Control: Azure > Network Watcher > Flow Log > Retention Policy

Raise an alarm if the network security group (NSG) flow log retention policy is not configured to meet the defined policy requirements.

Note: This check applies exclusively to flow logs using V2 storage accounts.

Resource Types

This control targets the following resource types:

Azure > Network Watcher > Flow Log

Primary Policies

The following policies can be used to configure this control:

In Your Workspace

Developers

Control Type URI

tmod:@turbot/azure-networkwatcher#/control/types/flowLogRetentionPolicy

Category URI

tmod:@turbot/turbot#/control/categories/resourceLogging

GraphQL

query controlType(id: "tmod:@turbot/azure-networkwatcher#/control/types/flowLogRetentionPolicy") { … }

query controls(filter: "controlTypeId:'tmod:@turbot/azure-networkwatcher#/control/types/flowLogRetentionPolicy'") { … }

CLI

Get Controls

turbot graphql controls --filter "controlTypeId:tmod:@turbot/azure-networkwatcher#/control/types/flowLogRetentionPolicy"