last sync: 2021-Aug-04 14:59:26 UTC

Azure Policy definition

Network Watcher flow logs should have traffic analytics enabled

Name Network Watcher flow logs should have traffic analytics enabled
Azure Portal
Id 2f080164-9f4d-497e-9db6-416dc9f7b48a
Version 1.0.0
details on versioning
Category Network
Microsoft docs
Description Traffic analytics analyzes Network Watcher network security group flow logs to provide insights into traffic flow in your Azure cloud. It can be used to visualize network activity across your Azure subscriptions and identify hot spots, identify security threats, understand traffic flow patterns, pinpoint network misconfigurations and more.
Mode Indexed
Type BuiltIn
Preview FALSE
Deprecated FALSE
Effect Default: Audit
Allowed: (Audit, Disabled)
Used RBAC Role none
History
Date/Time (UTC ymd) (i) Change type Change detail
2021-05-18 14:34:48 add 2f080164-9f4d-497e-9db6-416dc9f7b48a
Used in Initiatives none
JSON
{
  "properties": {
    "displayName": "Network Watcher flow logs should have traffic analytics enabled",
    "policyType": "BuiltIn",
    "mode": "Indexed",
    "description": "Traffic analytics analyzes Network Watcher network security group flow logs to provide insights into traffic flow in your Azure cloud. It can be used to visualize network activity across your Azure subscriptions and identify hot spots, identify security threats, understand traffic flow patterns, pinpoint network misconfigurations and more.",
    "metadata": {
      "version": "1.0.0",
      "category": "Network"
    },
    "parameters": {
      "effect": {
        "type": "String",
        "metadata": {
          "displayName": "Effect",
          "description": "Enable or disable the execution of the policy"
        },
        "allowedValues": [
          "Audit",
          "Disabled"
        ],
        "defaultValue": "Audit"
      }
    },
    "policyRule": {
      "if": {
        "allof": [
          {
            "field": "type",
            "equals": "Microsoft.Network/networkWatchers/flowLogs"
          },
          {
            "anyof": [
              {
                "field": "Microsoft.Network/networkWatchers/flowLogs/flowAnalyticsConfiguration.networkWatcherFlowAnalyticsConfiguration.enabled",
                "equals": false
              },
              {
                "field": "Microsoft.Network/networkWatchers/flowLogs/flowAnalyticsConfiguration.networkWatcherFlowAnalyticsConfiguration.trafficAnalyticsInterval",
                "notin": [
                  "10",
                  "60"
                ]
              }
            ]
          }
        ]
      },
      "then": {
      "effect": "[parameters('effect')]"
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/2f080164-9f4d-497e-9db6-416dc9f7b48a",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "2f080164-9f4d-497e-9db6-416dc9f7b48a"
}