Virtual Network security group flow log retention period should be set to 90 days or greater

Description

Flow logs enable capturing information about IP traffic flowing in and out of network security groups. Logs can be used to check for anomalies and give insight into suspected breaches.

Portal Remediation Steps

  • Navigate to Network Watcher.

  • In the left navigation under Logs, select NSG flow logs.

  • Select the Network Security Group.

  • Under Flow Log settings, select On.

  • Set the Retention (days) to greater than 90 days.

  • In the Storage account field, select your storage account.

  • Click Save.

CLI Remediation Steps

  • To enforce a retention period greater than 90 days:

az network watcher flow-log configure --nsg <NameorID of the Network Security Group> --enabled true --resource-group <resourceGroupName> --retention 91 --storage-account <NameorID of the storage account to save flow logs>