Control: Azure > Network Watcher > Flow Log > Retention Policy

Raise an alarm if the network security group (NSG) flow log retention policy is not configured to meet the defined policy requirements.

Note: This check applies exclusively to flow logs using V2 storage accounts.

Resource Types

This control targets the following resource types:

Azure > Network Watcher > Flow Log

Policies

The following policies can be used to configure this control:

Azure > Network Watcher > Flow Log > Retention Policy

This control type relies on these other policies when running actions:

Azure > Network Watcher > Flow Log > Retention Policy > Days

Permissions

Cloud permissions used by this control and its actions:

microsoft.network/networkwatchers/flowlogs/write

In Your Workspace

Developers

Control Type URI

tmod:@turbot/azure-networkwatcher#/control/types/flowLogRetentionPolicy

Category URI

tmod:@turbot/turbot#/control/categories/resourceLogging

GraphQL

query controlType(id: "tmod:@turbot/azure-networkwatcher#/control/types/flowLogRetentionPolicy") { … }

query controls(filter: "controlTypeId:'tmod:@turbot/azure-networkwatcher#/control/types/flowLogRetentionPolicy'") { … }

CLI

Get Controls

turbot graphql controls --filter "controlTypeId:tmod:@turbot/azure-networkwatcher#/control/types/flowLogRetentionPolicy"