Ensure that the retention policy is enabled for Azure Network Watcher Flow Log

MEDIUM

Description

Retention Policy is not enabled for Azure Network Watcher Flow Log, this may lead to loss of case sensitive logs.

Remediation

At this time, the console UI does not have remediation steps available. For possible CLI remediation, see the product documentation (below) or use Terraform.

In Terraform -

In the azurerm_monitor_log_profile resource, set categories in array.

References:
https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/activity-log?tabs=powershell
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_log_profile

Policy Details

Rule Reference ID: AC_AZURE_0415

CSP: Azure

Remediation Available: Yes

Domain: Resilience

Resource: azurerm_network_watcher_flow_log

Resource Category: Logging and Monitoring

Resource Type: Network Watcher

Frameworks

GDPR
HIPAA
NIST-800-53
NIST-CSF
PCI-DSSv3.2.1
PCI-DSSv4.0
SOC2
NY-DFS

Detections

Analytics