last sync: 2024-Feb-21 20:03:25 UTC

All flow log resources should be in enabled state

Azure BuiltIn Policy definition

Source Azure Portal
Display name All flow log resources should be in enabled state
Id 27960feb-a23c-4577-8d36-ef8b5f35e0be
Version 1.0.1
Details on versioning
Category Network
Microsoft Learn
Description Audit for flow log resources to verify if flow log status is enabled. Enabling flow logs allows to log information about IP traffic flowing. It can be used for optimizing network flows, monitoring throughput, verifying compliance, detecting intrusions and more.
Mode Indexed
Type BuiltIn
Preview False
Deprecated False
Effect Default
Audit
Allowed
Audit, Disabled
RBAC role(s) none
Rule aliases IF (1)
Alias Namespace ResourceType DefaultPath Modifiable
Microsoft.Network/networkWatchers/flowLogs/enabled Microsoft.Network networkWatchers/flowLogs properties.enabled false
Rule resource types IF (1)
Microsoft.Network/networkWatchers/flowLogs
Compliance
The following 8 compliance controls are associated with this Policy definition 'All flow log resources should be in enabled state' (27960feb-a23c-4577-8d36-ef8b5f35e0be)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
CIS_Azure_2.0.0 5.1.6 CIS_Azure_2.0.0_5.1.6 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.6 5.1 Ensure that Network Security Group Flow logs are captured and sent to Log Analytics Shared The impact of configuring NSG Flow logs is primarily one of cost and configuration. If deployed, it will create storage accounts that hold minimal amounts of data on a 5-day lifecycle before feeding to Log Analytics Workspace. This will increase the amount of data stored and used by Azure Monitor. Ensure that network flow logs are captured and fed into a central log analytics workspace. Network Flow Logs provide valuable insight into the flow of traffic around your network and feed into both Azure Monitor and Azure Sentinel (if in use), permitting the generation of visual flow diagrams to aid with analyzing for lateral movement, etc. link 3
RBI_CSF_Banks_v2016 15.1 RBI_CSF_Banks_v2016_15.1 Data Leak Prevention Strategy Data Leak Prevention Strategy-15.1 n/a Develop a comprehensive data loss/leakage prevention strategy to safeguard sensitive (including confidential)business and customer data/information. 8
RBI_CSF_Banks_v2016 16.1 RBI_CSF_Banks_v2016_16.1 Maintenance, Monitoring, And Analysis Of Audit Logs Maintenance, Monitoring, And Analysis Of Audit Logs-16.1 n/a Consult all the stakeholders before finalising the scope, frequency and storage of log collection. 5
RBI_ITF_NBFC_v2017 3.1.g RBI_ITF_NBFC_v2017_3.1.g RBI IT Framework 3.1.g Information and Cyber Security Trails-3.1 n/a The IS Policy must provide for a IS framework with the following basic tenets: Trails- NBFCs shall ensure that audit trails exist for IT assets satisfying its business requirements including regulatory and legal requirements, facilitating audit, serving as forensic evidence when required and assisting in dispute resolution. If an employee, for instance, attempts to access an unauthorized section, this improper activity should be recorded in the audit trail. link 39
RBI_ITF_NBFC_v2017 5 RBI_ITF_NBFC_v2017_5 RBI IT Framework 5 IS Audit Policy for Information System Audit (IS Audit)-5 n/a The objective of the IS Audit is to provide an insight on the effectiveness of controls that are in place to ensure confidentiality, integrity and availability of the organization???s IT infrastructure. IS Audit shall identify risks and methods to mitigate risk arising out of IT infrastructure such as server architecture, local and wide area networks, physical and information security, telecommunications etc. link 14
RMiT_v1.0 10.33 RMiT_v1.0_10.33 RMiT 10.33 Network Resilience Network Resilience - 10.33 Shared n/a A financial institution must design a reliable, scalable and secure enterprise network that is able to support its business activities, including future growth plans. link 28
RMiT_v1.0 Appendix_5.7 RMiT_v1.0_Appendix_5.7 RMiT Appendix 5.7 Control Measures on Cybersecurity Control Measures on Cybersecurity - Appendix 5.7 Customer n/a Ensure overall network security controls are implemented including the following: (a) dedicated firewalls at all segments. All external-facing firewalls must be deployed on High Availability (HA) configuration and “fail-close” mode activated. Deploy different brand name/model for two firewalls located in sequence within the same network path; (b) IPS at all critical network segments with the capability to inspect and monitor encrypted network traffic; (c) web and email filtering systems such as web-proxy, spam filter and anti-spoofing controls; (d) endpoint protection solution to detect and remove security threats including viruses and malicious software; (e) solution to mitigate advanced persistent threats including zero-day and signatureless malware; and (f) capture the full network packets to rebuild relevant network sessions to aid forensics in the event of incidents. link 27
SWIFT_CSCF_v2022 6.4 SWIFT_CSCF_v2022_6.4 SWIFT CSCF v2022 6.4 6. Detect Anomalous Activity to Systems or Transaction Records Record security events and detect anomalous actions and operations within the local SWIFT environment. Shared n/a Capabilities to detect anomalous activity are implemented, and a process or tool is in place to keep and review logs. link 52
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type
[Preview]: Reserve Bank of India - IT Framework for Banks d0d5578d-cc08-2b22-31e3-f525374f235a Regulatory Compliance Preview BuiltIn
[Preview]: Reserve Bank of India - IT Framework for NBFC 7f89f09c-48c1-f28d-1bd5-84f3fb22f86c Regulatory Compliance Preview BuiltIn
CIS Microsoft Azure Foundations Benchmark v2.0.0 06f19060-9e68-4070-92ca-f15cc126059e Regulatory Compliance GA BuiltIn
Flow logs should be configured and enabled for every network security group 62329546-775b-4a3d-a4cb-eb4bb990d2c0 Network GA BuiltIn
RMIT Malaysia 97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6 Regulatory Compliance GA BuiltIn
SWIFT CSP-CSCF v2022 7bc7cd6c-4114-ff31-3cac-59be3157596d Regulatory Compliance GA BuiltIn
History
Date/Time (UTC ymd) (i) Change type Change detail
2023-04-06 17:42:16 change Patch (1.0.0 > 1.0.1)
2021-03-09 14:37:41 add 27960feb-a23c-4577-8d36-ef8b5f35e0be
JSON compare
compare mode: version left: version right:
JSON
api-version=2021-06-01
EPAC