Network Watcher Flow Disabled

  • Query id: b90842e5-6779-44d4-9760-972f4c03ba1c
  • Query name: Network Watcher Flow Disabled
  • Platform: Terraform
  • Severity: High
  • Category: Insecure Configurations
  • URL: Github

Description

Check if enable field in the resource azurerm_network_watcher_flow_log is false.
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - tf file
resource "azurerm_network_watcher_flow_log" "positive1" {
  network_watcher_name = azurerm_network_watcher.test.name
  resource_group_name  = azurerm_resource_group.test.name

  network_security_group_id = azurerm_network_security_group.test.id
  storage_account_id        = azurerm_storage_account.test.id
  enabled                   = false

  retention_policy {
    enabled = true
    days    = 7
  }
}

Code samples without security vulnerabilities

Negative test num. 1 - tf file
resource "azurerm_network_watcher_flow_log" "negative1" {
  network_watcher_name = azurerm_network_watcher.test.name
  resource_group_name  = azurerm_resource_group.test.name

  network_security_group_id = azurerm_network_security_group.test.id
  storage_account_id        = azurerm_storage_account.test.id
  enabled                   = true

  retention_policy {
    enabled = true
    days    = 7
  }
}