<  Back to rules search

Azure network service group log retention is properly set

azure.networkwatcher

Set up the azure.networkwatcher integration.

Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel, n'hésitez pas à nous contacter.

Description

Azure Network Watcher can use flow logs so that you can monitor traffic from resources. This rule generates a finding if there is no retention policy set with a duration over 90 days.

Note: 0 days means unlimited retention.

Rationale

Setting this attribute enables flow logs to be retained for an appropriate amount of time that enables a better security posture for your organization. These logs should be retained critical resources in your environment.

Remediation

From the console

  1. Follow the instructions in Tutorial: Log network traffic to and from a virtual machine using the Azure portal to enable the ‘flow logs’ in Network Watcher.

From the command line

  1. Follow the steps in Configuring Network Security Group Flow logs with Azure CLI to enable the ‘flow logs’ in Network Watcher.

  2. Ensure Insights provider is registered by running the following command to check:

        az provider register --namespace Microsoft.Insights
        
  3. Enable flow logs: Note: You will need to have a storage account setup prior to this.

        az network watcher flow-log create --resource-group resourceGroupName --enabled true --nsg nsgName --storage-account storageAccountName --location location
        az network watcher flow-log create --resource-group resourceGroupName --enabled true --nsg nsgName --storage-account storageAccountName --location location --format JSON --log-version 2
        

  4. Repeat steps 2 and 3 for resources that are not configured correctly.