Activity log alert should exist for Delete NSG
MEDIUM
Ensures an activity log alert is configured to detect deletion of entire Network Security Groups.
What does this mean?
This recommendation ensures Activity Log alerts trigger when a Network Security Group is deleted entirely. NSG deletion removes all associated security rules, potentially leaving resources completely unprotected at the network level.
Benefits of implementation
- Detects removal of network security boundaries
- Critical for preventing accidental exposure of resources
- Required for security monitoring compliance
Drawbacks and considerations
- Alert fires for both intentional and accidental deletions
- Requires operational response procedures
- Needs to be combined with other network monitoring
Implementation
Implementation guidance coming soon.
Related recommendations
Related recommendations will be linked here.
Frameworks
Details
- Risk Level
- MEDIUM
- Category
- Logging & Monitoring
- Azure Resource
- Frameworks
- 1 frameworks
- Last updated
- 2026-02-12