'Delete Public Ip Address Rule' activity log alert should be configured
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。
Description
To enhance network security monitoring and expedite the detection of suspicious activity, it is recommended to create an activity log alert specifically for the “Delete Public IP Addresses Rule” event. By enabling this alert, you gain valuable insights into the deletions of public IP addresses rules. It is important to note that enabling this alert may result in a substantial increase in log size, particularly if there are numerous administrative actions performed on a server. However, the benefits of improved security monitoring outweigh the potential impact on log size.
From the console
- Navigate to the Monitor blade.
- Select Alerts > Create > Alert rule.
- Under Filter by subscription, choose a subscription.
- Under Filter by resource type, select Public IP addresses.
- Under Filter by location, select All.
- From the results, select the subscription, then click Done.
- Select the Condition tab.
- Under Signal name, click Delete Delete Public Ip Address (Microsoft.Network/publicIPAddresses).
- Select the Actions tab.
- To use an existing action group, click Select action groups. To create a new action group, click Create action group. Fill out the appropriate details for the selection.
- Select the Details tab.
- Select a Resource group, provide an Alert rule name and an optional Alert
rule description.
- Click Review + create.
- Click Create.