More Info:

Monitoring for ‘Create’ or ‘Update Network Security Group’ events gives insight into network access changes and may reduce the time it takes to detect suspicious activity.

Risk Level

Low

Address

Security, Operational Maturity

Compliance Standards

CISAZURE, CBP, SOC2, ISO27001, HIPAA, HITRUST, NISTCSF

Triage and Remediation

Remediation

To remediate the misconfiguration “Ensure Activity Log Alert exists for Create or Update Network Security Group” for AZURE using AZURE console, please follow the below steps:

  1. Log in to the Azure portal (https://portal.azure.com/).
  2. Click on the “Activity log” option in the left-hand side menu.
  3. Click on the “Alerts” option in the left-hand side menu.
  4. Click on the “New alert rule” button.
  5. In the “Create alert rule” page, under the “Scope” section, select the subscription, resource group, or resource for which you want to create an alert.
  6. Under the “Condition” section, click on the “Add condition” button.
  7. In the “Add condition” page, select “Activity log” as the signal type.
  8. Under the “Filter” section, select “Resource provider” as the field and “Microsoft.Network” as the value.
  9. Under the “Operation” section, select “Create or Update Network Security Group” as the value.
  10. Under the “Threshold” section, set the frequency and threshold values according to your requirements.
  11. Under the “Actions” section, select the action you want to perform when the alert is triggered. You can send an email, a text message, or a webhook notification.
  12. Click on the “Create alert rule” button to create the alert.

Once the alert is created, you will receive a notification whenever a network security group is created or updated in the selected scope.

Additional Reading: