| Plugin Title | NSG Log Analytics Enabled |
| Cloud | AZURE |
| Category | Monitor |
| Description | Ensures Network Security Group logs are sent to the Log Analytics workspace |
| More Info | Enabling Log Analytics for Network Security Groups ensures that logs are shipped to a central repository that can be queried and audited. |
| AZURE Link | https://docs.microsoft.com/en-us/azure/azure-monitor/platform/collect-activity-logs |
| Recommended Action | Enable sending of logs to Log Analytics for each Network Security Group resource in the Azure Monitor. |
- Log in to the Microsoft Azure Management Console.
- Select the "Search resources, services, and docs" option at the top and search for "Network security groups".
- Select the "Network Security Group" which needs to be verified.
- On the "Network security groups" page, scroll down the left navigation panel and choose "Diagnostics Settings" under "Monitoring".
- On the "Network security groups - Diagnostic Setting" page if "No diagnostic settings defined" is showing for the selected "Network Security Group" then logs are not being sent to the Log Analytics workspace.
- To enable sending of logs to Log Analytics for each Network Security Group, on the "Diagnostic settings" page click on the "Add diagnostic setting" option.
- On the "Diagnostics Settings" page enter the "Diagnostic setting name", click the checkbox for "Send to Log Analytics workspace", select the "Subscription" and an existing Log Analytics workspace, or create a workspace. Under "Logs" select categories "NetworkSecurityGroupEvent" and "NetworkSecurityGroupRuleCounter".
- Click on the "Save" button at the top to make the necessary changes.
- Repeat steps number 7 - 9 to enable sending of logs to Log Analytics for each Network Security Group resource in the Azure Monitor.
