Click the Azure Resource Graph tab to view the query
//under-development
Monitor changes in Network Security Groups with Azure Monitor
Impact:LowCategory:Monitoring and Alerting
APRL GUID:8bb4a57b-55e4-d24e-9c19-2679d8bc779f
Description:
Create Alerts with Azure Monitor for operations like creating or updating Network Security Group rules to catch unauthorized/undesired changes to resources and spot attempts to bypass firewalls or access resources from the outside.
Click the Azure Resource Graph tab to view the query
//AzureResourceGraphQuery//FindallNetworkSecurityGroupswithoutalertsformodificationconfigured.resources|wheretype=~"Microsoft.Network/networkSecurityGroups"|projectname,id,tags,lowerCaseNsgId=tolower(id)|joinkind=leftouter(resources|wheretype=~"Microsoft.Insights/activityLogAlerts"andproperties.enabled==true|mv-expandscope=properties.scopes|wherescopehas"Microsoft.Network/networkSecurityGroups"|projectalertName=name,conditionJson=dynamic_to_json(properties.condition.allOf),scope|whereconditionJsonhas'"Administrative"'and(//CreateorUpdateNetworkSecurityGroup(conditionJsonhas'"Microsoft.Network/networkSecurityGroups/write"')or//Alladministrativeoperations(conditionJson!has'"Microsoft.Network/networkSecurityGroups/write"'andconditionJson!has'"Microsoft.Network/networkSecurityGroups/delete"'andconditionJson!has'"Microsoft.Network/networkSecurityGroups/join/action"'))|projectlowerCaseNsgIdOfScope=tolower(scope))on$left.lowerCaseNsgId==$right.lowerCaseNsgIdOfScope|whereisempty(lowerCaseNsgIdOfScope)|projectrecommendationId="8bb4a57b-55e4-d24e-9c19-2679d8bc779f",name,id,tags,param1="ModificationAlert: Not configured/Disabled"