Logging and monitoring
Network security group flow log retention period is less than 90 days or disabled
Risk Level
Informational (4)
Platform(s)
Compliance Frameworks
- Azure CIS
Description
Logs can be used to check for anomalies and give insight into suspected breaches. Flow logs on network watcher {AzureNetworkFlowLog} has to be enabled and retention set to 90 days or more. It will allow you to capture information about IP traffic flowing in and out of network security groups.-
Recommended Mitigation
Consider enabling flow logs with a retention period of 90 days or greater.