Brad Watts here to explore monitoring of your Network Security Groups (NSGs). I was approached recently by a customer wanting to better understand changes being made to the many NSGs in their environment. Working with them, we came up with an Azure Workbook that provides a centralized view of both current settings on your NSGs along with any changes that have been made.
Before we jump into implementationlet’s look at the result. Our Workbook has two tabs. The first tab is “Current Settings” and uses Azure Resource Graph to pull in current NSG settings.
On the “Audit Settings” tab we are focusing on the changes made to NSGs
If you select one of the changes from the “NSG Changes” table, it will show you what NIC/Subnet it’s connected to along with all the changes over the last 90 days.
If your interested in implementing this Workbook you need to be aware of a few requirements:
Whoever is using the Workbook will need at least read access to the NSGs they are wanting to monitor. This is because we are using Azure Resource Graph to pull this information.
For the “Audit Change” tab to work you need to send you’re Azure Activity Logs to a Log Analytics Workspace.
In the Azure Portal bring up Azure Monitor by searching for Monitor
In Azure Monitor select the “Workbook” tab and choose “New”
This will open a Workbook in Edit mode. Do to the “Advanced Editor” (</>)
In the “Advanced Editor” paste the content of the JSON file from my GitHub repo and click on “Apply”
That’s it. You know have the Workbook to test in your environment. Make sure you “Save” the workbook and also click on the “Done Editing” to get the full experience.
Being able to easily visualize both you’re current NSGs along with any changes made to them over time is essential for anyone managing NSGs in Azure. In this solution we are using an Azure Workbook along with Log Analytics and Azure Resource Graph to give you that centralized view. I hope this makes your life easier and please suggest improvements to the Workbook. I always consider these things works in progress! A similar Workbook for Azure Firewalls is in progress.