An activity log alert for the Change Network Security Group must exist. Monitoring change of network security group events gives notifies admins and other users when network changes ensuring any suspicious activity is dealt with at the right time.

Remediation Steps

Azure portal

  1. Navigate to Monitor > Alerts. and create a new alert rule.
  2. Select Scope >> Select Resource.
  3. Select your subscription
  4. Under Condition, click Select Condition.
  5. In the search, enter the term “ChangeNetwork Security Group” and select "Microsoft.Network/networkSecurityGroups/write"
  6. Under Action group, click Select action group.
  7. Select the desired action group to attach to the alert rule, or create one if needed, and click Select.
  8. Enter an alert rule name and description.
  9. Select a resource group.
  10. Click Rule

More Information