Free Assessment

Azure_Monitor_2

Ensure that Activity Log Alert exists for Create or Update Network Security Group

Description

Create an Activity Log Alert for the Create or Update Network Security Group event.

Remediation

Azure Command Line Interface 2.0:

Use the below command to create an Activity Log Alert for Create or Update Network
Security Groups.

az account get-access-token –query {subscription:subscription,accessToken:accessToken} –out tsv | xargs -L1 bash -c ‘ curl – X PUT – H Authorization : Bearer $1 – H Content – Type : application / json https :// management.azure.com / subscriptions / $0 / resourceGroups /& lt;Resource_Group_ToCreate_Alert_In & gt;/ providers / microsoft.insights / activityLogAlerts /& lt;Unique_Alert_Name & gt;?api – version = 2017 – 04 – 01 – d@input.json ‘

Where input.json contains the Request body JSON data as mentioned below.

{location:Global,tags:{},properties:{scopes:[/subscriptions/<Subscription_ID>],enabled:true,condition:{allOf:[{containsAny:null,equals:Administrative,field:category},{containsAny:null,equals:Microsoft.Network/networkSecurityGroups/write,field:operationName}]},actions:{actionGroups:[{actionGroupId:/subscriptions/<Subscription_ID>/resourceGroups/<Resource_Group_For_Alert_Group > /providers/microsoft.insights / actionGroups / < Alert_Group > ,webhookProperties:null}]}}}

Configurable Parameters for command line:

  1. <Resource_Group_To Create_Alert_In>
  2. <Unique_Alert_Name>

Configurable Parameters for input.json :

  1. <Subscription_ID> in scopes
  2. <Subscription_ID> in actionGroupId
  3. <Resource_Group_For_Alert_Group> in actionGroupId
  4. <Alert_Group> in actionGroupId

References:

  1. https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement
  2. https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log
  3. https://docs.microsoft.com/en-in/rest/api/monitor/activitylogalerts/createorupdate
  4. https://docs.microsoft.com/en-in/rest/api/monitor/activitylogalerts/listbysubscriptionid 

Service

Logging and Monitoring

Severity

Medium

Compliance

Mapping

Want to Know More?

Learn how our partners are managing their cloud security and compliance with Cloudlytics.

I hereby accept the GDPR and Privacy Policy, by subscribing to the newsletters.

Cloudlytics

Solutions

Resources

Company

Legal

Facebook Twitter Linkedin Youtube
Start Free Trial
Login

CLOSE

We are now live on AWS Marketplace.
The integrated view of your cloud infrastructure is now easier than ever!

Learn More