiResource: false guid: 7f4c355a-5411-4400-826a-b82007bbd83d - name: TCPPacketsInDDoS description: Inbound TCP packets DDoS type: Metric verified: false visible: true tags: - auto-generated - agc-455 properties: metricName: TCPPacketsInDDoS metricNamespace: Microsoft.Network/publicIPAddresses severity: 3 windowSize: PT1H evaluationFrequency: PT1M timeAggregation: Maximum operator: GreaterThanOrEqual criterionType: StaticThresholdCriterion threshold: 40000.0 enabled: true guid: 529b0b1f-46fc-423f-94ab-dd71dd7894e2 - name: TCPBytesInDDoS description: Inbound TCP bytes DDoS type: Metric verified: false visible: true tags: - auto-generated - agc-453 properties: metricName: TCPBytesInDDoS metricNamespace: Microsoft.Network/publicIPAddresses severity: 3 windowSize: PT1H evaluationFrequency: PT1M timeAggregation: Maximum operator: GreaterThan criterionType: StaticThresholdCriterion threshold: 40000.0 enabled: true guid: 54d85ec1-6c8d-4372-bdab-f6f0b5cc12c4 - name: UDPPacketsInDDoS description: Inbound UDP packets DDoS type: Metric verified: false visible: true tags: - auto-generated - agc-424 properties: metricName: UDPPacketsInDDoS metricNamespace: Microsoft.Network/publicIPAddresses severity: 3 windowSize: PT1H evaluationFrequency: PT1M timeAggregation: Maximum operator: GreaterThanOrEqual criterionType: StaticThresholdCriterion threshold: 40000.0 enabled: true guid: 27181c58-ca7a-433f-a0ee-a7a33102cb36 - name: UDPBytesInDDoS description: Inbound UDP bytes DDoS type: Metric verified: false visible: true tags: - auto-generated - agc-420 properties: metricName: UDPBytesInDDoS metricNamespace: Microsoft.Network/publicIPAddresses severity: 3 windowSize: PT1H evaluationFrequency: PT1M timeAggregation: Maximum operator: GreaterThanOrEqual criterionType: StaticThresholdCriterion threshold: 40000.0 enabled: true guid: 8020f41e-ca61-43b4-88ca-f520057dfa92