Flow Logs & Network Traffic Monitoring

Sprinto checks for the presence of flow logs to ensure that your cloud infrastructure is being actively monitored for network-level activity. These logs provide visibility into incoming and outgoing traffic, helping detect misconfigurations, unauthorised access, or policy violations.

Monitoring flow logs is a key requirement in most compliance frameworks, including ISO 27001, SOC 2, and GDPR.

Supported Cloud Providers

When is this check triggered?

This check is triggered if:

• Flow logs are not enabled for one or more active cloud networks

• Evidence of log collection is missing or outdated

• The logging destination (e.g., S3, Azure Storage, GCS) is not properly configured or visible

How to resolve the check

To pass this check, you must:

1. Enable flow logs for the relevant services in your cloud console.

2. Verify logging destinations are accessible and collecting logs.

3. Upload evidence to Sprinto, or allow integration-based collection.

Example: Enable AWS VPC Flow Logs

1. Go to the VPC Dashboard in the AWS console.

2. Select your VPC → Click Flow Logs → Create flow log

3. Choose All traffic for log type.

4. Set the destination to CloudWatch Logs or S3.

5. Save and verify logs are being generated.

Repeat similar steps for Azure NSGs, GCP VPCs, and Oracle VCNs.

Evidence requirements

You can provide one of the following as evidence:

• A screenshot of the flow log configuration screen

• A recent log sample or export

• Cloud console JSON configuration output

• Integration-based verification (preferred if supported)

Best practices

• Retain flow logs for a minimum of 90 days, or as per regulatory requirements.

• Regularly review logs for anomalies or misconfigured security groups.

• Apply log integrity monitoring (e.g. CloudTrail log file validation) where supported.