Ensure that your Microsoft Azure Network Security Groups (NSGs) have a sufficient flow log retention period, i.e. greater than or equal to 90 days, configured for reliability and compliance purposes. The retention period represents the number of days to retain flow log data recorded for your network security groups. Azure Network Security Group (NSG) flow log is a feature of the Network Watcher service, that allows you to view information about inbound and outbound IP traffic through an NSG.
This rule resolution is part of the Cloud Conformity Security & Compliance tool for Azure
Flow logs capture information about IP traffic flowing in and out of Azure Network Security Groups. A flow log data retention period of 90 days or more, should allow you to collect the necessary amount of logging data required to check for anomalies and provide details about any potential security breach.
Note: This conformity rule assumes that the Network Watcher is active within the required Azure regions and the flow log feature is enabled for the verified NSGs.
To determine if the flow log retention period configured for your Azure NSGs is greater than or equal to 90 days, perform the following actions:
Remediation / Resolution
To extend flow log data retention period for your Microsoft Azure Network Security Groups, perform the following actions:
- Azure Official Documentation
- What is Azure Network Watcher?
- Introduction to flow logging for network security groups
- CIS Microsoft Azure Foundations
Unlock the Remediation Steps
Gain free unlimited access
to our full Knowledge Base
Over 750 rules & best practices
You are auditing:
Check for NSG Flow Log Retention Period
Risk level: Medium