diff --git a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/DiscoveredSecuritySolutionsOperations.cs b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/DiscoveredSecuritySolutionsOperations.cs
index b359d01b3d1f..986b60e872f0 100644
--- a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/DiscoveredSecuritySolutionsOperations.cs
+++ b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/DiscoveredSecuritySolutionsOperations.cs
@@ -87,7 +87,7 @@ internal DiscoveredSecuritySolutionsOperations(SecurityCenterClient client)
throw new ValidationException(ValidationRules.Pattern, "Client.SubscriptionId", "^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$");
}
}
- string apiVersion = "2015-06-01-preview";
+ string apiVersion = "2020-01-01";
// Tracing
bool _shouldTrace = ServiceClientTracing.IsEnabled;
string _invocationId = null;
@@ -275,7 +275,7 @@ internal DiscoveredSecuritySolutionsOperations(SecurityCenterClient client)
{
throw new ValidationException(ValidationRules.CannotBeNull, "this.Client.AscLocation");
}
- string apiVersion = "2015-06-01-preview";
+ string apiVersion = "2020-01-01";
// Tracing
bool _shouldTrace = ServiceClientTracing.IsEnabled;
string _invocationId = null;
@@ -493,7 +493,7 @@ internal DiscoveredSecuritySolutionsOperations(SecurityCenterClient client)
{
throw new ValidationException(ValidationRules.CannotBeNull, "discoveredSecuritySolutionName");
}
- string apiVersion = "2015-06-01-preview";
+ string apiVersion = "2020-01-01";
// Tracing
bool _shouldTrace = ServiceClientTracing.IsEnabled;
string _invocationId = null;
diff --git a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/ExternalSecuritySolutionsOperations.cs b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/ExternalSecuritySolutionsOperations.cs
index 6d64b5b99e63..436163ba715f 100644
--- a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/ExternalSecuritySolutionsOperations.cs
+++ b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/ExternalSecuritySolutionsOperations.cs
@@ -87,7 +87,7 @@ internal ExternalSecuritySolutionsOperations(SecurityCenterClient client)
throw new ValidationException(ValidationRules.Pattern, "Client.SubscriptionId", "^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$");
}
}
- string apiVersion = "2015-06-01-preview";
+ string apiVersion = "2020-01-01";
// Tracing
bool _shouldTrace = ServiceClientTracing.IsEnabled;
string _invocationId = null;
@@ -275,7 +275,7 @@ internal ExternalSecuritySolutionsOperations(SecurityCenterClient client)
{
throw new ValidationException(ValidationRules.CannotBeNull, "this.Client.AscLocation");
}
- string apiVersion = "2015-06-01-preview";
+ string apiVersion = "2020-01-01";
// Tracing
bool _shouldTrace = ServiceClientTracing.IsEnabled;
string _invocationId = null;
@@ -493,7 +493,7 @@ internal ExternalSecuritySolutionsOperations(SecurityCenterClient client)
{
throw new ValidationException(ValidationRules.CannotBeNull, "externalSecuritySolutionsName");
}
- string apiVersion = "2015-06-01-preview";
+ string apiVersion = "2020-01-01";
// Tracing
bool _shouldTrace = ServiceClientTracing.IsEnabled;
string _invocationId = null;
diff --git a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/ISecurityCenterClient.cs b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/ISecurityCenterClient.cs
index dbae800cbaa5..9086b830efda 100644
--- a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/ISecurityCenterClient.cs
+++ b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/ISecurityCenterClient.cs
@@ -121,16 +121,6 @@ public partial interface ISecurityCenterClient : System.IDisposable
///
IIotSecuritySolutionsAnalyticsRecommendationOperations IotSecuritySolutionsAnalyticsRecommendation { get; }
- ///
- /// Gets the IDiscoveredSecuritySolutionsOperations.
- ///
- IDiscoveredSecuritySolutionsOperations DiscoveredSecuritySolutions { get; }
-
- ///
- /// Gets the IExternalSecuritySolutionsOperations.
- ///
- IExternalSecuritySolutionsOperations ExternalSecuritySolutions { get; }
-
///
/// Gets the ILocationsOperations.
///
@@ -236,5 +226,15 @@ public partial interface ISecurityCenterClient : System.IDisposable
///
IJitNetworkAccessPoliciesOperations JitNetworkAccessPolicies { get; }
+ ///
+ /// Gets the IDiscoveredSecuritySolutionsOperations.
+ ///
+ IDiscoveredSecuritySolutionsOperations DiscoveredSecuritySolutions { get; }
+
+ ///
+ /// Gets the IExternalSecuritySolutionsOperations.
+ ///
+ IExternalSecuritySolutionsOperations ExternalSecuritySolutions { get; }
+
}
}
diff --git a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/SdkInfo_SecurityCenter.cs b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/SdkInfo_SecurityCenter.cs
index fd71e058653e..def5841adad3 100644
--- a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/SdkInfo_SecurityCenter.cs
+++ b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/SdkInfo_SecurityCenter.cs
@@ -31,8 +31,8 @@ public static IEnumerable> ApiInfo_SecurityCenter
new Tuple("Security", "ComplianceResults", "2017-08-01"),
new Tuple("Security", "Compliances", "2017-08-01-preview"),
new Tuple("Security", "DeviceSecurityGroups", "2019-08-01"),
- new Tuple("Security", "DiscoveredSecuritySolutions", "2015-06-01-preview"),
- new Tuple("Security", "ExternalSecuritySolutions", "2015-06-01-preview"),
+ new Tuple("Security", "DiscoveredSecuritySolutions", "2020-01-01"),
+ new Tuple("Security", "ExternalSecuritySolutions", "2020-01-01"),
new Tuple("Security", "InformationProtectionPolicies", "2017-08-01-preview"),
new Tuple("Security", "IotSecuritySolution", "2019-08-01"),
new Tuple("Security", "IotSecuritySolutionAnalytics", "2019-08-01"),
diff --git a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/SecurityCenterClient.cs b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/SecurityCenterClient.cs
index 0e35f6fcf55a..908eabad7ab4 100644
--- a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/SecurityCenterClient.cs
+++ b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/SecurityCenterClient.cs
@@ -126,16 +126,6 @@ public partial class SecurityCenterClient : ServiceClient,
///
public virtual IIotSecuritySolutionsAnalyticsRecommendationOperations IotSecuritySolutionsAnalyticsRecommendation { get; private set; }
- ///
- /// Gets the IDiscoveredSecuritySolutionsOperations.
- ///
- public virtual IDiscoveredSecuritySolutionsOperations DiscoveredSecuritySolutions { get; private set; }
-
- ///
- /// Gets the IExternalSecuritySolutionsOperations.
- ///
- public virtual IExternalSecuritySolutionsOperations ExternalSecuritySolutions { get; private set; }
-
///
/// Gets the ILocationsOperations.
///
@@ -241,6 +231,16 @@ public partial class SecurityCenterClient : ServiceClient,
///
public virtual IJitNetworkAccessPoliciesOperations JitNetworkAccessPolicies { get; private set; }
+ ///
+ /// Gets the IDiscoveredSecuritySolutionsOperations.
+ ///
+ public virtual IDiscoveredSecuritySolutionsOperations DiscoveredSecuritySolutions { get; private set; }
+
+ ///
+ /// Gets the IExternalSecuritySolutionsOperations.
+ ///
+ public virtual IExternalSecuritySolutionsOperations ExternalSecuritySolutions { get; private set; }
+
///
/// Initializes a new instance of the SecurityCenterClient class.
///
@@ -492,8 +492,6 @@ private void Initialize()
IotSecuritySolutionAnalytics = new IotSecuritySolutionAnalyticsOperations(this);
IotSecuritySolutionsAnalyticsAggregatedAlert = new IotSecuritySolutionsAnalyticsAggregatedAlertOperations(this);
IotSecuritySolutionsAnalyticsRecommendation = new IotSecuritySolutionsAnalyticsRecommendationOperations(this);
- DiscoveredSecuritySolutions = new DiscoveredSecuritySolutionsOperations(this);
- ExternalSecuritySolutions = new ExternalSecuritySolutionsOperations(this);
Locations = new LocationsOperations(this);
Operations = new Operations(this);
Tasks = new TasksOperations(this);
@@ -515,6 +513,8 @@ private void Initialize()
AllowedConnections = new AllowedConnectionsOperations(this);
Topology = new TopologyOperations(this);
JitNetworkAccessPolicies = new JitNetworkAccessPoliciesOperations(this);
+ DiscoveredSecuritySolutions = new DiscoveredSecuritySolutionsOperations(this);
+ ExternalSecuritySolutions = new ExternalSecuritySolutionsOperations(this);
BaseUri = new System.Uri("https://management.azure.com");
AcceptLanguage = "en-US";
LongRunningOperationRetryTimeout = 30;
@@ -549,14 +549,14 @@ private void Initialize()
DeserializationSettings.Converters.Add(new PolymorphicDeserializeJsonConverter("kind"));
SerializationSettings.Converters.Add(new PolymorphicSerializeJsonConverter("ruleType"));
DeserializationSettings.Converters.Add(new PolymorphicDeserializeJsonConverter("ruleType"));
- SerializationSettings.Converters.Add(new PolymorphicSerializeJsonConverter("kind"));
- DeserializationSettings.Converters.Add(new PolymorphicDeserializeJsonConverter("kind"));
SerializationSettings.Converters.Add(new PolymorphicSerializeJsonConverter("source"));
DeserializationSettings.Converters.Add(new PolymorphicDeserializeJsonConverter("source"));
SerializationSettings.Converters.Add(new PolymorphicSerializeJsonConverter("assessedResourceType"));
DeserializationSettings.Converters.Add(new PolymorphicDeserializeJsonConverter("assessedResourceType"));
SerializationSettings.Converters.Add(new PolymorphicSerializeJsonConverter("actionType"));
DeserializationSettings.Converters.Add(new PolymorphicDeserializeJsonConverter("actionType"));
+ SerializationSettings.Converters.Add(new PolymorphicSerializeJsonConverter("kind"));
+ DeserializationSettings.Converters.Add(new PolymorphicDeserializeJsonConverter("kind"));
CustomInitialize();
DeserializationSettings.Converters.Add(new TransformationJsonConverter());
DeserializationSettings.Converters.Add(new CloudErrorJsonConverter());
diff --git a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Microsoft.Azure.Management.SecurityCenter.csproj b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Microsoft.Azure.Management.SecurityCenter.csproj
index d18d6950928d..6ef5b690ab93 100644
--- a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Microsoft.Azure.Management.SecurityCenter.csproj
+++ b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Microsoft.Azure.Management.SecurityCenter.csproj
@@ -6,7 +6,7 @@
Microsoft.Azure.Management.SecurityCenter
Provides developers with libraries for the updated Azure Security Center platform under Azure Resource manager to view and manage security posture in and outside Azure.
