AZT506 - Network Security Group Modification#
Adversaries can modify the rules in a Network Security Group to establish access over additional ports.
Resource
Network Security Group
Actions
- Microsoft.Network/networkSecurityGroups/*
Examples
Detections
Logs#
Data Source | Operation Name | Action | Log Location |
---|---|---|---|
Resource | Create or Update Security Rule | Microsoft.Network/networkSecurityGroups/securityRules/write | Azure Activity Log |
Queries#
|where OperationNameValue=="Microsoft.Network/networkSecurityGroups/securityRules/write"
Additional Resources
https://docs.microsoft.com/en-us/azure/virtual-network/manage-network-security-group