From 2f3f4fbdef5fc9d96382b7e8cbfe9edd8c326993 Mon Sep 17 00:00:00 2001 From: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com> Date: Thu, 27 Mar 2025 10:09:34 -0400 Subject: [PATCH] deprecating 'Azure Virtual Network Device Modified or Deleted' (#4559) --- .../azure/impact_virtual_network_device_modified.toml | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/rules/integrations/azure/impact_virtual_network_device_modified.toml b/rules/integrations/azure/impact_virtual_network_device_modified.toml index 36052a039..7436a8d43 100644 --- a/rules/integrations/azure/impact_virtual_network_device_modified.toml +++ b/rules/integrations/azure/impact_virtual_network_device_modified.toml @@ -2,13 +2,15 @@ creation_date = "2020/08/12" integration = ["azure"] maturity = "production" -updated_date = "2025/01/15" +updated_date = "2025/03/24" [rule] author = ["Austin Songer"] description = """ Identifies when a virtual network device is modified or deleted. This can be a network virtual appliance, virtual hub, or virtual router. + +**Deprecated Notice** - This rule has been deprecated in favor of other rules that provide more contextual threat behavior for Azure Virtual Network. """ false_positives = [ """ @@ -22,13 +24,15 @@ from = "now-25m" index = ["filebeat-*", "logs-azure*"] language = "kuery" license = "Elastic License v2" -name = "Azure Virtual Network Device Modified or Deleted" +name = "Deprecated - Azure Virtual Network Device Modified or Deleted" note = """## Triage and analysis +**Deprecated Notice** - This rule has been deprecated in favor of other rules that provide more contextual threat behavior for Azure Virtual Network. + > **Disclaimer**: > This investigation guide was created using generative AI technology and has been reviewed to improve its accuracy and relevance. While every effort has been made to ensure its quality, we recommend validating the content and adapting it to suit your specific environment and operational needs. -### Investigating Azure Virtual Network Device Modified or Deleted +### Investigating Deprecated - Azure Virtual Network Device Modified or Deleted Azure virtual network devices, such as network interfaces, virtual hubs, and routers, are crucial for managing network traffic and connectivity in cloud environments. Adversaries may target these devices to disrupt services or reroute traffic for malicious purposes. The detection rule monitors specific Azure activity logs for operations indicating modifications or deletions of these devices, helping identify potential unauthorized changes that could signify an attack.