AzPolicyAdvertizer

last sync: 2023-Jun-09 17:46:13 UTC

Azure Policy definition

Deploy a flow log resource with target network security group

Name

Deploy a flow log resource with target network security group
Azure Portal

0db34a60-64f4-4bf6-bd44-f95c16cf34b9

Version

1.1.0
details on versioning

Category

Network
Microsoft docs

Description

Configures flow log for specific network security group. It will allow to log information about IP traffic flowing through an network security group. Flow log helps to identify unknown or undesired traffic, verify network isolation and compliance with enterprise access rules, analyze network flows from compromised IPs and network interfaces.

Mode

Indexed

Type

BuiltIn

Preview

FALSE

Deprecated

FALSE

Effect

Fixed
deployIfNotExists

RBAC
Role(s)

Role Name	Role Id
Contributor	b24988ac-6180-42a0-ab88-20f7382dd24c

Rule
Aliases

THEN-ExistenceCondition (2)

Alias	Namespace	ResourceType	DefaultPath	Modifiable
Microsoft.Network/networkWatchers/flowLogs/enabled	Microsoft.Network	networkWatchers/flowLogs	properties.enabled	false
Microsoft.Network/networkWatchers/flowLogs/storageId	Microsoft.Network	networkWatchers/flowLogs	properties.storageId	false

Rule
ResourceTypes

IF (1)
Microsoft.Network/networkSecurityGroups
THEN-Deployment (2)
Microsoft.Network/networkWatchers/flowLogs
Microsoft.Resources/deployments

Compliance

Not a Compliance control

History

Date/Time (UTC ymd) (i)	Change type	Change detail
2023-01-27 18:40:07	change	Minor (1.0.1 > 1.1.0)
2021-12-10 17:29:56	change	Patch (1.0.0 > 1.0.1) *changes on text case sensitivity are not tracked
2020-08-27 15:39:26	add	0db34a60-64f4-4bf6-bd44-f95c16cf34b9

Initiatives
usage

none

JSON