Missing alert for virtual machine deallocating

Logging and monitoring

Missing alert for virtual machine deallocating

Risk Level

Informational (4)

Platform(s)

Compliance Frameworks

Brazilian General Data Protection (LGPD)
CCPA
CPRA
Data Security Posture Management (DSPM) Best Practices
ISO/IEC 27001
Microsoft Cloud Security Benchmark
Mitre ATT&CK
New Zealand Information Security Manual
NIST 800-171
NIST 800-53
Orca Best Practices
PDPA
UK Cyber Essentials

Description

When VM is being deallocated, not only the VM is being stopped. However, hardware and network resources are being released. Thus, Monitoring for Deallocate Virtual Machine events gives insight into the changes made within your cloud environment regarding virtual machines and can help reduce the time for detecting unauthorized activity.

Recommended Mitigation

Under Monitor -> Alerts, create an alert for 'Microsoft.Compute/virtualMachines/deallocate/action'

Missing alert for virtual machine deallocating

Description

Need help?

CLOUD SECURITY PLATFORM

TECHNOLOGY ECOSYSTEM

By Solution

By Industry

COMPARISONS