Skip to content
TheCloud.Events

Microsoft.Network/networkSecurityGroups/delete

CSP: Azure
Tactics:
Defense Evasion
Techniques:
T1562
Tags:
Azure Network Security Group

Event

Deletes a network security group, removing network access controls from associated resources.

Security Context

  • Deleting a network security group removes all inbound and outbound traffic filtering rules from associated subnets and NICs, leaving resources exposed to unrestricted network access.
  • Adversaries delete NSGs to remove network-level defenses, enabling direct access to previously protected resources or opening egress paths for data exfiltration.

Log Source

Azure Activity Log

Sample Event

MITRE ATT&CK Mapping

Tactics: Defense Evasion

Techniques:
  • T1562 — Impair Defenses — Adversaries may maliciously modify components of a victim environment in order to hinder or disable defensive mechanisms. This not only involves impairing preventative defenses, such as firewalls and anti-virus, but also detection capabilities that defenders can use to audit activity and identify...