Description
An activity log alert for the Delete Network Security Group must exist. Monitoring Deletion of network security group events gives notifies admins and other users when network changes ensuring any suspicious activity is dealt with at the right time.
Remediation Steps
Azure portal
- Navigate to Monitor > Alerts. and create a new alert rule.
- Select Scope >> Select Resource.
- Select your subscription
- Under Condition, click Select Condition.
- In the search, enter the term “Delete Network Security Group” and select “Delete Network Security Group (Microsoft. Network/network security groups).”
- Under Action group, click Select action group.
- Select the desired action group to attach to the alert rule, or create one if needed, and click Select.
- Enter an alert rule name and description.
- Select a resource group.
- Click Rule
More Information
https://docs.microsoft.com/en-in/azure/azure-monitor/alerts/alerts-activity-log
https://docs.microsoft.com/en-in/azure/azure-monitor/alerts/alerts-metric