Activity log alert should exist for Create or Update NSG
MEDIUM
Ensures an activity log alert is configured to detect creation or modification of Network Security Groups.
What does this mean?
This recommendation ensures Activity Log alerts are configured for NSG creation or updates. Changes to NSGs affect network security boundaries and should be monitored for unauthorized modifications.
Benefits of implementation
- Detects creation of new network security boundaries
- Enables monitoring of NSG configuration changes
- Supports security audit and change management
Drawbacks and considerations
- Infrastructure deployments may trigger multiple alerts
- Requires tuning to distinguish planned from unplanned changes
- Alert fatigue in dynamic environments
Implementation
Implementation guidance coming soon.
Related recommendations
Related recommendations will be linked here.
Frameworks
Details
- Risk Level
- MEDIUM
- Category
- Logging & Monitoring
- Azure Resource
- Frameworks
- 1 frameworks
- Last updated
- 2026-02-12