I have a high-level requirement - capture payloads associated with suspicious activity.
As Azure Firewall does not do IDS or IPS, without deploying another security appliance, is there a way in which I can meet this requirement? I see that Network Watcher can capture all traffic - and so would meet the requirement (will also include suspicious) - but this is only for VMs?
I think the answer is an IDS/IPS appliance but want to know whether there are any services e.g. Security Centre / Sentinel that I could use instead.
Any advice would be appreciated