Azure network service group log retention is properly set

Set up the azure.networkwatcher integration.

このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。

Description

Azure Network Watcher can use flow logs so that you can monitor traffic from resources. This rule generates a finding if there is no retention policy set with a duration over 90 days.

Note: 0 days means unlimited retention.

Rationale

Setting this attribute enables flow logs to be retained for an appropriate amount of time that enables a better security posture for your organization. These logs should be retained critical resources in your environment.

Remediation

From the console

Follow the instructions in Tutorial: Log network traffic to and from a virtual machine using the Azure portal to enable the ‘flow logs’ in Network Watcher.

From the command line

Follow the steps in Configuring Network Security Group Flow logs with Azure CLI to enable the ‘flow logs’ in Network Watcher.
Ensure Insights provider is registered by running the following command to check:
```
    az provider register --namespace Microsoft.Insights
    
```

Enable flow logs: Note: You will need to have a storage account setup prior to this.

    az network watcher flow-log create --resource-group resourceGroupName --enabled true --nsg nsgName --storage-account storageAccountName --location location
    az network watcher flow-log create --resource-group resourceGroupName --enabled true --nsg nsgName --storage-account storageAccountName --location location --format JSON --log-version 2
    

Repeat steps 2 and 3 for resources that are not configured correctly.