More Info:
Security solution changes have been detected within your Microsoft Azure cloud account.Risk Level
HighAddress
SecurityCompliance Standards
HIPAA, CISAZURE, CBP, ISO27001Triage and Remediation
Remediation
Using Console
Using Console
Sure, here are the step-by-step instructions to remediate the misconfiguration of creating an alert for “Delete Security Solution” events in Azure using the Azure console:
- Open the Azure portal and navigate to the Security Center.
- Click on “Security policy” from the left-hand menu.
- Select the policy that you want to update.
- Scroll down to the “Alerts” section and click on “Add alert”.
- In the “Create alert rule” window, select the “Activity log” option.
- Under “Event types”, select “Service Health” and then select “Service health status changes”.
- In the “Service health status changes” section, select “Resolved” and “Dismissed” as the status changes to be alerted for.
- Under “Actions”, select “Email/SMS/Push/Voice” and add the email addresses of the people who should be alerted.
- Click on “Create alert rule” to save the configuration.
Using CLI
Using CLI
To remediate the misconfiguration of not having an alert for “Delete Security Solution” events in Azure using Azure CLI, follow these steps:Replace the placeholders
- Open the Azure CLI on your local machine or Azure Cloud Shell.
- Run the following command to create a new activity log alert rule:
<alert-name>
, <alert-description>
, <resource-group-name>
, and <action-group-name>
with the appropriate values for your environment.- The
--condition
parameter specifies the condition for the alert rule. In this case, it is set to trigger when an administrative action is taken to delete a security solution. You can modify this condition to suit your specific needs. - The
--action
parameter specifies the action to take when the alert is triggered. You can specify an action group that contains one or more actions, such as sending an email notification or invoking a webhook. - Once the command completes successfully, the alert rule will be created and enabled.
Using Python
Using Python
To remediate the misconfiguration of not having an alert for “Delete Security Solution” events in Azure, you can follow these steps using Python:This will create an alert rule in Azure that will send an email notification to the specified email address when a “Delete Security Solution” event is detected.
- Install the Azure SDK for Python using the following command:
- Import the required modules:
- Set up the Azure credentials by creating a Service Principal:
- Create a MonitorManagementClient object:
- Define the alert rule condition:
- Define the alert rule action:
- Create the alert rule: