iCompaas Support

Description:

This control ensures an Azure Activity Log Alert is configured to detect when a Public IP address is created or modified. Since Public IP addresses expose Azure resources to the internet, monitoring these changes is essential for reducing security risks. The alert enables real-time visibility into configuration changes that directly affect external access. This helps administrators quickly identify and investigate network exposure events.

Rationale:

Without monitoring Public IP changes, unauthorized exposure may go unnoticed and increase the risk of attacks. Automated alerts enable timely detection of risky modifications, support rapid incident response, and help maintain compliance through improved visibility and audit tracking of network configuration changes.

Default Value:

By default, no Activity Log Alert is configured to monitor the creation or modification of Public IP addresses.

Impact:

Enabling this alert provides quick visibility into external exposure changes with minimal impact, limited to receiving notifications.

Test Plan:

1. Sign in to the Azure Portal at https://portal.azure.com

2. Navigate to Monitor

3. Select Alerts

4. Open Alert rules

5. Verify an Activity Log Alert exists for Create or Update Public IP Address

6. Verify the alert scope includes the required subscription

7. Verify that an Action Group is associated

8. If the alert does not exist, follow the implementation steps

Implementation steps:

1. Sign in to the Azure Portal at https://portal.azure.com

2. Navigate to Monitor

3. Select Alerts

4. Click Create and select Alert rule

5. Set the Scope to the appropriate subscription

6. Under Condition, click See all signals, search for Create or Update Public IP Address, and select the signal

7. Associate with an existing Action Group or create a new one

8. Provide an alert rule name and select a resource group

9. Click Review + Create

10. Click Create

Backout Plan:

1. Sign in to the Azure Portal at https://portal.azure.com

2. Navigate to Monitor

3. Select Alerts

4. Open Alert rules

5. Locate the Create or Update Public IP Address alert

6. Delete the alert rule

7. Confirm the deletion

References:

• https://learn.microsoft.com/en-us/azure/azure-monitor/alerts/activity-log-alerts

• https://learn.microsoft.com/en-us/azure/azure-monitor/alerts/alerts-create-new-alert-rule

• https://learn.microsoft.com/en-us/azure/virtual-network/public-ip-addresses