'Delete Network Security Group' activity log alert should be configured

azure.activity_log
이 페이지는 아직 영어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

Description

To enhance the detection of suspicious activity and gain insights into network access changes, it is recommended to create an activity log alert specifically for the “Delete Network Security Group” event. Monitoring these events allows for quick detection and response to any unauthorized deletion of network security groups, reducing the time it takes to identify and address potential security threats.

Remediation

From the console

  1. Navigate to the Monitor blade.
  2. Select Alerts > Create > Alert rule.
  3. Under Filter by subscription, choose a subscription.
  4. Under Filter by resource type, select Network security groups.
  5. Under Filter by location, select All.
  6. From the results, select the subscription, then click Done.
  7. Click the Condition tab.
  8. Under Signal name, click Delete Network Security Group (Microsoft.Network/networkSecurityGroups).
  9. Click the Actions tab.
  10. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection.
  11. Click the Details tab.
  12. Select a Resource group, then provide an Alert rule name and an optional Alert rule description.
  13. Click Review + create.
  14. Click Create.