Query Details
NSG Changesby Userand Resource
Query
//NSG Changes by Resource and Who did it AzureActivity | where parse_json(Authorization).action == "Microsoft.Network/networkSecurityGroups/securityRules/write" and ActivityStatus == "Succeeded" | distinct Resource, Caller
Explanation
This query retrieves information about changes made to network security groups (NSGs) in Azure. It filters for successful write actions on security rules within NSGs and returns the distinct resources and the individuals who made the changes.
Details
Rod Trent
Released: December 10, 2020
Tables
AzureActivity
Keywords
AzureActivity,Authorization,Microsoft.Network/networkSecurityGroups/securityRules/write,ActivityStatus,Succeeded,Resource,Caller
Operators
whereparse_json==andActivityStatusdistinct