AzPolicyAdvertizer

last sync: 2020-Sep-24 14:01:32 UTC

Azure Policy

Flow log should be configured for every network security group

Policy DisplayName Flow log should be configured for every network security group

Policy Id c251913d-7d24-4958-af87-478ed3b9ba41

Policy Category Network

Policy Description Audit for network security groups to verify if flow log resource is configured. Flow log allows to log information about IP traffic flowing through network security group. It can be used for optimizing network flows, monitoring throughput, verifying compliance, detecting intrusions and more.

Policy Mode Indexed

Policy Type BuiltIn

Policy in Preview FALSE

Policy Deprecated FALSE

Policy Effect Fixed: audit

Roles used none

Policy Changes

Date/Time (UTC ymd) (i)	Change	Change detail
2020-08-27 15:39:26	add: Policy	c251913d-7d24-4958-af87-478ed3b9ba41

Used in Policy Initiative(s) none

Policy Rule

{
  "properties": {
    "displayName": "Flow log should be configured for every network security group",
    "policyType": "BuiltIn",
    "mode": "Indexed",
    "description": "Audit for network security groups to verify if flow log resource is configured. Flow log allows to log information about IP traffic flowing through network security group. It can be used for optimizing network flows, monitoring throughput, verifying compliance, detecting intrusions and more.",
    "metadata": {
      "version": "1.0.0",
      "category": "Network"
    },
    "policyRule": {
      "if": {
        "allof": [
          {
            "field": "type",
            "equals": "Microsoft.Network/networkSecurityGroups"
          },
          {
            "count": {
            "field": "Microsoft.Network/networkSecurityGroups/flowLogs[*]"
            },
            "equals": 0
          }
        ]
      },
      "then": {
        "effect": "audit"
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/c251913d-7d24-4958-af87-478ed3b9ba41",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "c251913d-7d24-4958-af87-478ed3b9ba41"
}

Azure Policy

Flow log should be configured for every network security group

Popular