standard
turbot/azure_compliance

Trigger: Detect & correct NSGs flow log with retention period less than 90 days

Detect NSGs flow log with retention period less than 90 days.

Query

select
concat(
sg.id,
' [',
sg.subscription_id,
'/',
sg.resource_group,
']'
) as title,
sg.id as id,
sg.name,
sg.resource_group,
sg.subscription_id,
sg._ctx ->> 'connection_name' as conn
from
azure_network_security_group sg
left join azure_network_watcher_flow_log fl on sg.id = fl.target_resource_id
where
fl.id is null
or not fl.enabled
or fl.retention_policy_days < 90

Schedule

15m

Tags

category = Compliance
plugin = azure
service = Azure/Network