Activity Log Alert Does Not Exist for Delete Policy Assignment

Overview

Create an activity log alert for the Delete Policy Assignment event.

Monitoring for delete policy assignment events gives insight into changes done in "Azure policy - assignments" and can reduce the time it takes to detect unsolicited changes.

Vendor

Azure

Cloud Service

Monitor

CIS Azure v2.0.0 5.2.2

References

https://docs.microsoft.com/en-in/azure/azure-monitor/platform/alerts-activity-log, https://docs.microsoft.com/en-in/rest/api/monitor/activitylogalerts/createorupdate, https://docs.microsoft.com/en-in/rest/api/monitor/activitylogalerts/listbysubscriptionid, https://docs.microsoft.com/en-us/security/benchmark/azure/security-controls-v3-logging-threat-detection#lt-3-enable-logging-for-security-investigation, https://azure.microsoft.com/en-us/services/blueprints/

Severity

Item Types

Custom::Microsoft::Subscription

Overview​

Vendor​

Cloud Service​

Related Controls​

References​

Severity​

Item Types​