Vulnerabilities
Misconfiguration
Runtime Security
Compliance
Azure > Network >

Retention Policy Set

LOW
Source
Trivy
ID
AVD-AZU-0049
terraform

Retention policy for flow logs should be enabled and set to greater than 90 days

Flow logs are the source of truth for all network activity in your cloud environment. To enable analysis in security event that was detected late, you need to have the logs available.

Setting an retention policy will help ensure as much information is available for review.

Impact

Not enabling retention or having short expiry on flow logs could lead to compromise being undetected limiting time for analysis

Follow the appropriate remediation steps below to resolve the issue.

Ensure flow log retention is turned on with an expiry of >90 days

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14

resource "azurerm_network_watcher_flow_log" "good_watcher" {
	network_watcher_name = "good_watcher"
	resource_group_name = "resource-group"

	network_security_group_id = azurerm_network_security_group.test.id
	storage_account_id = azurerm_storage_account.test.id
	enabled = true

	retention_policy {
		enabled = true
		days = 90
	}
}
Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2023 Aqua Security Software Ltd.   Privacy Policy | Terms of Use