last sync: 2020-Dec-01 15:11:26 UTC

Azure Policy definition

Flow log should be configured for every network security group

Name Flow log should be configured for every network security group
Azure Portal
Id c251913d-7d24-4958-af87-478ed3b9ba41
Version 1.0.0
details on versioning
Category Network
Microsoft docs
Description Audit for network security groups to verify if flow log resource is configured. Flow log allows to log information about IP traffic flowing through network security group. It can be used for optimizing network flows, monitoring throughput, verifying compliance, detecting intrusions and more.
Mode Indexed
Type BuiltIn
Preview FALSE
Deprecated FALSE
Effect Fixed: audit
Used RBAC Role none
History
Date/Time (UTC ymd) (i) Change type Change detail
2020-08-27 15:39:26 add c251913d-7d24-4958-af87-478ed3b9ba41
Used in Initiatives none
Json
{
  "properties": {
    "displayName": "Flow log should be configured for every network security group",
    "policyType": "BuiltIn",
    "mode": "Indexed",
    "description": "Audit for network security groups to verify if flow log resource is configured. Flow log allows to log information about IP traffic flowing through network security group. It can be used for optimizing network flows, monitoring throughput, verifying compliance, detecting intrusions and more.",
    "metadata": {
      "version": "1.0.0",
      "category": "Network"
    },
    "policyRule": {
      "if": {
        "allof": [
          {
            "field": "type",
            "equals": "Microsoft.Network/networkSecurityGroups"
          },
          {
            "count": {
            "field": "Microsoft.Network/networkSecurityGroups/flowLogs[*]"
            },
            "equals": 0
          }
        ]
      },
      "then": {
        "effect": "audit"
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/c251913d-7d24-4958-af87-478ed3b9ba41",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "c251913d-7d24-4958-af87-478ed3b9ba41"
}