- 1.1.3
+ 2.1.0
Microsoft.Azure.Management.SecurityCenter
management;security center;security;IoT security;
Updated Information Protection SDK clients
diff --git a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Properties/AssemblyInfo.cs b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Properties/AssemblyInfo.cs
index 3ed0e46cbbd7..fa3533837f6e 100644
--- a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Properties/AssemblyInfo.cs
+++ b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Properties/AssemblyInfo.cs
@@ -7,8 +7,8 @@
[assembly: AssemblyTitle("Microsoft Azure Security Center Library")]
[assembly: AssemblyDescription("Provides management functionality for Microsoft Azure Security Center Resources.")]
-[assembly: AssemblyVersion("1.1.3.0")]
-[assembly: AssemblyFileVersion("1.1.3.0")]
+[assembly: AssemblyVersion("2.1.0.0")]
+[assembly: AssemblyFileVersion("2.1.0.0")]
[assembly: AssemblyConfiguration("")]
[assembly: AssemblyCompany("Microsoft")]
[assembly: AssemblyProduct("Microsoft Azure .NET SDK")]
diff --git a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/AdaptiveApplicationControls/AdaptiveApplicationControlsTests.cs b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/AdaptiveApplicationControls/AdaptiveApplicationControlsTests.cs
new file mode 100644
index 000000000000..c6547dc316fd
--- /dev/null
+++ b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/AdaptiveApplicationControls/AdaptiveApplicationControlsTests.cs
@@ -0,0 +1,115 @@
+using System.Net;
+using Microsoft.Azure.Management.Security;
+using Microsoft.Azure.Management.Security.Models;
+using Microsoft.Azure.Test.HttpRecorder;
+using Microsoft.Rest.ClientRuntime.Azure.TestFramework;
+using Newtonsoft.Json;
+using SecurityCenter.Tests.Helpers;
+using Xunit;
+
+namespace SecurityCenter.Tests
+{
+ public class AdaptiveApplicationControlsTests : TestBase
+ {
+ #region Test setup
+
+ public static TestEnvironment TestEnvironment { get; private set; }
+
+ private static SecurityCenterClient GetSecurityCenterClient(MockContext context)
+ {
+ if (TestEnvironment == null && HttpMockServer.Mode == HttpRecorderMode.Record)
+ {
+ TestEnvironment = TestEnvironmentFactory.GetTestEnvironment();
+ }
+
+ var handler = new RecordedDelegatingHandler { StatusCodeToReturn = HttpStatusCode.OK, IsPassThrough = true };
+
+ var securityCenterClient = HttpMockServer.Mode == HttpRecorderMode.Record
+ ? context.GetServiceClient(TestEnvironment, handlers: handler)
+ : context.GetServiceClient(handlers: handler);
+
+ securityCenterClient.AscLocation = "centralus";
+
+ return securityCenterClient;
+ }
+
+ #endregion
+
+ #region AdaptiveApplicationControls Tests
+ [Fact]
+ public void AdaptiveApplicationControls_List()
+ {
+ using (var context = MockContext.Start(this.GetType()))
+ {
+ var securityCenterClient = GetSecurityCenterClient(context);
+ var appWhitelistingGroups = securityCenterClient.AdaptiveApplicationControls.List();
+ ValidateAppWhitelistingGroups(appWhitelistingGroups);
+ }
+ }
+
+ [Fact]
+ public void AdaptiveApplicationControls_Put()
+ {
+ using (var context = MockContext.Start(this.GetType()))
+ {
+ var securityCenterClient = GetSecurityCenterClient(context);
+ var appWhitelistingGroup = new AppWhitelistingGroup(
+ name: "TestGroup",
+ protectionMode: new ProtectionMode("Audit", "None", "None"),
+ configurationStatus: "NoStatus",
+ sourceSystem: "Azure_AppLocker");
+
+ var createdGroup = securityCenterClient.AdaptiveApplicationControls.Put("TestGroup", appWhitelistingGroup);
+
+ ValidateCreatedApplicationWhitelistingGroup(createdGroup, securityCenterClient.AscLocation, "TestGroup");
+ }
+ }
+
+ [Fact]
+ public void AdaptiveApplicationControls_Get()
+ {
+ using (var context = MockContext.Start(this.GetType()))
+ {
+ var securityCenterClient = GetSecurityCenterClient(context);
+ var group = securityCenterClient.AdaptiveApplicationControls.Get("TestGroup");
+
+ ValidateApplicationWhitelistingGroup(group);
+ }
+ }
+
+ #endregion
+
+ #region Validations
+
+
+ private void ValidateAppWhitelistingGroups(AppWhitelistingGroups appWhitelistingGroups)
+ {
+ Assert.NotEmpty(appWhitelistingGroups.Value);
+
+ appWhitelistingGroups.Value.ForEach(ValidateApplicationWhitelistingGroup);
+ }
+
+ private void ValidateApplicationWhitelistingGroup(AppWhitelistingGroup appWhitelistingGroup)
+ {
+ Assert.NotNull(appWhitelistingGroup);
+ Assert.NotNull(appWhitelistingGroup.VmRecommendations);
+ Assert.NotNull(appWhitelistingGroup.PathRecommendations);
+ Assert.NotNull(appWhitelistingGroup.ConfigurationStatus);
+ Assert.NotNull(appWhitelistingGroup.EnforcementMode);
+ Assert.NotNull(appWhitelistingGroup.Issues);
+ Assert.NotNull(appWhitelistingGroup.ProtectionMode);
+ Assert.NotNull(appWhitelistingGroup.SourceSystem);
+ }
+
+ private void ValidateCreatedApplicationWhitelistingGroup(AppWhitelistingGroup appWhitelistingGroup, string ascLocation, string groupName)
+ {
+ Assert.NotNull(appWhitelistingGroup);
+ Assert.NotNull(appWhitelistingGroup.Id);
+ Assert.Equal(groupName, appWhitelistingGroup.Name);
+ Assert.Equal("Microsoft.Security/applicationWhitelistings", appWhitelistingGroup.Type);
+ Assert.Equal(ascLocation, appWhitelistingGroup.Location);
+ }
+
+ #endregion
+ }
+}
diff --git a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/AdaptiveNetworkHardenings/AdaptiveNetworkHardeningsTests.cs b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/AdaptiveNetworkHardenings/AdaptiveNetworkHardeningsTests.cs
new file mode 100644
index 000000000000..2d8ac7aceb08
--- /dev/null
+++ b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/AdaptiveNetworkHardenings/AdaptiveNetworkHardeningsTests.cs
@@ -0,0 +1,87 @@
+using System.Collections.Generic;
+using System.Net;
+using Microsoft.Azure.Management.Security;
+using Microsoft.Azure.Management.Security.Models;
+using Microsoft.Azure.Test.HttpRecorder;
+using Microsoft.Rest.Azure;
+using Microsoft.Rest.ClientRuntime.Azure.TestFramework;
+using SecurityCenter.Tests.Helpers;
+using Xunit;
+
+namespace SecurityCenter.Tests
+{
+ public class AdaptiveNetworkHardeningsTests : TestBase
+ {
+ #region Test setup
+
+ public static TestEnvironment TestEnvironment { get; private set; }
+
+ private static SecurityCenterClient GetSecurityCenterClient(MockContext context)
+ {
+ if (TestEnvironment == null && HttpMockServer.Mode == HttpRecorderMode.Record)
+ {
+ TestEnvironment = TestEnvironmentFactory.GetTestEnvironment();
+ }
+
+ var handler = new RecordedDelegatingHandler { StatusCodeToReturn = HttpStatusCode.OK, IsPassThrough = true };
+
+ var securityCenterClient = HttpMockServer.Mode == HttpRecorderMode.Record
+ ? context.GetServiceClient(TestEnvironment, handlers: handler)
+ : context.GetServiceClient(handlers: handler);
+
+ securityCenterClient.AscLocation = "westcentralus";
+
+ return securityCenterClient;
+ }
+
+ #endregion
+
+ #region AdaptiveNetworkHardenings Tests
+ [Fact]
+ public void AdaptiveNetworkHardenings_Get()
+ {
+ using (var context = MockContext.Start(this.GetType()))
+ {
+ var securityCenterClient = GetSecurityCenterClient(context);
+ var adaptiveNetworkHardeningResource = securityCenterClient.AdaptiveNetworkHardenings.Get("MyResourceGroup", "Microsoft.Compute", "virtualMachines", "MyVm", "default");
+ ValidateAdaptiveNetworkHardeningResource(adaptiveNetworkHardeningResource);
+ }
+ }
+
+ [Fact]
+ public void AdaptiveNetworkHardenings_Enforce()
+ {
+ using (var context = MockContext.Start(this.GetType()))
+ {
+ var securityCenterClient = GetSecurityCenterClient(context);
+ var response = securityCenterClient.AdaptiveNetworkHardenings.BeginEnforceWithHttpMessagesAsync(
+ "MyResourceGroup",
+ "Microsoft.Compute",
+ "virtualMachines",
+ "MyVm",
+ "default",
+ new List()
+ {
+ new Rule("SystemGenerated", "Inbound", 3389, new List() { "TCP"}, new List())
+ },
+ new[] { "/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/MyResourceGroup/providers/Microsoft.Network/networkSecurityGroups/MyNsg" }).Result;
+
+ Assert.Equal(HttpStatusCode.Accepted, response.Response.StatusCode);
+ }
+ }
+
+ #endregion
+
+ #region Validations
+
+ private void ValidateAdaptiveNetworkHardeningResource(AdaptiveNetworkHardening adaptiveNetworkHardeningResource)
+ {
+ Assert.NotNull(adaptiveNetworkHardeningResource);
+ Assert.NotEmpty(adaptiveNetworkHardeningResource.EffectiveNetworkSecurityGroups);
+ Assert.NotEmpty(adaptiveNetworkHardeningResource.Rules);
+ Assert.NotNull(adaptiveNetworkHardeningResource.RulesCalculationTime);
+ }
+
+ #endregion
+ }
+}
diff --git a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/Alerts/SecurityAlertsTests.cs b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/Alerts/SecurityAlertsTests.cs
index e3979f0b6dad..a38269965ff4 100644
--- a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/Alerts/SecurityAlertsTests.cs
+++ b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/Alerts/SecurityAlertsTests.cs
@@ -1,6 +1,7 @@
// Copyright (c) Microsoft Corporation. All rights reserved.
