Trend Micro Cloud One™ – Conformity Real-Time Threat Monitoring and Analysis (RTMA) engine has detected "Delete Network Security Group" events within your Microsoft Azure cloud account.
Network security groups can be used to filter network traffic to and from cloud resources provisioned in your Azure virtual network. A network security group acts as a virtual firewall and contains security rules that allow or deny inbound and outbound network traffic to and from your Azure cloud resources. You can associate a network security group to each virtual network subnet and network interface created within your Azure virtual network.
The Real-Time Threat Monitoring and Analysis (RTMA) feature can essentially detect any API call related to configuration changes made to your network security groups. The activity detected by Trend Micro Cloud One™ – Conformity RTMA could be, for example, a user action initiated through the Microsoft Azure Portal or an API request initiated programmatically using Azure Command Line Interface (Azure CLI), that triggers the "Delete Network Security Group" operational event.
A network security group that is associated with a subnet or a network interface can't be deleted. If a network security group is disassociated and then deleted by an inexperienced user, your Azure virtual network configuration could be severely altered. To adhere to cloud security best practices and implement the Principle of Least Privilege (POLP), Trend Micro Cloud One™ – Conformity strongly recommends that you avoid as much as possible to provide your Azure users (except the network administrators) the permission to remove network security groups from your Microsoft Azure cloud account. The communication channels for sending RTMA notifications can be configured within your Conformity account. The list of supported communication channels that you can use to receive notification alerts for network security group deletion events are SMS, Email, Slack, Zendesk, ServiceNow, and PagerDuty.
Monitoring your Microsoft Azure cloud account for "Delete Network Security Group" events can provide insight into the configuration changes made at the Azure virtual network level and can help you to reduce the time it takes to detect suspicious activity such as unsolicited or unauthorized delete requests made for network security groups. With Microsoft Azure network security groups, you can control the traffic to and from your Azure cloud resources, therefore, monitoring any configuration change performed at the network security group level is crucial for keeping your cloud infrastructure reliable and secure.
Unlock the Remediation Steps
Gain free unlimited access
to our full Knowledge Base
Over 750 rules & best practices
Get started for FREE
You are auditing:
Detect Delete Network Security Group Events
Risk level: High