Skip to main content
All CollectionsTemplatesIntermediate
Handle Gem Alert for NSG With Ingress From Any (0.0.0.0/0) - Workflow Template
Handle Gem Alert for NSG With Ingress From Any (0.0.0.0/0) - Workflow Template

Workflow triggers when a rule with open access to the internet is created for a security group.

Updated over 7 months ago

This workflow template is implemented to manage a critical security issue: the creation of a Network Security Group (NSG) rule that allows open access to the internet (0.0.0.0/0 ingress rule). Upon detection of such a rule, the workflow initiates a security protocol: it extracts details on the insecure rule, prompts the DevOps team for permission to delete it through Slack communication, and upon approval, proceeds to delete the rule(s) while keeping the DevOps team updated via Slack. This ensures tight collaboration between security monitoring and operations teams, maintaining cloud security posture management (CSPM) standards.

Trigger

Gem

Use Cases

CSPM

Workflow Breakdown

  1. Extract all any (0.0.0.0/0) ingress rules from the NSG

  2. Approve rules deletion with the DevOps team in Slack

  3. If approved, delete the rules one by one and update the DevOps team in Slack

Vendors

Slack, Microsoft Azure, Utils, Gem

Did this answer your question?