'Delete Network Security Group' activity log alert should be configured

azure.activity_log
이 페이지는 아직 한국어로 제공되지 않으며 번역 작업 중입니다. 번역에 관한 질문이나 의견이 있으시면 언제든지 저희에게 연락해 주십시오.

Description

To enhance the detection of suspicious activity and gain insights into network access changes, it is recommended to create an activity log alert specifically for the “Delete Network Security Group” event. Monitoring these events allows for quick detection and response to any unauthorized deletion of network security groups, reducing the time it takes to identify and address potential security threats.

Remediation

From the console

  1. Navigate to the Monitor blade.
  2. Select Alerts > Create > Alert rule.
  3. Under Filter by subscription, choose a subscription.
  4. Under Filter by resource type, select Network security groups.
  5. Under Filter by location, select All.
  6. From the results, select the subscription, then click Done.
  7. Click the Condition tab.
  8. Under Signal name, click Delete Network Security Group (Microsoft.Network/networkSecurityGroups).
  9. Click the Actions tab.
  10. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection.
  11. Click the Details tab.
  12. Select a Resource group, then provide an Alert rule name and an optional Alert rule description.
  13. Click Review + create.
  14. Click Create.