Unrecommended Network Watcher Flow Log Retention Policy
- Query id: 564b70f8-41cd-4690-aff8-bb53add86bc9
- Query name: Unrecommended Network Watcher Flow Log Retention Policy
- Platform: AzureResourceManager
- Severity: Low
- Category: Observability
- CWE: 778
- URL: Github
Description¶
Network Watcher Flow Log Retention Policy should be enabled and the recommended number of days for the retention should be higher than 90
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - bicep file
resource flowlogs_sample 'Microsoft.Network/networkWatchers/flowLogs@2020-11-01' = {
name: 'flowlogs/sample'
location: 'location'
tags: {}
properties: {
targetResourceId: 'targetResourceId'
storageId: 'storageId'
enabled: true
retentionPolicy: {
days: 2
enabled: false
}
format: {
type: 'JSON'
}
}
}
Positive test num. 2 - json file
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "2.0.0.0",
"apiProfile": "2019-03-01-hybrid",
"parameters": {},
"variables": {},
"functions": [],
"resources": [
{
"name": "flowlogs/sample",
"type": "Microsoft.Network/networkWatchers/flowLogs",
"apiVersion": "2020-11-01",
"location": "location",
"tags": {},
"properties": {
"targetResourceId": "targetResourceId",
"storageId": "storageId",
"enabled": true,
"retentionPolicy": {
"days": 2,
"enabled": false
},
"format": {
"type": "JSON"
}
}
}
],
"outputs": {}
}
Positive test num. 3 - bicep file
resource flowlogs_sample 'Microsoft.Network/networkWatchers/FlowLogs@2020-11-01' = {
name: 'flowlogs/sample'
location: 'location'
tags: {}
properties: {
targetResourceId: 'targetResourceId'
storageId: 'storageId'
enabled: true
retentionPolicy: {
days: 2
}
format: {
type: 'JSON'
}
}
}
Positive test num. 4 - json file
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "2.0.0.0",
"apiProfile": "2019-03-01-hybrid",
"parameters": {},
"variables": {},
"functions": [],
"resources": [
{
"name": "flowlogs/sample",
"type": "Microsoft.Network/networkWatchers/FlowLogs",
"apiVersion": "2020-11-01",
"location": "location",
"tags": {},
"properties": {
"targetResourceId": "targetResourceId",
"storageId": "storageId",
"enabled": true,
"retentionPolicy": {
"days": 2
},
"format": {
"type": "JSON"
}
}
}
],
"outputs": {}
}
Positive test num. 5 - bicep file
Positive test num. 6 - json file
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "2.0.0.0",
"apiProfile": "2019-03-01-hybrid",
"parameters": {},
"variables": {},
"functions": [],
"resources": [
{
"name": "flowlogs/sample",
"type": "Microsoft.Network/networkWatchers/FlowLogs",
"apiVersion": "2020-11-01",
"location": "location",
"tags": {},
"properties": {
"targetResourceId": "targetResourceId",
"storageId": "storageId",
"enabled": true,
"format": {
"type": "JSON"
}
}
}
],
"outputs": {}
}
Positive test num. 7 - bicep file
Positive test num. 8 - json file
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "2.0.0.0",
"apiProfile": "2019-03-01-hybrid",
"parameters": {},
"variables": {},
"functions": [],
"resources": [
{
"name": "flowlogs/sample",
"type": "Microsoft.Network/networkWatchers/FlowLogs",
"apiVersion": "2020-11-01",
"location": "location",
"tags": {},
"properties": {
"targetResourceId": "targetResourceId",
"storageId": "storageId",
"retentionPolicy": {
"days": 95,
"enabled": true
},
"format": {
"type": "JSON"
}
}
}
],
"outputs": {}
}
Positive test num. 9 - bicep file
Positive test num. 10 - json file
{
"properties": {
"template": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "2.0.0.0",
"apiProfile": "2019-03-01-hybrid",
"parameters": {},
"variables": {},
"functions": [],
"resources": [
{
"name": "flowlogs/sample",
"type": "Microsoft.Network/networkWatchers/flowLogs",
"apiVersion": "2020-11-01",
"location": "location",
"tags": {},
"properties": {
"targetResourceId": "targetResourceId",
"storageId": "storageId",
"enabled": true,
"retentionPolicy": {
"days": 2,
"enabled": false
},
"format": {
"type": "JSON"
}
}
}
],
"outputs": {}
},
"parameters": {}
},
"kind": "template",
"type": "Microsoft.Blueprint/blueprints/artifacts",
"name": "myTemplate"
}
Positive test num. 11 - bicep file
Positive test num. 12 - json file
{
"properties": {
"template": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "2.0.0.0",
"apiProfile": "2019-03-01-hybrid",
"parameters": {},
"variables": {},
"functions": [],
"resources": [
{
"name": "flowlogs/sample",
"type": "Microsoft.Network/networkWatchers/FlowLogs",
"apiVersion": "2020-11-01",
"location": "location",
"tags": {},
"properties": {
"targetResourceId": "targetResourceId",
"storageId": "storageId",
"enabled": true,
"retentionPolicy": {
"days": 2
},
"format": {
"type": "JSON"
}
}
}
],
"outputs": {}
},
"parameters": {}
},
"kind": "template",
"type": "Microsoft.Blueprint/blueprints/artifacts",
