Azure Network Security Groups or Rules Created, Modified, or Deleted
Set up the azure integration.
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。
Goal
Detect when an Azure network security group or an Azure network security rule has been created, modified, or deleted.
Strategy
Monitor Azure activity logs and detect when the @evt.name
is equal to any one of the following names:
MICROSOFT.NETWORK/NETWORKSECURITYGROUPS/WRITE
MICROSOFT.NETWORK/NETWORKSECURITYGROUPS/DELETE
MICROSOFT.NETWORK/NETWORKSECURITYGROUPS/SECURITYRULES/WRITE
MICROSOFT.NETWORK/NETWORKSECURITYGROUPS/SECURITYRULES/DELETE
and @evt.outcome
is equal to Success
.
Triage and response
Inspect the security group or security rule and determine if it exposes any Azure resources that should not be exposed.