More Info:

Monitoring for ‘Delete Network Security Group Rule’ events gives insight into network access changes and may reduce the time it takes to detect suspicious activity.

Risk Level

Low

Address

Security, Operational Maturity

Compliance Standards

CISAZURE, CBP, SOC2, ISO27001, HIPAA

Triage and Remediation

Remediation

To remediate the misconfiguration “Ensure Activity Log Alert exists for Delete Network Security Group Rule” for Azure using Azure console, follow the below steps:

  1. Log in to the Azure portal (https://portal.azure.com/).
  2. Select the subscription for which you want to remediate the misconfiguration.
  3. Click on the “Activity log alerts” option from the left-hand side menu.
  4. Click on the ”+ Add activity log alert” button to create a new alert.
  5. In the “Basics” tab, provide a name for the alert, select the subscription, and resource group for which you want to create the alert.
  6. In the “Condition” tab, select the “Delete Network Security Group Rule” option from the “Event name” dropdown.
  7. In the “Actions” tab, select the action you want to take when the alert is triggered. You can choose to send an email, a webhook, or a SMS message.
  8. In the “Review + create” tab, review the alert configuration and click on the “Create” button to create the alert.

Once the alert is created, it will trigger whenever a network security group rule is deleted, and you will receive a notification based on the action you have configured. This will help you to identify and prevent accidental or unauthorized deletion of network security group rules.

Additional Reading: