Logging and monitoring

Network security group flow log retention period is less than 90 days or disabled

Risk Level

Informational (4)

Compliance Frameworks


Logs can be used to check for anomalies and give insight into suspected breaches. Flow logs on network watcher {AzureNetworkFlowLog} has to be enabled and retention set to 90 days or more. It will allow you to capture information about IP traffic flowing in and out of network security groups.
  • Recommended Mitigation

    Consider enabling flow logs with a retention period of 90 days or greater.