turbot/azure

steampipe plugin install azuresteampipe plugin install azure
azure_ad_groupazure_ad_service_principalazure_ad_userazure_api_managementazure_app_service_environmentazure_app_service_function_appazure_app_service_planazure_app_service_web_appazure_application_security_groupazure_batch_accountazure_compute_availability_setazure_compute_diskazure_compute_disk_encryption_setazure_compute_disk_metric_read_opsazure_compute_disk_metric_read_ops_dailyazure_compute_disk_metric_read_ops_hourlyazure_compute_disk_metric_write_opsazure_compute_disk_metric_write_ops_dailyazure_compute_disk_metric_write_ops_hourlyazure_compute_imageazure_compute_resource_skuazure_compute_snapshotazure_compute_virtual_machineazure_compute_virtual_machine_metric_cpu_utilizationazure_compute_virtual_machine_metric_cpu_utilization_dailyazure_compute_virtual_machine_metric_cpu_utilization_hourlyazure_compute_virtual_machine_scale_setazure_container_registryazure_cosmosdb_accountazure_cosmosdb_mongo_databaseazure_cosmosdb_sql_databaseazure_data_factoryazure_data_factory_datasetazure_data_factory_pipelineazure_data_lake_analytics_accountazure_data_lake_storeazure_diagnostic_settingazure_eventhub_namespaceazure_express_route_circuitazure_firewallazure_iothubazure_key_vaultazure_key_vault_deleted_vaultazure_key_vault_keyazure_key_vault_managed_hardware_security_moduleazure_key_vault_secretazure_kubernetes_clusterazure_lbazure_lb_backend_address_poolazure_lb_nat_ruleazure_lb_outbound_ruleazure_lb_probeazure_lb_ruleazure_locationazure_log_alertazure_log_profileazure_logic_app_workflowazure_management_lockazure_mariadb_serverazure_mssql_elasticpoolazure_mssql_managed_instanceazure_mysql_serverazure_network_interfaceazure_network_security_groupazure_network_watcherazure_network_watcher_flow_logazure_policy_assignmentazure_policy_definitionazure_postgresql_serverazure_providerazure_public_ipazure_recovery_services_vaultazure_redis_cacheazure_resource_groupazure_resource_linkazure_role_assignmentazure_role_definitionazure_route_tableazure_search_serviceazure_security_center_auto_provisioningazure_security_center_contactazure_security_center_jit_network_access_policyazure_security_center_settingazure_security_center_subscription_pricingazure_servicebus_namespaceazure_sql_databaseazure_sql_serverazure_storage_accountazure_storage_blobazure_storage_blob_serviceazure_storage_containerazure_storage_queueazure_storage_tableazure_storage_table_serviceazure_stream_analytics_jobazure_subnetazure_subscriptionazure_tenantazure_virtual_networkazure_virtual_network_gateway

Table: azure_network_watcher_flow_log

Network security group (NSG) flow logs is a feature of Azure Network Watcher that allows user to log information about IP traffic flowing through an NSG. Flow data is sent to Azure Storage accounts from where the user can access it.

Examples

Basic info

select
name,
enabled,
network_watcher_name,
target_resource_id
from
azure_network_watcher_flow_log;

List disabled flow logs

select
name,
id,
region,
enabled
from
azure_network_watcher_flow_log
where
not enabled;

List flow logs with a retention period less than 90 days

select
name,
region,
enabled,
retention_policy_days
from
azure_network_watcher_flow_log
where
enabled and retention_policy_days < 90;

Get storage account details for each flow log

select
name,
file_type,
storage_id
from
azure_network_watcher_flow_log;

Query examples

Control examples

.inspect azure_network_watcher_flow_log

Azure Network Watcher FlowLog

NameTypeDescription
akasjsonbArray of globally unique identifier strings (also known as) for the resource.
enabledbooleanIndicates whether the flow log is enabled, or not.
etagtextAn unique read-only string that changes whenever the resource is updated.
file_typetextThe file type of flow log. Possible values include: 'JSON'.
idtextContains ID to identify a flow log uniquely.
nametextThe friendly name that identifies the flow log.
network_watcher_nametextThe friendly name that identifies the network watcher.
provisioning_statetextThe provisioning state of the flow log.
regiontextThe Azure region/location in which the resource is located.
resource_grouptextThe resource group which holds this resource.
retention_policy_daysbigintSpecifies the number of days to retain flow log records.
retention_policy_enabledbooleanIndicates whether flow log retention is enabled, or not.
storage_idtextThe ID of the storage account which is used to store the flow log.
subscription_idtextThe Azure Subscription ID in which the resource is located.
tagsjsonbA map of tags for the resource.
target_resource_guidtextThe Guid of network security group to which flow log will be applied.
target_resource_idtextThe ID of network security group to which flow log will be applied.
titletextTitle of the resource.
traffic_analyticsjsonbDefines the configuration of flow log traffic analytics.
typetextThe resource type of the flow log.
versionbigintThe version (revision) of the flow log.