Azure Flow Log Retention Period
Description
This detector checks Azure Network Watcher Flow Logs for insufficient log retention periods and disabled retention policies. Flow logs are critical for network security monitoring and forensics, and inadequate retention periods can impact incident investigation capabilities and compliance requirements.
Detection Strategy
• Flags a vulnerability when the flow log retention period is set to less than 90 days
• Flags a vulnerability when the flow log retention policy is disabled (enabled = false)
• Examines each Network Watcher flow log configuration in the Azure subscription
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.