{
    "description": "Subnet without a flow log",
    "rationale": "Flow logs enable the investigatation of incidents involving unauthorized network traffic, such as an attacker exfiltrating data or pivoting to other hosts.",
    "path": "vpc.regions.id.vpcs.id.subnets.id",
    "dashboard_name": "Subnets",
    "id_suffix": "NoFlowLog",
    "conditions": [ "or",
        [ "this", "withoutKey", "flow_logs"],
        [ "flow_logs", "empty", "" ]
    ]
}