zt_net_016 — Network Watcher not enabled in all regions¶
Summary
Severity: Medium · Pillar: Network · Chain role: ENABLER
Description¶
Network Watcher provides network diagnostics, packet capture, and flow logs. If Network Watcher is not deployed in every region where virtual networks exist, blind spots prevent detection of lateral movement and data exfiltration.
Mapping¶
| Framework | Control / Reference |
|---|---|
| NIST 800-53 | AU-12 |
| NIST 800-207 | Tenet 5 - Integrity monitored |
| CIS Azure | — |
| MITRE ATT&CK Technique | T1562.008 |
| MITRE ATT&CK Tactic | Defense Evasion |
| Zero-Trust Tenet | Tenet 5 |
| Framework tags | nist-800-207, argus-zt |
Source¶
Rule defined at policies/azure/zt/network/zt_net_016.rego.