// Licensed under the MIT License. See License.txt in the project root for license information.
+using System.Linq;
using System.Net;
using System.Text.RegularExpressions;
using System.Threading.Tasks;
@@ -18,6 +19,8 @@ public class SecurityAlertsTests : TestBase
{
#region Test setup
+ private static string SubscriptionId = "487bb485-b5b0-471e-9c0d-10717612f869";
+
public static TestEnvironment TestEnvironment { get; private set; }
private static SecurityCenterClient GetSecurityCenterClient(MockContext context)
@@ -25,6 +28,7 @@ private static SecurityCenterClient GetSecurityCenterClient(MockContext context)
if (TestEnvironment == null && HttpMockServer.Mode == HttpRecorderMode.Record)
{
TestEnvironment = TestEnvironmentFactory.GetTestEnvironment();
+ TestEnvironment.SubscriptionId = SubscriptionId;
}
var handler = new RecordedDelegatingHandler { StatusCodeToReturn = HttpStatusCode.OK, IsPassThrough = true };
@@ -33,7 +37,7 @@ private static SecurityCenterClient GetSecurityCenterClient(MockContext context)
? context.GetServiceClient(TestEnvironment, handlers: handler)
: context.GetServiceClient(handlers: handler);
- securityCenterClient.AscLocation = "centralus";
+ securityCenterClient.AscLocation = "westeurope";
return securityCenterClient;
}
@@ -61,14 +65,9 @@ public async Task SecurityAlerts_GetResourceGroupLevelAlerts()
var securityCenterClient = GetSecurityCenterClient(context);
var alerts = await securityCenterClient.Alerts.ListAsync();
- var enumerator = alerts.GetEnumerator();
- enumerator.MoveNext();
-
- while (!enumerator.Current.Id.Contains("resourceGroups") && enumerator.MoveNext()) ;
-
- Assert.NotNull(enumerator.Current);
+ ValidateAlerts(alerts);
- var alert = securityCenterClient.Alerts.GetResourceGroupLevelAlerts(enumerator.Current.Name, Regex.Match(enumerator.Current.Id, @"(?<=resourceGroups/)[^/]+?(?=/)").Value);
+ var alert = securityCenterClient.Alerts.GetResourceGroupLevelAlerts(alerts.First().Name, Regex.Match(alerts.First().Id, @"(?<=resourceGroups/)[^/]+?(?=/)").Value);
ValidateAlert(alert);
}
}
@@ -81,14 +80,10 @@ public async Task SecurityAlerts_GetSubscriptionLevelAlert()
var securityCenterClient = GetSecurityCenterClient(context);
var alerts = await securityCenterClient.Alerts.ListAsync();
- var enumerator = alerts.GetEnumerator();
- enumerator.MoveNext();
-
- while (enumerator.Current.Id.Contains("resourceGroups") && enumerator.MoveNext()) ;
+ ValidateAlerts(alerts);
- Assert.NotNull(enumerator.Current);
+ var alert = securityCenterClient.Alerts.GetSubscriptionLevelAlert(alerts.First().Name);
- var alert = securityCenterClient.Alerts.GetSubscriptionLevelAlert(enumerator.Current.Name);
ValidateAlert(alert);
}
}
@@ -100,12 +95,9 @@ public async Task SecurityAlerts_ListByResourceGroup()
{
var securityCenterClient = GetSecurityCenterClient(context);
var alerts = await securityCenterClient.Alerts.ListAsync();
- var enumerator = alerts.GetEnumerator();
- enumerator.MoveNext();
-
- while (!enumerator.Current.Id.Contains("resourceGroups") && enumerator.MoveNext()) ;
+ ValidateAlerts(alerts);
- var rgAlerts = securityCenterClient.Alerts.ListByResourceGroup(Regex.Match(enumerator.Current.Id, @"(?<=resourceGroups/)[^/]+?(?=/)").Value);
+ var rgAlerts = securityCenterClient.Alerts.ListByResourceGroup(Regex.Match(alerts.First().Id, @"(?<=resourceGroups/)[^/]+?(?=/)").Value);
ValidateAlerts(rgAlerts);
}
}
@@ -135,12 +127,9 @@ public async Task SecurityAlerts_ListSubscriptionLevelAlertsByRegion()
{
var securityCenterClient = GetSecurityCenterClient(context);
var alerts = await securityCenterClient.Alerts.ListAsync();
- var enumerator = alerts.GetEnumerator();
- enumerator.MoveNext();
-
- while (enumerator.Current.Id.Contains("resourceGroups") && enumerator.MoveNext()) ;
+ ValidateAlerts(alerts);
- securityCenterClient.AscLocation = Regex.Match(enumerator.Current.Id, @"(?<=locations/)[^/]+?(?=/)").Value;
+ securityCenterClient.AscLocation = Regex.Match(alerts.First().Id, @"(?<=locations/)[^/]+?(?=/)").Value;
var regionAlerts = securityCenterClient.Alerts.ListSubscriptionLevelAlertsByRegion();
ValidateAlerts(regionAlerts);
@@ -154,14 +143,11 @@ public async Task SecurityAlerts_UpdateResourceGroupLevelAlertState()
{
var securityCenterClient = GetSecurityCenterClient(context);
var alerts = await securityCenterClient.Alerts.ListAsync();
- var enumerator = alerts.GetEnumerator();
- enumerator.MoveNext();
-
- while (!enumerator.Current.Id.Contains("resourceGroups") && enumerator.MoveNext()) ;
+ ValidateAlerts(alerts);
- securityCenterClient.AscLocation = Regex.Match(enumerator.Current.Id, @"(?<=locations/)[^/]+?(?=/)").Value;
+ securityCenterClient.AscLocation = Regex.Match(alerts.First().Id, @"(?<=locations/)[^/]+?(?=/)").Value;
- securityCenterClient.Alerts.UpdateResourceGroupLevelAlertStateToDismiss(enumerator.Current.Name, Regex.Match(enumerator.Current.Id, @"(?<=resourceGroups/)[^/]+?(?=/)").Value);
+ securityCenterClient.Alerts.UpdateResourceGroupLevelAlertStateToDismiss(alerts.First().Name, Regex.Match(alerts.First().Id, @"(?<=resourceGroups/)[^/]+?(?=/)").Value);
}
}
@@ -172,14 +158,11 @@ public async Task SecurityAlerts_UpdateSubscriptionLevelAlertState()
{
var securityCenterClient = GetSecurityCenterClient(context);
var alerts = await securityCenterClient.Alerts.ListAsync();
- var enumerator = alerts.GetEnumerator();
- enumerator.MoveNext();
-
- while (enumerator.Current.Id.Contains("resourceGroups") && enumerator.MoveNext()) ;
+ ValidateAlerts(alerts);
- securityCenterClient.AscLocation = Regex.Match(enumerator.Current.Id, @"(?<=locations/)[^/]+?(?=/)").Value;
+ securityCenterClient.AscLocation = Regex.Match(alerts.First().Id, @"(?<=locations/)[^/]+?(?=/)").Value;
- securityCenterClient.Alerts.UpdateSubscriptionLevelAlertStateToDismiss(enumerator.Current.Name);
+ securityCenterClient.Alerts.UpdateSubscriptionLevelAlertStateToDismiss(alerts.First().Name);
}
}
diff --git a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/AllowedConnections/AllowedConnectionsTests.cs b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/AllowedConnections/AllowedConnectionsTests.cs
new file mode 100644
index 000000000000..9a53d225cf35
--- /dev/null
+++ b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/AllowedConnections/AllowedConnectionsTests.cs
@@ -0,0 +1,88 @@
+using System.Net;
+using Microsoft.Azure.Management.Security;
+using Microsoft.Azure.Management.Security.Models;
+using Microsoft.Azure.Test.HttpRecorder;
+using Microsoft.Rest.Azure;
+using Microsoft.Rest.ClientRuntime.Azure.TestFramework;
+using SecurityCenter.Tests.Helpers;
+using Xunit;
+
+namespace SecurityCenter.Tests
+{
+ public class AllowedConnectionsTests : TestBase
+ {
+ #region Test setup
+
+ public static TestEnvironment TestEnvironment { get; private set; }
+
+ private static SecurityCenterClient GetSecurityCenterClient(MockContext context)
+ {
+ if (TestEnvironment == null && HttpMockServer.Mode == HttpRecorderMode.Record)
+ {
+ TestEnvironment = TestEnvironmentFactory.GetTestEnvironment();
+ }
+
+ var handler = new RecordedDelegatingHandler { StatusCodeToReturn = HttpStatusCode.OK, IsPassThrough = true };
+
+ var securityCenterClient = HttpMockServer.Mode == HttpRecorderMode.Record
+ ? context.GetServiceClient(TestEnvironment, handlers: handler)
