AZT506 - Network Security Group Modification#
Adversaries can modify the rules in a Network Security Group to establish access over additional ports.
Resource
Network Security Group
Actions
- Microsoft.Network/networkSecurityGroups/*
Examples
Detections
Logs#
Data Source | Operation Name | Action | Log Provider |
---|---|---|---|
Resource | Create or Update Security Rule | Microsoft.Network/networkSecurityGroups/securityRules/write | AzureActivity |
Queries#
Platform | Query |
---|---|
Log Analytics | AzureActivity | where OperationNameValue=='MICROSOFT.NETWORK/NETWORKSECURITYGROUPS/SECURITYRULES/WRITE' |
Azure Monitor Alert#
Additional Resources
https://docs.microsoft.com/en-us/azure/virtual-network/manage-network-security-group