'Delete Security Solution' activity log alert should be configured

This page is not yet available in Spanish. We are working on its translation.
If you have any questions or feedback about our current translation project, feel free to reach out to us!

Description

To enhance the detection of suspicious activity and gain insights into changes made to active security solutions, it is recommended to create an activity log alert specifically for the “Delete Security Solution” event. By monitoring these events, you can quickly detect any unauthorized deletions of security solutions, reducing the time it takes to identify and respond to potential security threats.

Remediation

From the console

  1. Navigate to the Monitor blade.
  2. Select Alerts > Create > Alert rule.
  3. Under Filter by subscription, choose a subscription.
  4. Under Filter by resource type, select Security Solutions (securitySolutions).
  5. Under Filter by location, select All.
  6. From the results, select the subscription, then click Done.
  7. Click the Condition tab.
  8. Under Signal name, click Delete Delete Security Solutions (Microsoft.Security/securitySolutions).
  9. Click the Actions tab.
  10. To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection.
  11. Click the Details tab.
  12. Select a Resource group, then provide an Alert rule name and an optional Alert rule description.
  13. Click Review + create.
  14. Click Create.
PREVIEWING: mcretzman/DOCS-9337-add-cloud-info-byoti