"name": "myTemplate"
}
Positive test num. 13 - bicep file
Positive test num. 14 - json file
{
"properties": {
"template": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "2.0.0.0",
"apiProfile": "2019-03-01-hybrid",
"parameters": {},
"variables": {},
"functions": [],
"resources": [
{
"name": "flowlogs/sample",
"type": "Microsoft.Network/networkWatchers/FlowLogs",
"apiVersion": "2020-11-01",
"location": "location",
"tags": {},
"properties": {
"targetResourceId": "targetResourceId",
"storageId": "storageId",
"enabled": true,
"format": {
"type": "JSON"
}
}
}
],
"outputs": {}
},
"parameters": {}
},
"kind": "template",
"type": "Microsoft.Blueprint/blueprints/artifacts",
"name": "myTemplate"
}
Positive test num. 15 - bicep file
Positive test num. 16 - json file
{
"properties": {
"template": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "2.0.0.0",
"apiProfile": "2019-03-01-hybrid",
"parameters": {},
"variables": {},
"functions": [],
"resources": [
{
"name": "flowlogs/sample",
"type": "Microsoft.Network/networkWatchers/FlowLogs",
"apiVersion": "2020-11-01",
"location": "location",
"tags": {},
"properties": {
"targetResourceId": "targetResourceId",
"storageId": "storageId",
"retentionPolicy": {
"days": 95,
"enabled": true
},
"format": {
"type": "JSON"
}
}
}
],
"outputs": {}
},
"parameters": {}
},
"kind": "template",
"type": "Microsoft.Blueprint/blueprints/artifacts",
"name": "myTemplate"
}
Code samples without security vulnerabilities¶
Negative test num. 1 - bicep file
resource flowlogs_sample 'Microsoft.Network/networkWatchers/flowLogs@2020-11-01' = {
name: 'flowlogs/sample'
location: 'location'
tags: {}
properties: {
targetResourceId: 'targetResourceId'
storageId: 'storageId'
enabled: true
retentionPolicy: {
days: 92
enabled: true
}
format: {
type: 'JSON'
}
}
}
Negative test num. 2 - json file
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "2.0.0.0",
"apiProfile": "2019-03-01-hybrid",
"parameters": {},
"variables": {},
"functions": [],
"resources": [
{
"name": "flowlogs/sample",
"type": "Microsoft.Network/networkWatchers/flowLogs",
"apiVersion": "2020-11-01",
"location": "location",
"tags": {},
"properties": {
"targetResourceId": "targetResourceId",
"storageId": "storageId",
"enabled": true,
"retentionPolicy": {
"days": 92,
"enabled": true
},
"format": {
"type": "JSON"
}
}
}
],
"outputs": {}
}
Negative test num. 3 - bicep file
resource flowlogs_sample 'Microsoft.Network/networkWatchers/FlowLogs@2020-11-01' = {
name: 'flowlogs/sample'
location: 'location'
tags: {}
properties: {
targetResourceId: 'targetResourceId'
storageId: 'storageId'
enabled: true
retentionPolicy: {
days: 95
enabled: true
}
format: {
type: 'JSON'
}
}
}
Negative test num. 4 - json file
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "2.0.0.0",
"apiProfile": "2019-03-01-hybrid",
"parameters": {},
"variables": {},
"functions": [],
"resources": [
{
"name": "flowlogs/sample",
"type": "Microsoft.Network/networkWatchers/FlowLogs",
"apiVersion": "2020-11-01",
"location": "location",
"tags": {},
"properties": {
"targetResourceId": "targetResourceId",
"storageId": "storageId",
"enabled": true,
"retentionPolicy": {
"days": 95,
"enabled": true
},
"format": {
"type": "JSON"
}
}
}
],
"outputs": {}
}
Negative test num. 5 - bicep file
Negative test num. 6 - json file
{
"properties": {
"template": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "2.0.0.0",
"apiProfile": "2019-03-01-hybrid",
"parameters": {},
"variables": {},
"functions": [],
"resources": [
{
"name": "flowlogs/sample",
"type": "Microsoft.Network/networkWatchers/flowLogs",
"apiVersion": "2020-11-01",
"location": "location",
"tags": {},
"properties": {
"targetResourceId": "targetResourceId",
"storageId": "storageId",
"enabled": true,
"retentionPolicy": {
"days": 92,
"enabled": true
},
"format": {
"type": "JSON"
}
}
}
],
"outputs": {}
},
"parameters": {}
},
"kind": "template",
"type": "Microsoft.Blueprint/blueprints/artifacts",
"name": "myTemplate"
}
Negative test num. 7 - bicep file
Negative test num. 8 - json file
{
"properties": {
"template": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "2.0.0.0",
"apiProfile": "2019-03-01-hybrid",
"parameters": {},
"variables": {},
"functions": [],
"resources": [
{
"name": "flowlogs/sample",
"type": "Microsoft.Network/networkWatchers/FlowLogs",
"apiVersion": "2020-11-01",
"location": "location",
"tags": {},
"properties": {
"targetResourceId": "targetResourceId",
"storageId": "storageId",
"enabled": true,
"retentionPolicy": {
"days": 95,
"enabled": true
},
"format": {
"type": "JSON"
}
}
}
],
"outputs": {}
},
"parameters": {}
},
"kind": "template",
"type": "Microsoft.Blueprint/blueprints/artifacts",
"name": "myTemplate"
}