Ensure that Network Watcher is 'Enabled'
Enable Network Watcher for Azure subscriptions. Network diagnostic and visualization tools available with Network Watcher help users understand, diagnose, and gain insights to the network in Azure.
Risk Level: Low
Cloud Entity: Azure Network Watcher
CloudGuard Rule ID: D9.AZU.NET.28
Covered by Spectral: Yes
Category: Networking & Content Delivery
GSL LOGIC
List<NetworkWatcher> should have items
REMEDIATION
From Portal
- Go to 'Network Watcher' from Azure Management console.
- Click on Add.
- Select your Azure subscription and select the region that you want to enable Azure Network Watcher for.
From TF
To enable network watcher for any location
resource "azurerm_network_watcher" "example" {
...
name = "NAME"
resource_group_name = "RESOURCEGROUP"
location = "LOCATION"
...
}
From Command Line
Run
az network watcher configure --resource-group RESOURCEGROUP --locations LOCATION --enabled
References
- https://learn.microsoft.com/en-us/azure/network-watcher/network-watcher-create
- https://learn.microsoft.com/en-us/azure/developer/terraform/create-network-watcher-nsg-flow-logs
- https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_watcher
Azure Network Watcher
Azure Network Watcher provides tools to monitor, diagnose, view metrics, and enable or disable logs for resources in an Azure virtual network.
Compliance Frameworks
- Azure CIS Foundations v. 1.1.0
- Azure CIS Foundations v. 1.2.0
- Azure CIS Foundations v. 1.3.0
- Azure CIS Foundations v. 1.3.1
- Azure CIS Foundations v. 1.4.0
- Azure CIS Foundations v. 1.5.0
- Azure CIS Foundations v.2.0
- Azure CloudGuard Best Practices
- Azure HITRUST v9.5.0
- Azure NIST 800-53 Rev 5
- CloudGuard Azure All Rules Ruleset
- Microsoft Cloud Security Benchmark
Updated over 1 year ago