Skip to main content
All CollectionsTemplatesIntermediate
Handle Gem Alert for NSG With Ingress From Any (0.0.0.0/0) - Workflow Template
Handle Gem Alert for NSG With Ingress From Any (0.0.0.0/0) - Workflow Template

Workflow triggers when a rule with open access to the internet is created for a security group.

Updated over 6 months ago

This workflow template is implemented to manage a critical security issue: the creation of a Network Security Group (NSG) rule that allows open access to the internet (0.0.0.0/0 ingress rule). Upon detection of such a rule, the workflow initiates a security protocol: it extracts details on the insecure rule, prompts the DevOps team for permission to delete it through Slack communication, and upon approval, proceeds to delete the rule(s) while keeping the DevOps team updated via Slack. This ensures tight collaboration between security monitoring and operations teams, maintaining cloud security posture management (CSPM) standards.

Take Me to the Template

Trigger

Gem

Use Cases

CSPM

Workflow Breakdown

  1. Extract all any (0.0.0.0/0) ingress rules from the NSG

  2. Approve rules deletion with the DevOps team in Slack

  3. If approved, delete the rules one by one and update the DevOps team in Slack

Vendors

Slack, Microsoft Azure, Utils, Gem

Related Articles
Remediate Wiz Alert on Azure VM with Open SSH Access - Teams - Workflow Template
Handle AWS Security Group with Open SSH Access on Orca Alert - Workflow Template
Remediate Wiz Alert on Azure VM with Open SSH Access - Slack - Workflow Template
Validate Gem Alert Events in Slack - Workflow Template
Handle Gem Alert for EC2 Instance "Write" Actions on IAM Entities - Workflow Template
Did this answer your question?