More Info:
Monitoring for ‘Delete Network Security Group’ events gives insight into network access changes and may reduce the time it takes to detect suspicious activity.Risk Level
LowAddress
Security, Operational MaturityCompliance Standards
CISAZURE, CBP, SOC2, ISO27001, HIPAA, HITRUST, NISTCSFTriage and Remediation
Remediation
Using Console
Using Console
Sure, here are the step-by-step instructions to remediate the misconfiguration “Ensure Activity Log Alert exists for Delete Network Security Group” for Azure using the Azure console:
- Log in to the Azure portal (https://portal.azure.com/).
- Click on “Monitor” from the left-hand menu.
- Click on “Activity log” from the “Monitor” menu.
- Click on the “Alerts” tab.
- Click on the “New alert rule” button.
- In the “Create rule” page, select the “Resource Manager” option.
- In the “Condition” section, select “Delete Network Security Group” from the “Event name” drop-down menu.
- In the “Actions” section, select “Create action group” and click on the “OK” button.
- In the “Create action group” page, provide a name for the action group, select the “Email/SMS/Push/Voice” option, and enter the email address or phone number to receive the alert.
- Click on the “OK” button to create the action group.
- In the “Create rule” page, provide a name for the alert rule, select the action group you just created, and click on the “Create alert rule” button.
Using CLI
Using CLI
To remediate the misconfiguration of not having an Activity Log Alert for Delete Network Security Group in Azure using Azure CLI, follow these steps:Replace This will display a list of all the activity log alerts configured in your Azure environment, including the one you just created.By following these steps, you can remediate the misconfiguration of not having an Activity Log Alert for Delete Network Security Group in Azure using Azure CLI.
- Open Azure CLI on your machine.
- Run the following command to create an Activity Log Alert for Delete Network Security Group:
<Alert_Name>
with the name of the alert you want to create, <Alert_Description>
with a brief description of the alert, and <Email_Address>
with the email address to which the alert should be sent.- Once the command is executed successfully, the alert will be created and configured to send an email notification whenever a Network Security Group is deleted.
- You can verify the alert by running the following command:
Using Python
Using Python
To remediate the misconfiguration “Ensure Activity Log Alert exists for Delete Network Security Group” in Azure using Python, you can follow the below steps:Step 1: Install the Azure SDK for Python using the following pip command:Step 2: Use the below code to check if an Activity Log Alert exists for Delete Network Security Group:Step 3: If the output of the above code is “Activity Log Alert does not exist for Delete Network Security Group”, then you can use the below code to create an Activity Log Alert for Delete Network Security Group:Note: Replace the placeholders
<your_tenant_id>
, <your_client_id>
, <your_client_secret>
, <your_subscription_id>
, <your_resource_group_name>
, <your_activity_log_alert_name>
, <your_activity_log_alert_description>
, <your_network_security_group_resource_id>
and <your_action_group_id>
with the actual values for your Azure environment.