Azure-NetworkWatcher-NSG-Flow-Logs-Retention-Period

Severity : High

Description: This control ensures that NSG Flow Logs are retained for 90 days. Flow logs enable capturing information about IP traffic flowing in and out of network security groups. Flow log data retention period of 90 days or more, allows to collect the necessary amount of logging data required to check for anomalies and provide details about any potential security breach.

Remediation Steps:

Perform following to Remove all non-required guest users :

1. Login to Azure Portal using https://portal.azure.com.

2. Navigate to Network Watcher.

3. Select NSG flow logs in the Logs section.

4. Select the reported Network Security Group from the list.

5. Ensure Status is set to ON.

6. Ensure Retention (days) is set to greater than 90 days.

7. Select your storage account in the Storage account.

8. Select Save.

Important:

Reference:

• CIS Microsoft Azure Foundations Benchmark v1.3.0 - 02-01-2021 : Recommendation #6.4

• https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-overview

• https://docs.microsoft.com/en-us/cli/azure/network/watcher/flow-log?view=azure-cli-latest