Control: Flow logs should be configured for every network security group
Description
Audit for network security groups to verify if flow logs are configured. Enabling flow logs allows to log information about IP traffic flowing through network security group. It can be used for optimizing network flows, monitoring throughput, verifying compliance, detecting intrusions and more.
Usage
Run the control in your terminal:
powerpipe control run azure_compliance.control.network_sg_flowlog_enabledSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run azure_compliance.control.network_sg_flowlog_enabled --shareSQL
This control uses a named query:
select sg.id resource, case when sg.flow_logs is not null then 'ok' else 'alarm' end as status, case when sg.flow_logs is not null then sg.name || ' flowlog enabled.' else sg.name || ' flowlog disabled.' end as reason , sg.resource_group as resource_group , sub.display_name as subscriptionfrom azure_network_security_group as sg join azure_subscription sub on sub.subscription_id = sg.subscription_id;