Activity log alert should exist for Create or Update NSG Rule
MEDIUM
Ensures an activity log alert is configured to detect creation or modification of NSG rules.
What does this mean?
This recommendation ensures Activity Log alerts are configured for NSG rule creation or updates. Changes to NSG rules can open or close network paths, directly affecting the security posture of connected resources.
Benefits of implementation
- Detects unauthorized network rule changes in real-time
- Supports change management and audit processes
- Enables rapid response to suspicious network modifications
Drawbacks and considerations
- Infrastructure-as-code deployments may trigger many alerts
- Requires tuning to reduce noise from planned changes
- Alert routing and response procedures must be established
Implementation
Implementation guidance coming soon.
Related recommendations
Related recommendations will be linked here.
Frameworks
Details
- Risk Level
- MEDIUM
- Category
- Logging & Monitoring
- Azure Resource
- Frameworks
- 1 frameworks
- Last updated
- 2026-02-12