last sync: 2021-Jul-23 16:37:57 UTC

Azure Policy definition

Flow logs should be enabled for every network security group

Name Flow logs should be enabled for every network security group
Azure Portal
Id 27960feb-a23c-4577-8d36-ef8b5f35e0be
Version 1.0.0
details on versioning
Category Network
Microsoft docs
Description Audit for flow log resources to verify if flow log status is enabled. Enabling flow logs allows to log information about IP traffic flowing through network security group. It can be used for optimizing network flows, monitoring throughput, verifying compliance, detecting intrusions and more.
Mode Indexed
Type BuiltIn
Preview FALSE
Deprecated FALSE
Effect Default: Audit
Allowed: (Audit, Disabled)
Used RBAC Role none
History
Date/Time (UTC ymd) (i) Change type Change detail
2021-03-09 14:37:41 add 27960feb-a23c-4577-8d36-ef8b5f35e0be
Used in Initiatives
Initiative DisplayName Initiative Id Initiative Category State
Flow logs should be configured and enabled for every network security group 62329546-775b-4a3d-a4cb-eb4bb990d2c0 Network GA
JSON
{
  "properties": {
    "displayName": "Flow logs should be enabled for every network security group",
    "policyType": "BuiltIn",
    "mode": "Indexed",
    "description": "Audit for flow log resources to verify if flow log status is enabled. Enabling flow logs allows to log information about IP traffic flowing through network security group. It can be used for optimizing network flows, monitoring throughput, verifying compliance, detecting intrusions and more.",
    "metadata": {
      "version": "1.0.0",
      "category": "Network"
    },
    "parameters": {
      "effect": {
        "type": "String",
        "metadata": {
          "displayName": "Effect",
          "description": "Enable or disable the execution of the policy"
        },
        "allowedValues": [
          "Audit",
          "Disabled"
        ],
        "defaultValue": "Audit"
      }
    },
    "policyRule": {
      "if": {
        "allof": [
          {
            "field": "type",
            "equals": "Microsoft.Network/networkWatchers/flowLogs"
          },
          {
            "field": "Microsoft.Network/networkWatchers/flowLogs/enabled",
            "equals": false
          }
        ]
      },
      "then": {
      "effect": "[parameters('effect')]"
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/27960feb-a23c-4577-8d36-ef8b5f35e0be",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "27960feb-a23c-4577-8d36-ef8b5f35e0be"
}