More Info:

Monitoring for ‘Create’ or ‘Update Network Security Group Rule’ events gives insight into network access changes and may reduce the time it takes to detect suspicious activity.

Risk Level

Low

Address

Security, Operational Maturity

Compliance Standards

SOC2, ISO27001, HIPAA, CISAZURE, CBP

Triage and Remediation

Remediation

Sure, here are the step-by-step instructions to remediate the misconfiguration “Ensure Activity Log Alert exists for Create or Update Network Security Group Rule” in Azure using the Azure console:

  1. Log in to the Azure portal using your credentials.
  2. In the Azure portal, click on the “Security Center” icon in the left-hand menu.
  3. Select “Security policy” from the Security Center menu.
  4. In the “Security policy” page, click on the “Activity Log Alerts” option.
  5. On the “Activity Log Alerts” page, click on the ”+ Add activity log alert” button.
  6. In the “Add activity log alert” page, select the “Resource Group” or “Subscription” that you want to create the alert for.
  7. In the “Condition” section, select “Service” as “Network Security Group Rule” and “Operation” as “Write”.
  8. In the “Action group” section, select the action group that you want to use for the alert.
  9. In the “Alert details” section, provide a name and description for the alert.
  10. Click on the “Create alert rule” button to create the alert.

Once you have completed these steps, the misconfiguration “Ensure Activity Log Alert exists for Create or Update Network Security Group Rule” will be remediated in Azure. The alert will notify you when a new network security group rule is created or updated, which will help you identify any potential security issues.

Additional Reading: