- 필수 기능
- 시작하기
- Glossary
- 표준 속성
- Guides
- Agent
- 통합
- 개방형텔레메트리
- 개발자
- API
- Datadog Mobile App
- CoScreen
- Cloudcraft
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- APM
- Continuous Profiler
- 스팬 시각화
- 데이터 스트림 모니터링
- 데이터 작업 모니터링
- 디지털 경험
- 소프트웨어 제공
- 보안
- AI Observability
- 로그 관리
- 관리
Create an activity log alert for the Delete Network Security Group event.
By monitoring for delete betwork security group events, you gain insight into network access changes and may reduce the time it takes to detect suspicious activity.
Navigate to Monitor.
Select Alerts.
Click On New Alert Rule.
Under Scope, click Select resource.
Select the appropriate subscription under Filter by subscription.
Select Network Security Groups under Filter by resource type.
Select All for Filter by location.
Click on the subscription resource from the entries populated under Resource.
Click Done.
Verify that Selection preview shows Network Security Groups and your selected subscription name
Under Condition, click Add Condition.
Select Delete Network Security Group signal.
Click Done.
Under Action group, select Add action groups and either complete the creation process, or select the appropriate action group.
Under Alert rule details, enter Alert rule name and Description.
Select appropriate resource group to save the alert to.
Click on the Enable alert rule upon creation checkbox.
Click Create alert rule.
az account get-access-token --query "{subscription:subscription,accessToken:accessToken}" --out tsv | xargs -L1 bash -c 'curl -X PUT -H "Authorization: Bearer $1" -H "Content-Type: application/json" https://management.azure.com/subscriptions/$0/resourceGroups/<Resource_Group_ To_Create_Alert_In>/providers/microsoft.insights/activityLogAlerts/<Unique_Alert _Name>?api-version=2017-04-01 -d@"input.json"'
Where input.json
contains the request body JSON data as mentioned below.
{
"location": "Global",
"tags": {},
"properties": {
"scopes": [
"/subscriptions/<Subscription_ID>"
],
"enabled": true,
"condition": {
"allOf": [
{
"containsAny": null,
"equals": "Administrative",
"field": "category"
},
{
"containsAny": null,
"field": "operationName",
"equals": "Microsoft.Network/networkSecurityGroups/delete"
}
]
},
"actions": {
"actionGroups": [
{
"actionGroupId": "/subscriptions/<Subscription_ID>/resourceGroups/<Resource_Group_For_Alert_Gr oup>/providers/microsoft.insights/actionGroups/<Alert_Group>",
"webhookProperties": null
}
]
},
}
}
Version 7, 6.3 - Enable Detailed Logging: Enable system logging to include detailed information such as an event source, date, user, timestamp, source addresses, destination addresses, and other useful elements.