TF 0452 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Retention policy for flow logs should be enabled and set to greater than 90 days
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| Service | network |
| Provider | Azure |
Description
Flow log resources are missing a retention policy or have it set for less than 90 days, which limits the availability of historical network activity logs required for security investigations.
Impact
Insufficient retention of flow logs can prevent detection and analysis of delayed or long-running attacks, making it difficult to investigate incidents and comply with audit requirements. This increases the risk of undetected breaches or incomplete forensic data.
Resolution
Ensure flow log retention is turned on with an expiry of >90 days