+ : context.GetServiceClient(handlers: handler);
+
+ securityCenterClient.AscLocation = "westcentralus";
+
+ return securityCenterClient;
+ }
+
+ #endregion
+
+ #region AllowedConnections tests
+
+ [Fact]
+ public void AllowedConnections_List()
+ {
+ using (var context = MockContext.Start(this.GetType()))
+ {
+ var securityCenterClient = GetSecurityCenterClient(context);
+ var allowedConnectionsResources = securityCenterClient.AllowedConnections.List();
+ ValidateAllowedConnectionsResources(allowedConnectionsResources);
+ }
+ }
+
+ [Fact]
+ public void AllowedConnections_Get()
+ {
+ using (var context = MockContext.Start(this.GetType()))
+ {
+ var securityCenterClient = GetSecurityCenterClient(context);
+ var allowedConnectionsResource = securityCenterClient.AllowedConnections.Get("MyResourceGroup", "internal");
+ ValidateAllowedConnectionsResource(allowedConnectionsResource);
+ }
+ }
+
+ #endregion
+
+ #region Validations
+
+ private void ValidateAllowedConnectionsResources(IPage allowedConnectionsResources)
+ {
+ Assert.True(allowedConnectionsResources.IsAny());
+
+ allowedConnectionsResources.ForEach(ValidateAllowedConnectionsResource);
+ }
+
+ private void ValidateAllowedConnectionsResource(AllowedConnectionsResource allowedConnectionsResource)
+ {
+ Assert.NotNull(allowedConnectionsResource);
+
+ Assert.NotNull(allowedConnectionsResource.CalculatedDateTime);
+ allowedConnectionsResource.ConnectableResources?.ForEach(connectableResource =>
+ {
+ Assert.NotNull(connectableResource.Id);
+ Assert.NotNull(connectableResource.InboundConnectedResources);
+ Assert.NotNull(connectableResource.OutboundConnectedResources);
+ });
+ }
+
+ #endregion
+ }
+}
diff --git a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/Compliances/CompliancesTests.cs b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/Compliances/CompliancesTests.cs
index 3d25240443c5..c06c72d83a67 100644
--- a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/Compliances/CompliancesTests.cs
+++ b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/Compliances/CompliancesTests.cs
@@ -61,7 +61,7 @@ public void Compliances_Get()
using (var context = MockContext.Start(this.GetType()))
{
var securityCenterClient = GetSecurityCenterClient(context);
- var compliance = securityCenterClient.Compliances.Get($"/subscriptions/{SubscriptionId}", "2018-07-05Z");
+ var compliance = securityCenterClient.Compliances.Get($"/subscriptions/{SubscriptionId}", "2020-05-03Z");
ValidateCompliance(compliance);
}
}
diff --git a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/AdaptiveApplicationControlsTests/AdaptiveApplicationControls_Get.json b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/AdaptiveApplicationControlsTests/AdaptiveApplicationControls_Get.json
new file mode 100644
index 000000000000..ef9959900599
--- /dev/null
+++ b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/AdaptiveApplicationControlsTests/AdaptiveApplicationControls_Get.json
@@ -0,0 +1,71 @@
+{
+ "Entries": [
+ {
+ "RequestUri": "/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/providers/Microsoft.Security/locations/centralus/applicationWhitelistings/TestGroup?api-version=2020-01-01",
+ "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvNDg3YmI0ODUtYjViMC00NzFlLTljMGQtMTA3MTc2MTJmODY5L3Byb3ZpZGVycy9NaWNyb3NvZnQuU2VjdXJpdHkvbG9jYXRpb25zL2NlbnRyYWx1cy9hcHBsaWNhdGlvbldoaXRlbGlzdGluZ3MvVGVzdEdyb3VwP2FwaS12ZXJzaW9uPTIwMjAtMDEtMDE=",
+ "RequestMethod": "GET",
+ "RequestBody": "",
+ "RequestHeaders": {
+ "x-ms-client-request-id": [
+ "b4e95b37-1e00-4875-816b-f71078af2038"
+ ],
+ "accept-language": [
+ "en-US"
+ ],
+ "User-Agent": [
+ "FxVersion/4.6.26614.01",
+ "OSName/Windows",
+ "OSVersion/Microsoft.Windows.10.0.18363.",
+ "Microsoft.Azure.Management.Security.SecurityCenterClient/1.1.2.0"
+ ]
+ },
+ "ResponseHeaders": {
+ "Cache-Control": [
+ "no-cache"
+ ],
+ "Date": [
+ "Thu, 30 Apr 2020 14:08:13 GMT"
+ ],
+ "Pragma": [
+ "no-cache"
+ ],
+ "Server": [
+ "Microsoft-HTTPAPI/2.0"
+ ],
+ "x-ms-request-id": [
+ "54ff0cd5-01c9-4c9a-b939-6b2b6b0408d6"
+ ],
+ "x-ms-ratelimit-remaining-subscription-resource-requests": [
+ "499"
+ ],
+ "x-ms-correlation-request-id": [
+ "4897a6a8-6319-4f2f-a758-e50b3a463e3f"
+ ],
+ "x-ms-routing-request-id": [
+ "GERMANYWESTCENTRAL:20200430T140814Z:4897a6a8-6319-4f2f-a758-e50b3a463e3f"
+ ],
+ "Strict-Transport-Security": [
+ "max-age=31536000; includeSubDomains"
+ ],
+ "X-Content-Type-Options": [
+ "nosniff"
+ ],
+ "Content-Length": [
+ "3510"
+ ],
+ "Content-Type": [
+ "application/json; charset=utf-8"
+ ],
+ "Expires": [
+ "-1"
+ ]
+ },
+ "ResponseBody": "{\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/providers/Microsoft.Security/locations/centralus/applicationWhitelistings/TestGroup\",\r\n \"name\": \"TestGroup\",\r\n \"type\": \"Microsoft.Security/applicationWhitelistings\",\r\n \"location\": \"centralus\",\r\n \"properties\": {\r\n \"recommendationStatus\": \"Recommended\",\r\n \"enforcementMode\": \"Audit\",\r\n \"vmRecommendations\": [],\r\n \"pathRecommendations\": [\r\n {\r\n \"path\": \"[exe] O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US\\\\*\\\\*\\\\0.0.0.0\",\r\n \"type\": \"PublisherSignature\",\r\n \"publisherInfo\": {\r\n \"publisherName\": \"O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US\",\r\n \"productName\": \"*\",\r\n \"binaryName\": \"*\",\r\n \"version\": \"0.0.0.0\"\r\n },\r\n \"common\": true,\r\n \"action\": \"Recommended\",\r\n \"usernames\": [\r\n {\r\n \"username\": \"Everyone\",\r\n \"recommendationAction\": \"Recommended\"\r\n }\r\n ],\r\n \"userSids\": [\r\n \"S-1-1-0\"\r\n ],\r\n \"fileType\": \"exe\",\r\n \"configurationStatus\": \"NotConfigured\"\r\n },\r\n {\r\n \"path\": \"[exe] CN=MICROSOFT AZURE DEPENDENCY CODE SIGN\\\\*\\\\*\\\\0.0.0.0\",\r\n \"type\": \"PublisherSignature\",\r\n \"publisherInfo\": {\r\n \"publisherName\": \"CN=MICROSOFT AZURE DEPENDENCY CODE SIGN\",\r\n \"productName\": \"*\",\r\n \"binaryName\": \"*\",\r\n \"version\": \"0.0.0.0\"\r\n },\r\n \"common\": true,\r\n \"action\": \"Recommended\",\r\n \"usernames\": [\r\n {\r\n \"username\": \"Everyone\",\r\n \"recommendationAction\": \"Recommended\"\r\n }\r\n ],\r\n \"userSids\": [\r\n \"S-1-1-0\"\r\n ],\r\n \"fileType\": \"exe\",\r\n \"configurationStatus\": \"NotConfigured\"\r\n },\r\n {\r\n \"path\": \"[exe] CN=MICROSOFT AZURE 3RD PARTY CODE SIGN\\\\*\\\\*\\\\0.0.0.0\",\r\n \"type\": \"PublisherSignature\",\r\n \"publisherInfo\": {\r\n \"publisherName\": \"CN=MICROSOFT AZURE 3RD PARTY CODE SIGN\",\r\n \"productName\": \"*\",\r\n \"binaryName\": \"*\",\r\n \"version\": \"0.0.0.0\"\r\n },\r\n \"common\": true,\r\n \"action\": \"Recommended\",\r\n \"usernames\": [\r\n {\r\n \"username\": \"Everyone\",\r\n \"recommendationAction\": \"Recommended\"\r\n }\r\n ],\r\n \"userSids\": [\r\n \"S-1-1-0\"\r\n ],\r\n \"fileType\": \"exe\",\r\n \"configurationStatus\": \"NotConfigured\"\r\n },\r\n {\r\n \"path\": \"[exe] CN=MICROSOFT AZURE CODE SIGN\\\\*\\\\*\\\\0.0.0.0\",\r\n \"type\": \"PublisherSignature\",\r\n \"publisherInfo\": {\r\n \"publisherName\": \"CN=MICROSOFT AZURE CODE SIGN\",\r\n \"productName\": \"*\",\r\n \"binaryName\": \"*\",\r\n \"version\": \"0.0.0.0\"\r\n },\r\n \"common\": true,\r\n \"action\": \"Recommended\",\r\n \"usernames\": [\r\n {\r\n \"username\": \"Everyone\",\r\n \"recommendationAction\": \"Recommended\"\r\n }\r\n ],\r\n \"userSids\": [\r\n \"S-1-1-0\"\r\n ],\r\n \"fileType\": \"exe\",\r\n \"configurationStatus\": \"NotConfigured\"\r\n },\r\n {\r\n \"path\": \"[msi] O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US\\\\*\\\\*\\\\0.0.0.0\",\r\n \"type\": \"PublisherSignature\",\r\n \"publisherInfo\": {\r\n \"publisherName\": \"O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US\",\r\n \"productName\": \"*\",\r\n \"binaryName\": \"*\",\r\n \"version\": \"0.0.0.0\"\r\n },\r\n \"common\": true,\r\n \"action\": \"Recommended\",\r\n \"usernames\": [\r\n {\r\n \"username\": \"Everyone\",\r\n \"recommendationAction\": \"Recommended\"\r\n }\r\n ],\r\n \"userSids\": [\r\n \"S-1-1-0\"\r\n ],\r\n \"fileType\": \"msi\",\r\n \"configurationStatus\": \"NotConfigured\"\r\n },\r\n {\r\n \"path\": \"[msi] CN=MICROSOFT AZURE DEPENDENCY CODE SIGN\\\\*\\\\*\\\\0.0.0.0\",\r\n \"type\": \"PublisherSignature\",\r\n \"publisherInfo\": {\r\n \"publisherName\": \"CN=MICROSOFT AZURE DEPENDENCY CODE SIGN\",\r\n \"productName\": \"*\",\r\n \"binaryName\": \"*\",\r\n \"version\": \"0.0.0.0\"\r\n },\r\n \"common\": true,\r\n \"action\": \"Recommended\",\r\n \"usernames\": [\r\n {\r\n \"username\": \"Everyone\",\r\n \"recommendationAction\": \"Recommended\"\r\n }\r\n ],\r\n \"userSids\": [\r\n \"S-1-1-0\"\r\n ],\r\n \"fileType\": \"msi\",\r\n \"configurationStatus\": \"NotConfigured\"\r\n },\r\n {\r\n \"path\": \"[msi] CN=MICROSOFT AZURE 3RD PARTY CODE SIGN\\\\*\\\\*\\\\0.0.0.0\",\r\n \"type\": \"PublisherSignature\",\r\n \"publisherInfo\": {\r\n \"publisherName\": \"CN=MICROSOFT AZURE 3RD PARTY CODE SIGN\",\r\n \"productName\": \"*\",\r\n \"binaryName\": \"*\",\r\n \"version\": \"0.0.0.0\"\r\n },\r\n \"common\": true,\r\n \"action\": \"Recommended\",\r\n \"usernames\": [\r\n {\r\n \"username\": \"Everyone\",\r\n \"recommendationAction\": \"Recommended\"\r\n }\r\n ],\r\n \"userSids\": [\r\n \"S-1-1-0\"\r\n ],\r\n \"fileType\": \"msi\",\r\n \"configurationStatus\": \"NotConfigured\"\r\n }\r\n ],\r\n \"configurationStatus\": \"Configured\",\r\n \"issues\": [],\r\n \"location\": \"centralus\",\r\n \"sourceSystem\": \"Azure_AppLocker\",\r\n \"protectionMode\": {\r\n \"exe\": \"Audit\",\r\n \"msi\": \"None\",\r\n \"script\": \"None\"\r\n }\r\n }\r\n}",
+ "StatusCode": 200
+ }
+ ],
+ "Names": {},
+ "Variables": {
+ "SubscriptionId": "487bb485-b5b0-471e-9c0d-10717612f869"
+ }
+}
\ No newline at end of file
diff --git a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/AdaptiveApplicationControlsTests/AdaptiveApplicationControls_List.json b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/AdaptiveApplicationControlsTests/AdaptiveApplicationControls_List.json
new file mode 100644
index 000000000000..41c134b7dbe0
--- /dev/null
+++ b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/AdaptiveApplicationControlsTests/AdaptiveApplicationControls_List.json
@@ -0,0 +1,72 @@
+{
+ "Entries": [
+ {
+ "RequestUri": "/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/providers/Microsoft.Security/applicationWhitelistings?api-version=2020-01-01",
+ "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvNDg3YmI0ODUtYjViMC00NzFlLTljMGQtMTA3MTc2MTJmODY5L3Byb3ZpZGVycy9NaWNyb3NvZnQuU2VjdXJpdHkvYXBwbGljYXRpb25XaGl0ZWxpc3RpbmdzP2FwaS12ZXJzaW9uPTIwMjAtMDEtMDE=",
+ "RequestMethod": "GET",
+ "RequestBody": "",
+ "RequestHeaders": {
+ "x-ms-client-request-id": [
+ "e4e201f1-8d05-44d9-9158-14b36c64fc86"
+ ],
+ "accept-language": [
+ "en-US"
+ ],
+ "User-Agent": [
+ "FxVersion/4.6.26614.01",
+ "OSName/Windows",
+ "OSVersion/Microsoft.Windows.10.0.18363.",
+ "Microsoft.Azure.Management.Security.SecurityCenterClient/1.1.2.0"
+ ]
+ },
+ "ResponseHeaders": {
+ "Cache-Control": [
+ "no-cache"
+ ],
+ "Date": [
+ "Thu, 30 Apr 2020 13:18:36 GMT"
+ ],
+ "Pragma": [
+ "no-cache"
+ ],
+ "x-ms-original-request-ids": [
+ "ec50a763-191f-4adc-a82f-680b07466c3c",
+ "dbf50027-6a28-4418-8580-fc4f35532832"
+ ],
+ "x-ms-ratelimit-remaining-subscription-resource-requests": [
+ "99"
+ ],
+ "x-ms-request-id": [
+ "b24357fd-6b95-430f-bd5b-db098511f5de"
+ ],
+ "x-ms-correlation-request-id": [
+ "b24357fd-6b95-430f-bd5b-db098511f5de"
+ ],
+ "x-ms-routing-request-id": [
+ "GERMANYWESTCENTRAL:20200430T131836Z:b24357fd-6b95-430f-bd5b-db098511f5de"
+ ],
+ "Strict-Transport-Security": [
+ "max-age=31536000; includeSubDomains"
+ ],
+ "X-Content-Type-Options": [
+ "nosniff"
+ ],
+ "Content-Length": [
+ "77782"
+ ],
+ "Content-Type": [
+ "application/json; charset=utf-8"
+ ],
+ "Expires": [
+ "-1"
+ ]
+ },
+ "ResponseBody": "{\r\n \"value\": [\r\n {\r\n \"id\": \"\/subscriptions\/487bb485-b5b0-471e-9c0d-10717612f869\/providers\/Microsoft.Security\/locations\/centralus\/applicationWhitelistings\/MyGroup\",\r\n \"name\": \"MyGroup\",\r\n \"type\": \"Microsoft.Security\/applicationWhitelistings\",\r\n \"location\": \"centralus\",\r\n \"properties\": {\r\n \"recommendationStatus\": \"Recommended\",\r\n \"enforcementMode\": \"Audit\",\r\n \"vmRecommendations\": [\r\n {\r\n \"configurationStatus\": \"Configured\",\r\n \"resourceId\": \"\/subscriptions\/487bb485-b5b0-471e-9c0d-10717612f869\/resourcegroups\/MyResourceGroup\/providers\/microsoft.compute\/virtualmachines\/MyVm\",\r\n \"recommendationAction\": \"Recommended\",\r\n \"recommendedDates\": [],\r\n \"enforcementSupport\": \"Supported\"\r\n },\r\n {\r\n \"configurationStatus\": \"Configured\",\r\n \"resourceId\": \"\/subscriptions\/487bb485-b5b0-471e-9c0d-10717612f869\/resourcegroups\/MyResourceGroup2\/providers\/microsoft.compute\/virtualmachines\/MyVm2\",\r\n \"recommendationAction\": \"Recommended\",\r\n \"recommendedDates\": [],\r\n \"enforcementSupport\": \"Supported\"\r\n }\r\n ],\r\n \"pathRecommendations\": [],\r\n \"configurationStatus\": \"Configured\",\r\n \"issues\": [],\r\n \"location\": \"centralus\",\r\n \"sourceSystem\": \"Azure_AppLocker\",\r\n \"protectionMode\": {\r\n \"exe\": \"Audit\",\r\n \"msi\": \"None\",\r\n \"script\": \"None\"\r\n }\r\n }\r\n },\r\n {\r\n \"id\": \"\/subscriptions\/487bb485-b5b0-471e-9c0d-10717612f869\/providers\/Microsoft.Security\/locations\/centralus\/applicationWhitelistings\/MyGroup2\",\r\n \"name\": \"MyGroup2\",\r\n \"type\": \"Microsoft.Security\/applicationWhitelistings\",\r\n \"location\": \"centralus\",\r\n \"properties\": {\r\n \"recommendationStatus\": \"Recommended\",\r\n \"enforcementMode\": \"Audit\",\r\n \"vmRecommendations\": [\r\n {\r\n \"configurationStatus\": \"Configured\",\r\n \"resourceId\": \"\/subscriptions\/487bb485-b5b0-471e-9c0d-10717612f869\/resourcegroups\/MyResourceGroup3\/providers\/microsoft.compute\/virtualmachines\/MyVm3\",\r\n \"recommendationAction\": \"Recommended\",\r\n \"recommendedDates\": [\r\n \"2019-12-02T00:00:00Z\",\r\n \"2019-12-03T00:00:00Z\",\r\n \"2019-12-04T00:00:00Z\",\r\n \"2019-12-05T00:00:00Z\",\r\n \"2019-12-06T00:00:00Z\"\r\n ],\r\n \"enforcementSupport\": \"Supported\"\r\n },\r\n {\r\n \"configurationStatus\": \"NoStatus\",\r\n \"resourceId\": \"\/subscriptions\/487bb485-b5b0-471e-9c0d-10717612f869\/resourcegroups\/MyResourceGroup4\/providers\/microsoft.compute\/virtualmachines\/MyVm4\",\r\n \"recommendationAction\": \"Add\",\r\n \"recommendedDates\": [\r\n \"2020-04-23T00:00:00Z\",\r\n \"2020-04-24T00:00:00Z\",\r\n \"2020-04-25T00:00:00Z\",\r\n \"2020-04-26T00:00:00Z\",\r\n \"2020-04-27T00:00:00Z\",\r\n \"2020-04-28T00:00:00Z\",\r\n \"2020-04-29T00:00:00Z\"\r\n ],\r\n \"enforcementSupport\": \"Supported\"\r\n },\r\n {\r\n \"configurationStatus\": \"NoStatus\",\r\n \"resourceId\": \"\/subscriptions\/487bb485-b5b0-471e-9c0d-10717612f869\/resourcegroups\/MyResourceGroup5\/providers\/microsoft.compute\/virtualmachines\/MyVm5\",\r\n \"recommendationAction\": \"Add\",\r\n \"recommendedDates\": [\r\n \"2020-04-24T00:00:00Z\",\r\n \"2020-04-25T00:00:00Z\",\r\n \"2020-04-26T00:00:00Z\",\r\n \"2020-04-27T00:00:00Z\",\r\n \"2020-04-28T00:00:00Z\",\r\n \"2020-04-29T00:00:00Z\"\r\n ],\r\n \"enforcementSupport\": \"Supported\"\r\n }\r\n ],\r\n \"pathRecommendations\": [],\r\n \"configurationStatus\": \"Configured\",\r\n \"issues\": [],\r\n \"location\": \"centralus\",\r\n \"sourceSystem\": \"Azure_AppLocker\",\r\n \"protectionMode\": {\r\n \"exe\": \"Audit\",\r\n \"msi\": \"None\",\r\n \"script\": \"None\"\r\n }\r\n }\r\n }\r\n ]\r\n}",
+ "StatusCode": 200
+ }
+ ],
+ "Names": {},
+ "Variables": {
+ "SubscriptionId": "487bb485-b5b0-471e-9c0d-10717612f869"
+ }
+}
\ No newline at end of file
diff --git a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/AdaptiveApplicationControlsTests/AdaptiveApplicationControls_Put.json b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/AdaptiveApplicationControlsTests/AdaptiveApplicationControls_Put.json
new file mode 100644
index 000000000000..f775907fa9aa
--- /dev/null
+++ b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/AdaptiveApplicationControlsTests/AdaptiveApplicationControls_Put.json
@@ -0,0 +1,77 @@
+{
+ "Entries": [
+ {
+ "RequestUri": "/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/providers/Microsoft.Security/locations/centralus/applicationWhitelistings/TestGroup?api-version=2020-01-01",
+ "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvNDg3YmI0ODUtYjViMC00NzFlLTljMGQtMTA3MTc2MTJmODY5L3Byb3ZpZGVycy9NaWNyb3NvZnQuU2VjdXJpdHkvbG9jYXRpb25zL2NlbnRyYWx1cy9hcHBsaWNhdGlvbldoaXRlbGlzdGluZ3MvVGVzdEdyb3VwP2FwaS12ZXJzaW9uPTIwMjAtMDEtMDE=",
+ "RequestMethod": "PUT",
+ "RequestBody": "{\r\n \"properties\": {\r\n \"protectionMode\": {\r\n \"exe\": \"Audit\",\r\n \"msi\": \"None\",\r\n \"script\": \"None\"\r\n },\r\n \"configurationStatus\": \"NoStatus\",\r\n \"sourceSystem\": \"Azure_AppLocker\"\r\n }\r\n}",
+ "RequestHeaders": {
+ "x-ms-client-request-id": [
+ "7e9f3d3e-a4ac-419d-8f64-be6ad1b1a7c2"
+ ],
+ "accept-language": [
+ "en-US"
+ ],
+ "User-Agent": [
+ "FxVersion/4.6.26614.01",
+ "OSName/Windows",
+ "OSVersion/Microsoft.Windows.10.0.18363.",
+ "Microsoft.Azure.Management.Security.SecurityCenterClient/1.1.2.0"
+ ],
+ "Content-Type": [
+ "application/json; charset=utf-8"
+ ],
+ "Content-Length": [
+ "209"
+ ]
+ },
+ "ResponseHeaders": {
+ "Cache-Control": [
+ "no-cache"
+ ],
+ "Date": [
+ "Thu, 30 Apr 2020 14:04:29 GMT"
+ ],
+ "Pragma": [
+ "no-cache"
+ ],
+ "Server": [
+ "Microsoft-HTTPAPI/2.0"
+ ],
+ "x-ms-request-id": [
+ "39692e9b-5342-4f62-a3d7-758f02286340"
+ ],
+ "x-ms-ratelimit-remaining-subscription-resource-requests": [
+ "99"
+ ],
+ "x-ms-correlation-request-id": [
+ "f15f9729-d711-42f9-b071-d671ccbf5196"
+ ],
+ "x-ms-routing-request-id": [
+ "GERMANYWESTCENTRAL:20200430T140429Z:f15f9729-d711-42f9-b071-d671ccbf5196"
+ ],
+ "Strict-Transport-Security": [
+ "max-age=31536000; includeSubDomains"
+ ],
+ "X-Content-Type-Options": [
+ "nosniff"
+ ],
+ "Content-Length": [
+ "239"
+ ],
+ "Content-Type": [
+ "application/json; charset=utf-8"
+ ],
+ "Expires": [
+ "-1"
+ ]
+ },
+ "ResponseBody": "{\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/providers/Microsoft.Security/locations/centralus/applicationWhitelistings/TestGroup\",\r\n \"name\": \"TestGroup\",\r\n \"type\": \"Microsoft.Security/applicationWhitelistings\",\r\n \"location\": \"centralus\"\r\n}",
+ "StatusCode": 200
+ }
+ ],
+ "Names": {},
+ "Variables": {
+ "SubscriptionId": "487bb485-b5b0-471e-9c0d-10717612f869"
+ }
+}
\ No newline at end of file
diff --git a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/AdaptiveNetworkHardeningsTests/AdaptiveNetworkHardenings_Enforce.json b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/AdaptiveNetworkHardeningsTests/AdaptiveNetworkHardenings_Enforce.json
new file mode 100644
index 000000000000..101fd6cebf71
--- /dev/null
+++ b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/AdaptiveNetworkHardeningsTests/AdaptiveNetworkHardenings_Enforce.json
@@ -0,0 +1,75 @@
+{
+ "Entries": [
+ {
+ "RequestUri": "/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/MyResourceGroup/providers/Microsoft.Compute/virtualMachines/MyVm/providers/Microsoft.Security/adaptiveNetworkHardenings/default/enforce?api-version=2020-01-01",
+ "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvNDg3YmI0ODUtYjViMC00NzFlLTljMGQtMTA3MTc2MTJmODY5L3Jlc291cmNlR3JvdXBzL015UmVzb3VyY2VHcm91cC9wcm92aWRlcnMvTWljcm9zb2Z0LkNvbXB1dGUvdmlydHVhbE1hY2hpbmVzL015Vm0vcHJvdmlkZXJzL01pY3Jvc29mdC5TZWN1cml0eS9hZGFwdGl2ZU5ldHdvcmtIYXJkZW5pbmdzL2RlZmF1bHQvZW5mb3JjZT9hcGktdmVyc2lvbj0yMDIwLTAxLTAx",
+ "RequestMethod": "POST",
+ "RequestBody": "{\r\n \"rules\": [\r\n {\r\n \"name\": \"SystemGenerated\",\r\n \"direction\": \"Inbound\",\r\n \"destinationPort\": 3389,\r\n \"protocols\": [\r\n \"TCP\"\r\n ],\r\n \"ipAddresses\": []\r\n }\r\n ],\r\n \"networkSecurityGroups\": [\r\n \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/MyResourceGroup/providers/Microsoft.Network/networkSecurityGroups/MyNsg\"\r\n ]\r\n}",
+ "RequestHeaders": {
+ "x-ms-client-request-id": [
+ "7e7d2ec3-7aac-48ce-b84a-629ca720a66c"
+ ],
+ "accept-language": [
+ "en-US"
+ ],
+ "User-Agent": [
+ "FxVersion/4.6.26614.01",
+ "OSName/Windows",
+ "OSVersion/Microsoft.Windows.10.0.18363.",
+ "Microsoft.Azure.Management.Security.SecurityCenterClient/1.1.2.0"
+ ],
+ "Content-Type": [
+ "application/json; charset=utf-8"
+ ],
+ "Content-Length": [
+ "395"
+ ]
+ },
+ "ResponseHeaders": {
+ "Cache-Control": [
+ "no-cache"
+ ],
+ "Date": [
+ "Tue, 21 Apr 2020 14:32:17 GMT"
+ ],
+ "Pragma": [
+ "no-cache"
+ ],
+ "Location": [
+ "/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/MyResourceGroup/providers/Microsoft.Compute/virtualMachines/MyVm"
+ ],
+ "Server": [
+ "Microsoft-HTTPAPI/2.0"
+ ],
+ "x-ms-request-id": [
+ "091821f3-8fef-403a-854f-ad9afbeb4c03"
+ ],
+ "x-ms-ratelimit-remaining-subscription-writes": [
+ "1199"
+ ],
+ "x-ms-correlation-request-id": [
+ "67023eaf-e2a0-44aa-8884-dc8b2946a5ff"
+ ],
+ "x-ms-routing-request-id": [
+ "GERMANYWESTCENTRAL:20200421T143217Z:67023eaf-e2a0-44aa-8884-dc8b2946a5ff"
+ ],
+ "Strict-Transport-Security": [
+ "max-age=31536000; includeSubDomains"
+ ],
+ "X-Content-Type-Options": [
+ "nosniff"
+ ],
+ "Content-Length": [
+ "0"
+ ],
+ "Expires": [
+ "-1"
+ ]
+ },
+ "ResponseBody": "",
+ "StatusCode": 202
+ }
+ ],
+ "Names": {},
+ "Variables": {}
+}
\ No newline at end of file
diff --git a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/AdaptiveNetworkHardeningsTests/AdaptiveNetworkHardenings_Get.json b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/AdaptiveNetworkHardeningsTests/AdaptiveNetworkHardenings_Get.json
