Sprinto Dashboard

How to resolve Sprinto check for enabling NSG flow logs on Azure

About

Sprinto Check: Azure flow logs should be captured

Flow Logs is a feature within Azure Networks Watchers that allows you to capture information about IP traffic flowing through a network security group.

Purpose

The Sprinto check for Azure Flow Logs aims to ensure the proper configuration of flow logs in your Azure account. Enabling flow logs provides valuable insights into IP traffic, contributing to improved network security and facilitating effective monitoring.

How to resolve

Follow these steps to enable Flow Logs on your Azure account:

Before you begin

  • Log in to Sprinto as an administrator.

  • Ensure that you have "Admin" access on the Azure account where flow logs need to be enabled.

Enable Flow Logs

  1. Log in to your Azure portal using your credentials.

  2. Navigate to Network Security Groups and select the NSG group for which you want to enable flow logs.

  3. To create flow logs within NSG, there should be atleast one associated subnets or network interfaces present on the NSG.

  4. Within your selected NSG group, Search for Subnets and check if there any associated Subnets within NSG group. Take note of the subnets name where you have to create flow logs.

  5. Then search for Network interfaces and check if there any associated Network Interfaces within NSG group. Take note of the Network Interfaces name where you have to create flow logs.

  6. In the search box at the top of the portal, enter network watcher. Select Network Watcher from the search results.

  7. Under Logs, select Flow logs.

  8. In Network Watcher | Flow logs, select + Create or Create flow log blue button. Refer to create a flow log for detailed instructions. Create flow logs on the all associated Subnets and Network Interfaces that you have take note in the point 4 and 5.

    Note:

    • For Subnets - Creating the flow logs on its virtual network will also work

    • For Network Interfaces - Creating the flow logs either on its associated virtual network or subnets will also work.

  9. While creating a new flow log, ensure the account kind is selected as "Storage (general purpose v2)". If your current storage plan doesn't support V2, you can upgrade it or mark the Sprinto check as a special case.

  10. Please ensure the Retention (days) are set to ten days.

  11. Under the Tags tab, enter the following tag details and click Review + Create for creating flow logs.

    Name

    Value

    type

    prod

  12. If necessary, on Sprinto app, click on the refresh button on Security Hub > Infrastructure > Azure to fetch the updated configuration from your integrated Azure account.

Upon completing these steps, Sprinto fetches the updated flow logs configuration from your Azure account, and the check status is set to "Passing."

PreviousHow to resolve Sprinto check for enabling Multi factor Authentication (MFA) on Infrastructure servicesNextHow to resolve Sprinto check for enabling server access logs on AWS S3