Microsoft.Network/networkSecurityGroups/securityRules/write
Event
Creates or updates a security rule in an Azure Network Security Group, controlling inbound or outbound traffic.
Security Context
- Modifying network security controls can open unauthorized access paths while removing evidence of the original restrictive configuration.
- Lateral movement techniques allow adversaries to expand their foothold by accessing additional systems and services within the environment.
Log Source
Azure Activity Log
Sample Event
MITRE ATT&CK Mapping
Tactics: Defense Evasion Lateral Movement
Techniques:
- T1562.007 — Disable or Modify Cloud Firewall — Adversaries may disable or modify a firewall within a cloud environment to bypass controls that limit access to cloud resources. Cloud firewalls are separate from system firewalls that are described in Disable or Modify System Firewall.