new file mode 100644
index 000000000000..9697fb82f93f
--- /dev/null
+++ b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/AdaptiveNetworkHardeningsTests/AdaptiveNetworkHardenings_Get.json
@@ -0,0 +1,71 @@
+{
+ "Entries": [
+ {
+ "RequestUri": "/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/MyResourceGroup/providers/Microsoft.Compute/virtualMachines/MyVm/providers/Microsoft.Security/adaptiveNetworkHardenings/default?api-version=2020-01-01",
+ "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvNDg3YmI0ODUtYjViMC00NzFlLTljMGQtMTA3MTc2MTJmODY5L3Jlc291cmNlR3JvdXBzL015UmVzb3VyY2VHcm91cC9wcm92aWRlcnMvTWljcm9zb2Z0LkNvbXB1dGUvdmlydHVhbE1hY2hpbmVzL015Vm0vcHJvdmlkZXJzL01pY3Jvc29mdC5TZWN1cml0eS9hZGFwdGl2ZU5ldHdvcmtIYXJkZW5pbmdzL2RlZmF1bHQ/YXBpLXZlcnNpb249MjAyMC0wMS0wMQ==",
+ "RequestMethod": "GET",
+ "RequestBody": "",
+ "RequestHeaders": {
+ "x-ms-client-request-id": [
+ "daa130fe-d5ea-4d88-8ac3-3b2bff8a1766"
+ ],
+ "accept-language": [
+ "en-US"
+ ],
+ "User-Agent": [
+ "FxVersion/4.6.26614.01",
+ "OSName/Windows",
+ "OSVersion/Microsoft.Windows.10.0.18363.",
+ "Microsoft.Azure.Management.Security.SecurityCenterClient/1.1.2.0"
+ ]
+ },
+ "ResponseHeaders": {
+ "Cache-Control": [
+ "no-cache"
+ ],
+ "Date": [
+ "Tue, 21 Apr 2020 14:32:15 GMT"
+ ],
+ "Pragma": [
+ "no-cache"
+ ],
+ "Server": [
+ "Microsoft-HTTPAPI/2.0"
+ ],
+ "x-ms-request-id": [
+ "6d73c3c4-1038-46ca-942d-bd42cf0efb25"
+ ],
+ "x-ms-ratelimit-remaining-subscription-resource-requests": [
+ "749"
+ ],
+ "x-ms-correlation-request-id": [
+ "4a72ec02-fee9-4ee1-a8cf-56c5b7d504ac"
+ ],
+ "x-ms-routing-request-id": [
+ "GERMANYWESTCENTRAL:20200421T143215Z:4a72ec02-fee9-4ee1-a8cf-56c5b7d504ac"
+ ],
+ "Strict-Transport-Security": [
+ "max-age=31536000; includeSubDomains"
+ ],
+ "X-Content-Type-Options": [
+ "nosniff"
+ ],
+ "Content-Length": [
+ "1252"
+ ],
+ "Content-Type": [
+ "application/json; charset=utf-8"
+ ],
+ "Expires": [
+ "-1"
+ ]
+ },
+ "ResponseBody": "{\r\n \"properties\": {\r\n \"rules\": [\r\n {\r\n \"name\": \"SystemGenerated\",\r\n \"direction\": \"Inbound\",\r\n \"destinationPort\": 3389,\r\n \"protocols\": [\r\n \"TCP\"\r\n ],\r\n \"ipAddresses\": []\r\n },\r\n {\r\n \"name\": \"SystemGenerated\",\r\n \"direction\": \"Inbound\",\r\n \"destinationPort\": 3389,\r\n \"protocols\": [\r\n \"UDP\"\r\n ],\r\n \"ipAddresses\": []\r\n }\r\n ],\r\n \"effectiveNetworkSecurityGroups\": [\r\n {\r\n \"networkInterface\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/MyResourceGroup/providers/Microsoft.Network/networkInterfaces/MSI-1152306441\",\r\n \"networkSecurityGroups\": [\r\n \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/MyResourceGroup/providers/Microsoft.Network/networkSecurityGroups/MyResourceGroupNSG\"\r\n ]\r\n }\r\n ],\r\n \"rulesCalculationTime\": \"2020-04-20T14:15:12.9601721Z\"\r\n },\r\n \"name\": \"default\",\r\n \"type\": \"Microsoft.Security/adaptiveNetworkHardenings\",\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/MyResourceGroup/providers/Microsoft.Compute/virtualMachines/MyVm/providers/Microsoft.Security/adaptiveNetworkHardenings/default\"\r\n}",
+ "StatusCode": 200
+ }
+ ],
+ "Names": {},
+ "Variables": {
+ "SubscriptionId": "487bb485-b5b0-471e-9c0d-10717612f869"
+ }
+}
\ No newline at end of file
diff --git a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/AllowedConnectionsTests/AllowedConnections_Get.json b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/AllowedConnectionsTests/AllowedConnections_Get.json
new file mode 100644
index 000000000000..e19a30fae9df
--- /dev/null
+++ b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/AllowedConnectionsTests/AllowedConnections_Get.json
@@ -0,0 +1,71 @@
+{
+ "Entries": [
+ {
+ "RequestUri": "/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/MyResourceGroup/providers/Microsoft.Security/locations/westcentralus/allowedConnections/internal?api-version=2020-01-01",
+ "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvNDg3YmI0ODUtYjViMC00NzFlLTljMGQtMTA3MTc2MTJmODY5L3Jlc291cmNlR3JvdXBzL015UmVzb3VyY2VHcm91cC9wcm92aWRlcnMvTWljcm9zb2Z0LlNlY3VyaXR5L2xvY2F0aW9ucy93ZXN0Y2VudHJhbHVzL2FsbG93ZWRDb25uZWN0aW9ucy9pbnRlcm5hbD9hcGktdmVyc2lvbj0yMDIwLTAxLTAx",
+ "RequestMethod": "GET",
+ "RequestBody": "",
+ "RequestHeaders": {
+ "x-ms-client-request-id": [
+ "2dce5ed6-be30-4ec6-925e-af3879d87b9e"
+ ],
+ "accept-language": [
+ "en-US"
+ ],
+ "User-Agent": [
+ "FxVersion/4.6.26614.01",
+ "OSName/Windows",
+ "OSVersion/Microsoft.Windows.10.0.18363.",
+ "Microsoft.Azure.Management.Security.SecurityCenterClient/1.1.2.0"
+ ]
+ },
+ "ResponseHeaders": {
+ "Cache-Control": [
+ "no-cache"
+ ],
+ "Date": [
+ "Tue, 21 Apr 2020 13:09:55 GMT"
+ ],
+ "Pragma": [
+ "no-cache"
+ ],
+ "Server": [
+ "Microsoft-HTTPAPI/2.0"
+ ],
+ "x-ms-request-id": [
+ "ad35b050-6881-4e7d-a6a7-085d4f606481"
+ ],
+ "x-ms-ratelimit-remaining-subscription-resource-requests": [
+ "749"
+ ],
+ "x-ms-correlation-request-id": [
+ "ecd14573-bc9f-49e6-af44-38a9211efb57"
+ ],
+ "x-ms-routing-request-id": [
+ "GERMANYWESTCENTRAL:20200421T130956Z:ecd14573-bc9f-49e6-af44-38a9211efb57"
+ ],
+ "Strict-Transport-Security": [
+ "max-age=31536000; includeSubDomains"
+ ],
+ "X-Content-Type-Options": [
+ "nosniff"
+ ],
+ "Content-Length": [
+ "547"
+ ],
+ "Content-Type": [
+ "application/json; charset=utf-8"
+ ],
+ "Expires": [
+ "-1"
+ ]
+ },
+ "ResponseBody": "{\r\n \"type\": \"Microsoft.Security/locations/allowedConnections\",\r\n \"properties\": {\r\n \"calculatedDateTime\": \"2020-04-21T13:07:28.6223035Z\",\r\n \"connectableResources\": [\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/MyResourceGroup/providers/Microsoft.Compute/virtualMachines/MyVm\",\r\n \"inboundConnectedResources\": [],\r\n \"outboundConnectedResources\": []\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/MyResourceGroup/providers/Microsoft.Security/locations/westcentralus/allowedConnections/Internal\",\r\n \"name\": \"Internal\",\r\n \"location\": \"westcentralus\"\r\n}",
+ "StatusCode": 200
+ }
+ ],
+ "Names": {},
+ "Variables": {
+ "SubscriptionId": "487bb485-b5b0-471e-9c0d-10717612f869"
+ }
+}
\ No newline at end of file
diff --git a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/AllowedConnectionsTests/AllowedConnections_List.json b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/AllowedConnectionsTests/AllowedConnections_List.json
new file mode 100644
index 000000000000..6a5da75a7970
--- /dev/null
+++ b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/AllowedConnectionsTests/AllowedConnections_List.json
@@ -0,0 +1,73 @@
+{
+ "Entries": [
+ {
+ "RequestUri": "/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/providers/Microsoft.Security/allowedConnections?api-version=2020-01-01",
+ "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvNDg3YmI0ODUtYjViMC00NzFlLTljMGQtMTA3MTc2MTJmODY5L3Byb3ZpZGVycy9NaWNyb3NvZnQuU2VjdXJpdHkvYWxsb3dlZENvbm5lY3Rpb25zP2FwaS12ZXJzaW9uPTIwMjAtMDEtMDE=",
+ "RequestMethod": "GET",
+ "RequestBody": "",
+ "RequestHeaders": {
+ "x-ms-client-request-id": [
+ "4c03f58e-b1c6-4957-bfd1-86401eb11734"
+ ],
+ "accept-language": [
+ "en-US"
+ ],
+ "User-Agent": [
+ "FxVersion/4.6.26614.01",
+ "OSName/Windows",
