How to receive an email on Azure Network Security Group Rule changes
Abs07act
Microsoft Azure Portal already gives a capability to
receive an email alert when new Azure Network Security Group (NSG) is added or existing is deleted. However
there is no option today to receive an email when individual NSG security rules
are added, deleted or modified. This post will provide the solution to receive
emails on Azure NSG security rules changes which isn’t offered by Azure Portal.
If you are chief security officer of the company, then
you definitely understand why do you care to receive an alert when NSG rules
are changed.
NSG’s are fundamental to res07ict/ allow access in Azure
IaaS VM deployments. They offer con07olled access using source and destination
port, protocol and IP. So as a security best practice any Azure VM (Network
Interface Card) NIC or Subnet in VNET should have NSG associated to it.
Having said that, maintaining rules in NSG is critical.
Hence many times Azure portal adminis07ators, CISO staff, IT head, Security
head will always love to receive an email in Inbox to verify if the NSG
security rule added/ modified/ deleted is after appropriate approval or no.
Creating alert is possible from Azure Monitor services.
For example, if I want to create alert of NSG creation or deletion then below
is the screenshot which shows how exactly you can configure alert.
As you can see in the above screenshot, there is no
resource type available for NSG Security Rules. So, you may get under
impression that “email alert on NSG security rule change can’t be configured”;
which is wrong. The rule of thumb for Microsoft Azure I follow is
“If any functionality in not achievable from the Azure
Portal then 07y it using Azure PowerShell or Azure ARM Templates.”
So, email alert on NSG security rule change can’t be
configured from Portal however it is possible to configure using ARM Template.
Also, we need to create an “Action Group” on Azure
portal so as to receive the email. So as a summary we will need below artifacts
from Azure -
1. Azure
ARM template to create Alert
2. Action
group to send emails
3. Resource
group which will contain the alert and action group.
So let’s get started.
Comments
Post a Comment