Detection: Network VPN Connection Deleted
Overview
Detect when an Azure VPN connection was deleted. VPN connections are essential for secure communication between on-premises networks and Azure, and their deletion can disrupt connectivity and compromise operations. Monitoring these deletions ensures network stability and prevents unauthorized or accidental removal of critical connections.
References:
Usage
Run the detection in your terminal:
powerpipe detection run azure_activity_log_detections.detection.network_vpn_connection_deletedSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe detection run azure_activity_log_detections.detection.network_vpn_connection_deleted --shareSQL
This detection uses a named query:
select tp_timestamp as timestamp, operation_name as operation, resource_id as resource, caller as actor, tp_index :: varchar as subscription_id, resource_group_name as resource_group, tp_id as source_id, status as event_status, *from azure_activity_logwhere operation_name = 'Microsoft.Network/vpnGateways/vpnConnections/delete' and status = 'Succeeded'order by timestamp desc;