security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

deprecating 'Azure Virtual Network Device Modified or Deleted' (#4559)

Browse Source
This commit is contained in:
Terrance DeJesus
2025-03-27 10:09:34 -04:00
committed by GitHub
parent 51826ed32f
commit 2f3f4fbdef
1 changed files with 7 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules/integrations/azure/impact_virtual_network_device_modified.toml
+7 -3
View File
@@ -2,13 +2,15 @@
creation_date = "2020/08/12"
integration = ["azure"]
maturity = "production"
updated_date = "2025/01/15"
updated_date = "2025/03/24"
[rule]
author = ["Austin Songer"]
description = """
Identifies when a virtual network device is modified or deleted. This can be a network virtual appliance, virtual hub,
or virtual router.
**Deprecated Notice** - This rule has been deprecated in favor of other rules that provide more contextual threat behavior for Azure Virtual Network.
"""
false_positives = [
"""
@@ -22,13 +24,15 @@ from = "now-25m"
index = ["filebeat-*", "logs-azure*"]
language = "kuery"
license = "Elastic License v2"
name = "Azure Virtual Network Device Modified or Deleted"
name = "Deprecated - Azure Virtual Network Device Modified or Deleted"
note = """## Triage and analysis
**Deprecated Notice** - This rule has been deprecated in favor of other rules that provide more contextual threat behavior for Azure Virtual Network.
> **Disclaimer**:
> This investigation guide was created using generative AI technology and has been reviewed to improve its accuracy and relevance. While every effort has been made to ensure its quality, we recommend validating the content and adapting it to suit your specific environment and operational needs.
### Investigating Azure Virtual Network Device Modified or Deleted
### Investigating Deprecated - Azure Virtual Network Device Modified or Deleted
Azure virtual network devices, such as network interfaces, virtual hubs, and routers, are crucial for managing network traffic and connectivity in cloud environments. Adversaries may target these devices to disrupt services or reroute traffic for malicious purposes. The detection rule monitors specific Azure activity logs for operations indicating modifications or deletions of these devices, helping identify potential unauthorized changes that could signify an attack.