Azure Network Watcher packet capture created
Description
AlphaSOC detected the creation of a network packet capture in Azure. Packet captures allow recording of network traffic flowing through Azure virtual networks. Adversaries may use this capability to intercept credentials, sensitive data in transit, or gain intelligence about network communications.
Impact
Packet captures can expose sensitive information transmitted over the network, including authentication credentials, API keys, session tokens, and business data. Attackers may analyze captured traffic to understand application behavior, identify additional attack vectors, or extract confidential information.
Severity
| Severity | Condition |
|---|---|
Informational | Network packet capture created |
Investigation and Remediation
Review the packet capture configuration including the target VM, filters, and storage destination. Verify the identity of the user who created the capture and confirm the action was authorized. Examine the intended purpose and duration of the capture. If unauthorized, stop and delete the capture, remove captured data, and investigate the user's account for compromise.
Known False Positives
- Network troubleshooting by infrastructure teams
- Security teams performing authorized traffic analysis
- Application debugging requiring network-level visibility