This alert notifies Configuration changes performed by an user on firewall outside of business hours or planned change windows.
MITRE ATT&CK Tactics
1. If the change has been approved or associated by the internal operation team, identify the type of change and understand the impact to the organization.
2. Review the specifics of the firewall change such as commands, type, time, account, target system,etc.
3. Rollback the change immediately
4. Investigate via Azure Sentinel for any lateral movements in your network infrastructure related to the specific firewall change
5. Reset password for the account used for firewall change
6. Use MFA for firewall console access