Detect Delete Network Security Group Events

The Real-Time Threat Monitoring and Analysis (RTMA) feature can essentially detect any API call related to configuration changes made to your network security groups. The activity detected by Trend Micro Cloud One™ – Conformity RTMA could be, for example, a user action initiated through the Microsoft Azure Portal or an API request initiated programmatically using Azure Command Line Interface (Azure CLI), that triggers the "Delete Network Security Group" operational event.

A network security group that is associated with a subnet or a network interface can't be deleted. If a network security group is disassociated and then deleted by an inexperienced user, your Azure virtual network configuration could be severely altered. To adhere to cloud security best practices and implement the Principle of Least Privilege (POLP), Trend Micro Cloud One™ – Conformity strongly recommends that you avoid as much as possible to provide your Azure users (except the network administrators) the permission to remove network security groups from your Microsoft Azure cloud account. The communication channels for sending RTMA notifications can be configured within your Conformity account. The list of supported communication channels that you can use to receive notification alerts for network security group deletion events are SMS, Email, Slack, Zendesk, ServiceNow, and PagerDuty.

Rationale

Monitoring your Microsoft Azure cloud account for "Delete Network Security Group" events can provide insight into the configuration changes made at the Azure virtual network level and can help you to reduce the time it takes to detect suspicious activity such as unsolicited or unauthorized delete requests made for network security groups. With Microsoft Azure network security groups, you can control the traffic to and from your Azure cloud resources, therefore, monitoring any configuration change performed at the network security group level is crucial for keeping your cloud infrastructure reliable and secure.