Ensure Flow-Logs Retention Policy is greater than 90 days
Ensure Flow-Logs Retention Policy is greater than 90 days. To keep the logs forever pass a value of 0 to the retention parameter.
Risk Level: Low
Cloud Entity: Network Security Group flow logs
CloudGuard Rule ID: D9.AZU.NET.60
Covered by Spectral: No
Category: Networking & Content Delivery
GSL LOGIC
NsgFlowLog should have properties.retentionPolicy.enabled=true and ( properties.retentionPolicy.days=0 or properties.retentionPolicy.days>=90 )
REMEDIATION
With Azure CLI:
Keep Flow-Logs forever:
az network watcher flow-log configure -g MyResourceGroup --nsg MyNsg --retention 0
Keep Flow-Logs for a specific period of time (100 days):
az network watcher flow-log configure -g MyResourceGroup --nsg MyNsg --retention 100
Network Security Group flow logs
Network security group (NSG) flow logs is a feature of Azure Network Watcher that allows you to log information about IP traffic flowing through an NSG. Flow data is sent to Azure Storage accounts from where you can access it as well as export it to any visualization tool, SIEM, or IDS of your choice.
Compliance Frameworks
- Azure CloudGuard Best Practices
- Azure HITRUST v9.5.0
- Azure NIST 800-53 Rev 5
- CloudGuard Azure All Rules Ruleset
Updated over 1 year ago