Description
Create an activity log alert for the Create or Update Public IP Addresses event.
Rationaleβ
Monitoring for Create or Update Public IP Address events gives insight into network access changes and may reduce the time it takes to detect suspicious activity.
Impactβ
There will be a substantial increase in log size if there are a large number of administrative actions on a server.
Auditβ
This policy evaluates Azure Subscriptions for the presence of an Azure Activity Log Alert that captures Create or Update Public IP Addresses events. A subscription is marked asΒ INCOMPLIANTΒ if it does not have an Activity Log Alert whose Condition JSON filters on theΒ Microsoft.Network/publicIPAddresses/writeΒ operation.
Default Valueβ
By default, no monitoring alerts are created or active.
Referencesβ
- https://azure.microsoft.com/en-us/updates/classic-alerting-monitoring-retirement
- https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log
- https://docs.microsoft.com/en-in/rest/api/monitor/activitylogalerts/createorupdate
- https://docs.microsoft.com/en-in/rest/api/monitor/activitylogalerts/listbysubscriptionid
- https://learn.microsoft.com/en-us/security/benchmark/azure/mcsb-logging-threat-detection#lt-3-enable-logging-for-security-investigation