Logging and monitoring

Network security group flow log retention period is less than 90 days or disabled

Risk Level

Informational (4)

Compliance Frameworks
  • Azure CIS


Logs can be used to check for anomalies and give insight into suspected breaches. Flow logs on network watcher {AzureNetworkFlowLog} has to be enabled and retention set to 90 days or more. It will allow you to capture information about IP traffic flowing in and out of network security groups.
  • Recommend icon

    Recommended Mitigation

    Consider enabling flow logs with a retention period of 90 days or greater.