PASSEDcloud / azure_nsg

Azure NSG Blocking Application Traffic After Update

An Azure Network Security Group was updated and accidentally removed the allow rule for HTTPS (443). All web traffic to the subnet is now blocked.

Pattern

AZURE_CLOUD

Expected: AZURE_NSG_BLOCK

Severity

HIGH

Confidence

68%

Remediation

Auto-Heal

Test Results

Metric	Expected	Actual
Pattern Recognition	AZURE_NSG_BLOCK	AZURE_CLOUD
Severity Assessment	CRITICAL	HIGH
Incident Correlation	N/A	None
Cascade Escalation	N/A	No
Remediation	—	Auto-Heal — Corax resolves autonomously

Scenario Conditions

Azure NSG 'prod-web-nsg'. Rule for port 443 removed in update 30 min ago. Default deny blocking all web traffic. 5 VMs in subnet affected.

Injected Error Messages (1)

Azure NSG blocking traffic — NSG 'prod-web-nsg' missing allow rule for port 443, all HTTPS traffic denied by default rule, 5 VMs in subnet unreachable on web ports, rule removed 30 min ago

Neural Engine Root Cause Analysis

Azure cloud infrastructure event detected — an Azure resource may be failing, an App Service is unhealthy, Azure AD authentication is disrupted, or a Service Bus queue is backed up. Azure outages can cascade across dependent services and affect both cloud-hosted applications and hybrid on-premises integrations relying on Azure AD.

Remediation Plan

1. Check Azure Service Health (status.azure.com) for any active incidents in your region. 2. Review Azure Monitor alerts and resource health for the affected service. 3. For App Service issues, check the Kudu console for application logs and restart the app if needed. 4. For Azure AD issues, verify conditional access policies and check the Azure AD sign-in logs for failure reasons. 5. For Service Bus, check dead-letter queues and verify the sending/receiving applications are connected and processing messages.

Improvements Applied

Pattern classified as AZURE_CLOUD (expected AZURE_NSG_BLOCK)
Severity: HIGH (expected CRITICAL)

Tested: 2026-04-02Monitors: 1 | Incidents: 1Test ID: cmnhnoopu001ilig7z5wndbiy