deprecating 'Azure Virtual Network Device Modified or Deleted' (#4559)

terrancedejesus · web-flow · commit 2f3f4fbdef5f · 2025-03-27T10:09:34.000-04:00
diff --git a/rules/integrations/azure/impact_virtual_network_device_modified.toml b/rules/integrations/azure/impact_virtual_network_device_modified.toml
@@ -2,13 +2,15 @@
 creation_date = "2020/08/12"
 integration = ["azure"]
 maturity = "production"
-updated_date = "2025/01/15"
+updated_date = "2025/03/24"
 
 [rule]
 author = ["Austin Songer"]
 description = """
 Identifies when a virtual network device is modified or deleted. This can be a network virtual appliance, virtual hub,
 or virtual router.
+
+**Deprecated Notice** - This rule has been deprecated in favor of other rules that provide more contextual threat behavior for Azure Virtual Network.
 """
 false_positives = [
     """
@@ -22,13 +24,15 @@ from = "now-25m"
 index = ["filebeat-*", "logs-azure*"]
 language = "kuery"
 license = "Elastic License v2"
-name = "Azure Virtual Network Device Modified or Deleted"
+name = "Deprecated - Azure Virtual Network Device Modified or Deleted"
 note = """## Triage and analysis
 
+**Deprecated Notice** - This rule has been deprecated in favor of other rules that provide more contextual threat behavior for Azure Virtual Network.
+
 > **Disclaimer**:
 > This investigation guide was created using generative AI technology and has been reviewed to improve its accuracy and relevance. While every effort has been made to ensure its quality, we recommend validating the content and adapting it to suit your specific environment and operational needs.
 
-### Investigating Azure Virtual Network Device Modified or Deleted
+### Investigating Deprecated - Azure Virtual Network Device Modified or Deleted
 
 Azure virtual network devices, such as network interfaces, virtual hubs, and routers, are crucial for managing network traffic and connectivity in cloud environments. Adversaries may target these devices to disrupt services or reroute traffic for malicious purposes. The detection rule monitors specific Azure activity logs for operations indicating modifications or deletions of these devices, helping identify potential unauthorized changes that could signify an attack.
 
