Retention policy for flow logs should be enabled and set to greater than 90 days
Flow logs are the source of truth for all network activity in your cloud environment.
To enable analysis in security event that was detected late, you need to have the logs available.
Setting an retention policy will help ensure as much information is available for review.
Impact
Recommended Actions
Follow the appropriate remediation steps below to resolve the issue.
Ensure flow log retention is turned on with an expiry of >90 days
1
2
3
4
5
6
7
8
9
10
11
12
13
|
resource "azurerm_network_watcher_flow_log" "good_watcher" {
network_watcher_name = "good_watcher"
resource_group_name = "resource-group"
network_security_group_id = azurerm_network_security_group.test.id
storage_account_id = azurerm_storage_account.test.id
enabled = true
retention_policy {
enabled = true
days = 90
}
}
|
Links