Ensure that network security group monitoring is enabled within your Microsoft Azure cloud account so that Azure Security Center service can audit the network security groups associated with your VMs for overly permissive traffic rules.
This rule resolution is part of the Cloud Conformity Security & Compliance tool for Azure
When "Monitor Network Security Groups" feature is enabled, it detects network security groups with too permissive rules and recommends that these be configured to control the inbound and outbound traffic to virtual machines that have public endpoints. Network security groups that are configured for a subnet are inherited by all VM network interfaces unless otherwise specified.
Audit
To determine if "Monitor Network Security Groups" feature is enabled in Azure Security Center, perform the following actions:
Remediation / Resolution
To enable network security group monitoring for your Microsoft Azure virtual machines (VMs), perform the following actions:
References
- Azure Official Documentation
- Working with security policies
- Enable Network Security Groups in Azure Security Center
- Azure Command Line Interface (CLI) Documentation
- az
- az account get-access-token
Unlock the Remediation Steps
Gain free unlimited access
to our full Knowledge Base
Over 750 rules & best practices
for and
Get started for FREE
You are auditing:
Enable Network Security Group Monitoring
Risk level: Medium