Ensure that your Microsoft Azure Network Security Groups (NSGs) have a sufficient flow log retention period, i.e. greater than or equal to 90 days, configured for reliability and compliance purposes. The retention period represents the number of days to retain flow log data recorded for your network security groups. Azure Network Security Group (NSG) flow log is a feature of the Network Watcher service, that allows you to view information about inbound and outbound IP traffic through an NSG.
This rule resolution is part of the Conformity Security & Compliance tool for Azure.
Flow logs capture information about IP traffic flowing in and out of Azure Network Security Groups. A flow log data retention period of 90 days or more, should allow you to collect the necessary amount of logging data required to check for anomalies and provide details about any potential security breach.
Note: This conformity rule assumes that the Network Watcher is active within the required Azure regions and the flow log feature is enabled for the verified NSGs.
Audit
To determine if the flow log retention period configured for your Azure NSGs is greater than or equal to 90 days, perform the following actions:
Remediation / Resolution
To extend flow log data retention period for your Microsoft Azure Network Security Groups, perform the following actions:
References
- Azure Official Documentation
- What is Azure Network Watcher?
- Introduction to flow logging for network security groups
- CIS Microsoft Azure Foundations
- Azure Command Line Interface (CLI) Documentation
- az network nsg
- az network nsg list
- az network watcher
- az network watcher flow-log show
- az network watcher flow-log configure