Description:
Create an Activity Log Alert for the Create or Update Network Security Group event.
Rationale:
Monitoring for Create or Update Network Security Group events gives insight into network access changes and may reduce the time it takes to detect suspicious activity.
From Azure Portal
From Azure CLI
az monitor activity-log alert create --resource-group "" --condition category=Administrative and operationName=Microsoft.Network/networkSecurityGroups/write and level=verbose --scope "/subscriptions/" --name "" --subscription --action-group --location global
From PowerShell
Create the 'Conditions' object.
$conditions = @()
$conditions += New-AzActivityLogAlertAlertRuleAnyOfOrLeafConditionObject -Equal Administrative -Field category
$conditions += New-AzActivityLogAlertAlertRuleAnyOfOrLeafConditionObject -Equal Microsoft.Network/networkSecurityGroups/write -Field operationName
$conditions += New-AzActivityLogAlertAlertRuleAnyOfOrLeafConditionObject -Equal Verbose -Field level
Retrieve the 'Action Group' information and store in a variable, then create the 'Actions' object.
$actionGroup = Get-AzActionGroup -ResourceGroupName -Name
$actionObject = New-AzActivityLogAlertActionGroupObject -Id $actionGroup.Id
Create the 'Scope' object
$scope = "/subscriptions/"
Create the 'Activity Log Alert Rule' for 'Microsoft.Network/networkSecurityGroups/write'
New-AzActivityLogAlert -Name "" -ResourceGroupName "" -Condition $conditions -Scope $scope -Location global -Action $actionObject -Subscription -Enabled $true