Azure Monitor

NSG No Diagnostic Settings

Risk Level: Low

Description

This plugin guarantees that network security groups have diagnostic settings. By enabling Log Analytics for Network Security Groups, logs are sent to a central repository where they can be searched and audited. In an Azure virtual network, a network security group may be used to restrict network traffic to and from Azure resources. A network security group is a collection of security rules that allow or disallow incoming and outgoing network traffic to and from various Azure services. 

PingSafe strongly recommends enabling diagnostic settings for Network Security Groups. 

About the Service :

Azure Monitor can help you improve the availability and performance of your apps and services. It provides a complete solution for gathering, evaluating, and responding to telemetry from the cloud and on-premises settings. This data enables you to better understand how your apps are doing and to detect concerns that may harm them or the resources they rely on in the future.

Impact : 

The logging data recorded for potentially unexpected activities occurring in otherwise unused regions is stored and made available later for incident response, investigations, and internal audit by configuring your account Log Profile to export the activity logs from Azure supported regions like Network security groups.

Steps to reproduce :

  1. Sign in to your Azure portal with your Azure account.
    https://portal.azure.com/#home 
  2. Navigate to Azure’s Monitor.
  3. Next, move to Activity Log and then move to Diagnostics Settings.

  4. Check if the diagnostic settings for NSG are enabled or not.
  5. Follow the same steps for other security groups as well.

To check if diagnostic settings are enabled for NSG or not check the Diagnostic Setting in the Activity Log in the Monitor Service of Azure.

Steps for remediation :

  1. Sign in to your Azure portal with your Azure account.
    https://portal.azure.com/#home 
  2. Navigate to Azure’s Monitor.
  3. Now, Navigate to Activity Log and then move to Diagnostics Settings.

  4. Now click on Add diagnostic setting and check Security and then Send to Log Analytics Workspace and click Save.
  5. Follow the same steps for other security groups as well.

References :

Please feel free to reach out to support@pingsafe.ai with any questions that you may have.

Thanks

PingSafe Support