Activity log alert should exist for Delete NSG Rule
MEDIUM
Ensures an activity log alert is configured to detect deletion of NSG rules.
What does this mean?
This recommendation ensures that Activity Log alerts trigger when Network Security Group rules are deleted. Deleting NSG rules can open network paths that were previously restricted, potentially exposing resources to unauthorized access.
Benefits of implementation
- Immediate notification when network security rules are removed
- Enables rapid response to unauthorized network changes
- Supports security audit requirements
Drawbacks and considerations
- Generates alerts for both planned and unplanned changes
- Requires integration with incident response workflows
- May produce noise during infrastructure deployments
Implementation
Implementation guidance coming soon.
Related recommendations
Related recommendations will be linked here.
Frameworks
Details
- Risk Level
- MEDIUM
- Category
- Logging & Monitoring
- Azure Resource
- Frameworks
- 1 frameworks
- Last updated
- 2026-02-12