Retention policy for flow logs should be enabled and set to greater than 90 days
| Property | |
|---|---|
| Language |  |
| Severity |  |
| Service | network |
| Provider | Azure |
Description#
Flow log resources are missing a retention policy or have it set for less than 90 days, which limits the availability of historical network activity logs required for security investigations.
Impact#
Insufficient retention of flow logs can prevent detection and analysis of delayed or long-running attacks, making it difficult to investigate incidents and comply with audit requirements. This increases the risk of undetected breaches or incomplete forensic data.
Resolution#
Ensure flow log retention is turned on with an expiry of >90 days