Azure SQL Server Firewall Rules Created or Modified
Incident Management is now generally available! Incident Management is now generally available!
<  Back to rules search

Azure SQL Server Firewall Rules Created or Modified

azure

Classification:

compliance

Set up the azure integration.

Overview

Goal

Detect when an Azure network security rule has been created, modified, or deleted.

Strategy

Monitor Azure activity logs and detect when the @evt.name is equal to any of the following names:

  • MICROSOFT.NETWORK/NETWORKSECURITYGROUPS/SECURITYRULES/WRITE
  • MICROSOFT.NETWORK/NETWORKSECURITYGROUPS/SECURITYRULES/DELETE

and @evt.outcome is equal to Success.

Triage && Response

  1. Inspect the security rule and determine if it exposes any Azure resources that should not be made public.