LoFP / network security configuration being modified or deleted may be performed by a system administrator. verify whether the user identity, user agent, and/or hostname should be making changes in your environment.

condition: selection
selection:
  operationName:
  - MICROSOFT.NETWORK/NETWORKSECURITYGROUPS/WRITE
  - MICROSOFT.NETWORK/NETWORKSECURITYGROUPS/DELETE
  - MICROSOFT.NETWORK/NETWORKSECURITYGROUPS/SECURITYRULES/WRITE
  - MICROSOFT.NETWORK/NETWORKSECURITYGROUPS/SECURITYRULES/DELETE
  - MICROSOFT.NETWORK/NETWORKSECURITYGROUPS/JOIN/ACTION
  - MICROSOFT.NETWORK/NETWORKSECURITYGROUPS/PROVIDERS/MICROSOFT.INSIGHTS/DIAGNOSTICSETTINGS/WRITE