Resource Type: Azure > Network Watcher > Flow Log

Resource Context

Flow Log is a part of the Network Watcher service.

Each Flow Log lives under a Network Watcher.

Controls

The primary controls for Azure > Network Watcher > Flow Log are:

• Active
• Approved
• CMDB
• Discovery
• Retention Policy
• ServiceNow

It is also targeted by these controls:

• Azure > CIS v1 > 6 Networking > 6.04 Ensure that Network Security Group Flow Log retention period is 'greater than 90 days' (Scored)
• Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.01 - Configuring Diagnostic Settings > 5.01.06 - Ensure that Network Security Group Flow logs are captured and sent to Log Analytics
• Azure > CIS v2.0 > 06 - Networking > 6.05 - Ensure that Network Security Group Flow Log retention period is 'greater than 90 days'
• Azure > CIS v3.0 > 06 - Logging & Monitoring > 06.01 - Configuring Diagnostic Settings > 06.01.05 - Ensure that Network Security Group Flow logs are captured and sent to Log Analytics
• Azure > CIS v3.0 > 07 - Networking > 07.05 - Ensure that Network Security Group Flow Log retention period is 'greater than 90 days'
• Azure > CIS v4.0 > 07 - Management and Governance > 07.01 - Logging and Monitoring > 07.01.01 - Configuring Diagnostic Settings > 07.01.01.05 - Ensure that Network Security Group Flow logs are captured and sent to Log Analytics
• Azure > CIS v4.0 > 08 - Networking > 08.05 - Ensure that Network Security Group Flow Log retention period is 'greater than 90 days'
• Azure > CIS v4.0 > 08 - Networking > 08.08 - Ensure that virtual network flow log retention days is set to greater than or equal to 90
• Azure > CIS v5.0 > 6 - Management and Governance Services > 6.01 - Logging and Monitoring > 6.01.01 - Configuring Diagnostic Settings > 6.01.01.05 - Ensure that Network Security Group Flow logs are captured and sent to Log Analytics
• Azure > CIS v5.0 > 7 - Networking Services > 7.05 - Ensure that network security group flow log retention days is set to greater than or equal to 90
• Azure > CIS v5.0 > 7 - Networking Services > 7.08 - Ensure that virtual network flow log retention days is set to greater than or equal to 90

Quick Actions

• Delete
• Router
• Update Retention Policy

Category

• Networking

In Your Workspace

• Controls by Resource Type report
• Policy Settings by Resource Type report
• Resources by Resource Type report

Developers

Resource Type URI

tmod:@turbot/azure-networkwatcher#/resource/types/flowLog

Category URI

tmod:@turbot/turbot#/resource/categories/networking

GraphQL

query resource(id: "tmod:@turbot/azure-networkwatcher#/resource/types/flowLog") { … }

query resourceActivities(filter: "resourceId:'tmod:@turbot/azure-networkwatcher#/resource/types/flowLog'") { … }

mutation createResource(input: { … })

mutation updateResource(input: { … })

CLI

Get Resource

turbot graphql resource --id "tmod:@turbot/azure-networkwatcher#/resource/types/flowLog"

Steampipe Query

Get Resource

select * from guardrails_resource where resource_type_uri = 'tmod:@turbot/azure-networkwatcher#/resource/types/flowLog';

Get Policy Settings (By Resource ID)

select * from guardrails_policy_setting where filter = 'resourceTypeId:"tmod:@turbot/azure-networkwatcher#/resource/types/flowLog"';

Get Resource Notification

select * from guardrails_notification where resource_type_uri = 'tmod:@turbot/azure-networkwatcher#/resource/types/flowLog' and notification_type in ('resource_updated', 'resource_created');