More Info:

Security solution changes have been detected within your Microsoft Azure cloud account.

Risk Level

High

Address

Security

Compliance Standards

HIPAA, ISO27001, CISAZURE, CBP

Triage and Remediation

Remediation

Sure, here are the step by step instructions to remediate the misconfiguration of “Create Alert for Create or Update Security Solution Events” for Azure using Azure console:

  1. Login to the Azure portal (https://portal.azure.com/).
  2. Click on “All services” on the left-hand side of the page and search for “Security Center” in the search bar.
  3. Click on “Security Center” and select “Security policy” from the left-hand side menu.
  4. In the “Security policy” page, click on the “Edit” button to edit the security policy.
  5. Scroll down to the “Activity log alerts” section and click on the “Add activity log alert” button.
  6. In the “Add activity log alert” page, fill in the required fields:
    • Name: Enter a name for the alert.
    • Description: Enter a description for the alert.
    • Subscription: Select the subscription in which you want to create the alert.
    • Resource group: Select the resource group in which you want to create the alert.
    • Event category: Select “Security” from the drop-down menu.
    • Event type: Select “Microsoft.Security/complianceResults/write” from the drop-down menu.
    • Severity: Select the severity level for the alert.
    • Action group: Select an action group to trigger when the alert is fired.
    • Tags: Add relevant tags if required.
  7. Click on the “OK” button to create the alert.

Once the above steps are completed, you will have successfully remediated the misconfiguration of “Create Alert for Create or Update Security Solution Events” for Azure using Azure console. The alert will now be triggered whenever there is a “Create or Update Security Solution” event in your Azure environment.