Skip to content

AZT506 - Network Security Group Modification#

Adversaries can modify the rules in a Network Security Group to establish access over additional ports.

Resource

Network Security Group

Actions

  • Microsoft.Network/networkSecurityGroups/*

Detections

Logs#

Data Source Operation Name Action Log Location
Resource Create or Update Security Rule Microsoft.Network/networkSecurityGroups/securityRules/write Azure Activity Log

Queries#

      |where OperationNameValue=="Microsoft.Network/networkSecurityGroups/securityRules/write"