Ensure that the latest version of NSG flow log is being used via Azure Network Watcher Flow Log

MEDIUM

Description

Latest version of NSG flow log is not enabled via Azure Network Watcher Flow Log, lack of logs may hamper incident response activities.

Remediation

In Azure Console -

Open the Azure Portal and go to Network Watcher.
Under Logs, select NSG flow logs.
Choose the NSG flow log entry you wish to edit.
Under Flow Logs Version, select Version 2.
Select Save.

In Terraform -

In the azurerm_network_watcher_flow_log resource, set the version field to 2.

References:
https://learn.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-overview#log-format
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_watcher_flow_log

Policy Details

Rule Reference ID: AC_AZURE_0417

CSP: Azure

Remediation Available: Yes

Domain: Security Best Practices

Resource: azurerm_network_watcher_flow_log

Resource Category: Logging and Monitoring

Resource Type: Network Watcher

Frameworks

GDPR
HIPAA
NIST-800-171
NIST-800-53
NIST-CSF
PCI-DSSv3.2.1
PCI-DSSv4.0