+ "OSVersion/Microsoft.Windows.10.0.18363.",
+ "Microsoft.Azure.Management.Security.SecurityCenterClient/1.1.2.0"
+ ]
+ },
+ "ResponseHeaders": {
+ "Cache-Control": [
+ "no-cache"
+ ],
+ "Date": [
+ "Tue, 21 Apr 2020 13:09:25 GMT"
+ ],
+ "Pragma": [
+ "no-cache"
+ ],
+ "x-ms-original-request-ids": [
+ "",
+ "",
+ "26b58356-6277-4e69-82b5-ca40d31777c7"
+ ],
+ "x-ms-ratelimit-remaining-subscription-resource-requests": [
+ "749"
+ ],
+ "x-ms-request-id": [
+ "a5bb43b5-bb0c-4aef-997d-311853eece80"
+ ],
+ "x-ms-correlation-request-id": [
+ "a5bb43b5-bb0c-4aef-997d-311853eece80"
+ ],
+ "x-ms-routing-request-id": [
+ "GERMANYWESTCENTRAL:20200421T130926Z:a5bb43b5-bb0c-4aef-997d-311853eece80"
+ ],
+ "Strict-Transport-Security": [
+ "max-age=31536000; includeSubDomains"
+ ],
+ "X-Content-Type-Options": [
+ "nosniff"
+ ],
+ "Content-Length": [
+ "2533668"
+ ],
+ "Content-Type": [
+ "application/json; charset=utf-8"
+ ],
+ "Expires": [
+ "-1"
+ ]
+ },
+ "ResponseBody": "{\r\n \"value\": [\r\n {\r\n \"type\": \"Microsoft.Security\/locations\/allowedConnections\",\r\n \"properties\": {\r\n \"calculatedDateTime\": \"2020-04-21T13:07:28.6223035Z\",\r\n \"connectableResources\": [\r\n {\r\n \"id\": \"\/subscriptions\/487bb485-b5b0-471e-9c0d-10717612f869\/resourceGroups\/MyResourceGroup\/providers\/Microsoft.Compute\/virtualMachines\/MyVm\",\r\n \"inboundConnectedResources\": [],\r\n \"outboundConnectedResources\": []\r\n }\r\n ]\r\n },\r\n \"id\": \"\/subscriptions\/487bb485-b5b0-471e-9c0d-10717612f869\/resourceGroups\/MyResourceGroup\/providers\/Microsoft.Security\/locations\/westcentralus\/allowedConnections\/Internal\",\r\n \"name\": \"Internal\",\r\n \"location\": \"westcentralus\"\r\n}\r\n ]\r\n }",
+ "StatusCode": 200
+ }
+ ],
+ "Names": {},
+ "Variables": {
+ "SubscriptionId": "487bb485-b5b0-471e-9c0d-10717612f869"
+ }
+}
\ No newline at end of file
diff --git a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/CompliancesTests/Compliances_Get.json b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/CompliancesTests/Compliances_Get.json
index be90e9dc06ff..2469717e881c 100644
--- a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/CompliancesTests/Compliances_Get.json
+++ b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/CompliancesTests/Compliances_Get.json
@@ -1,67 +1,66 @@
{
"Entries": [
{
- "RequestUri": "/%2Fsubscriptions%2F487bb485-b5b0-471e-9c0d-10717612f869/providers/Microsoft.Security/compliances/2018-07-05Z?api-version=2017-08-01-preview",
- "EncodedRequestUri": "LyUyRnN1YnNjcmlwdGlvbnMlMkY0ODdiYjQ4NS1iNWIwLTQ3MWUtOWMwZC0xMDcxNzYxMmY4NjkvcHJvdmlkZXJzL01pY3Jvc29mdC5TZWN1cml0eS9jb21wbGlhbmNlcy8yMDE4LTA3LTA1Wj9hcGktdmVyc2lvbj0yMDE3LTA4LTAxLXByZXZpZXc=",
+ "RequestUri": "/%2Fsubscriptions%2F487bb485-b5b0-471e-9c0d-10717612f869/providers/Microsoft.Security/compliances/2020-05-03Z?api-version=2017-08-01-preview",
+ "EncodedRequestUri": "LyUyRnN1YnNjcmlwdGlvbnMlMkY0ODdiYjQ4NS1iNWIwLTQ3MWUtOWMwZC0xMDcxNzYxMmY4NjkvcHJvdmlkZXJzL01pY3Jvc29mdC5TZWN1cml0eS9jb21wbGlhbmNlcy8yMDIwLTA1LTAzWj9hcGktdmVyc2lvbj0yMDE3LTA4LTAxLXByZXZpZXc=",
"RequestMethod": "GET",
"RequestBody": "",
"RequestHeaders": {
"x-ms-client-request-id": [
- "c84d3966-c57a-4716-855c-dde4bfeaaebc"
+ "09152685-b33d-4d39-aba0-83e2eb4fb199"
],
"accept-language": [
"en-US"
],
"User-Agent": [
- "FxVersion/4.6.25211.01",
- "Microsoft.Azure.Management.Security.SecurityCenterClient/0.1.0.0"
+ "FxVersion/4.6.26614.01",
+ "OSName/Windows",
+ "OSVersion/Microsoft.Windows.10.0.18363.",
+ "Microsoft.Azure.Management.Security.SecurityCenterClient/1.1.3.0"
]
},
- "ResponseBody": "{\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/providers/Microsoft.Security/compliances/2018-07-05Z\",\r\n \"name\": \"2018-07-05Z\",\r\n \"type\": \"Microsoft.Security/compliances\",\r\n \"properties\": {\r\n \"scope\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"assessmentResult\": [\r\n {\r\n \"type\": \"Compliant\",\r\n \"percentage\": 0.33333333333333331\r\n }\r\n ],\r\n \"resourceCount\": 6,\r\n \"assessmentTimestampUtcDate\": \"2018-07-05T00:00:00Z\"\r\n }\r\n}",
"ResponseHeaders": {
- "Content-Type": [
- "application/json; charset=utf-8"
- ],
- "Expires": [
- "-1"
- ],
"Cache-Control": [
"no-cache"
],
"Date": [
- "Sun, 22 Jul 2018 12:52:42 GMT"
+ "Sun, 03 May 2020 19:58:07 GMT"
],
"Pragma": [
"no-cache"
],
- "Transfer-Encoding": [
- "chunked"
- ],
"Server": [
"Microsoft-HTTPAPI/2.0"
],
- "Vary": [
- "Accept-Encoding"
- ],
"x-ms-request-id": [
- "9495a773-9366-4806-add5-92c05ac99eaf"
+ "9e2d5a72-70dc-46db-a395-a830aa29ca40"
],
"x-ms-ratelimit-remaining-subscription-resource-requests": [
"749"
],
"x-ms-correlation-request-id": [
- "4c71a832-61bc-41e3-8de9-a41f452e0ce8"
+ "a6f89a0f-3e17-40d2-bc41-58c402f3bcf6"
],
"x-ms-routing-request-id": [
- "UKSOUTH:20180722T125242Z:4c71a832-61bc-41e3-8de9-a41f452e0ce8"
+ "GERMANYWESTCENTRAL:20200503T195807Z:a6f89a0f-3e17-40d2-bc41-58c402f3bcf6"
],
"Strict-Transport-Security": [
"max-age=31536000; includeSubDomains"
],
"X-Content-Type-Options": [
"nosniff"
+ ],
+ "Content-Length": [
+ "381"
+ ],
+ "Content-Type": [
+ "application/json; charset=utf-8"
+ ],
+ "Expires": [
+ "-1"
]
},
+ "ResponseBody": "{\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/providers/Microsoft.Security/compliances/2020-05-03Z\",\r\n \"name\": \"2020-05-03Z\",\r\n \"type\": \"Microsoft.Security/compliances\",\r\n \"properties\": {\r\n \"scope\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"assessmentResult\": [\r\n {\r\n \"type\": \"Compliant\",\r\n \"percentage\": 0.5\r\n }\r\n ],\r\n \"resourceCount\": 14,\r\n \"assessmentTimestampUtcDate\": \"2020-05-03T00:00:00Z\"\r\n }\r\n}",
"StatusCode": 200
}
],
diff --git a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/JitNetworkAccessPoliciesTests/JitNetworkAccessPolicies_CreateOrUpdate.json b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/JitNetworkAccessPoliciesTests/JitNetworkAccessPolicies_CreateOrUpdate.json
index 34f8d89fe94f..95e04411e5dc 100644
--- a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/JitNetworkAccessPoliciesTests/JitNetworkAccessPolicies_CreateOrUpdate.json
+++ b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/JitNetworkAccessPoliciesTests/JitNetworkAccessPolicies_CreateOrUpdate.json
@@ -1,8 +1,8 @@
{
"Entries": [
{
- "RequestUri": "/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/mainWS/providers/Microsoft.Security/locations/northeurope/jitNetworkAccessPolicies/default?api-version=2015-06-01-preview",
- "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvNDg3YmI0ODUtYjViMC00NzFlLTljMGQtMTA3MTc2MTJmODY5L3Jlc291cmNlR3JvdXBzL21haW5XUy9wcm92aWRlcnMvTWljcm9zb2Z0LlNlY3VyaXR5L2xvY2F0aW9ucy9ub3J0aGV1cm9wZS9qaXROZXR3b3JrQWNjZXNzUG9saWNpZXMvZGVmYXVsdD9hcGktdmVyc2lvbj0yMDE1LTA2LTAxLXByZXZpZXc=",
+ "RequestUri": "/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/mainWS/providers/Microsoft.Security/locations/northeurope/jitNetworkAccessPolicies/default?api-version=2020-01-01",
+ "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvNDg3YmI0ODUtYjViMC00NzFlLTljMGQtMTA3MTc2MTJmODY5L3Jlc291cmNlR3JvdXBzL21haW5XUy9wcm92aWRlcnMvTWljcm9zb2Z0LlNlY3VyaXR5L2xvY2F0aW9ucy9ub3J0aGV1cm9wZS9qaXROZXR3b3JrQWNjZXNzUG9saWNpZXMvZGVmYXVsdD9hcGktdmVyc2lvbj0yMDIwLTAxLTAx",
"RequestMethod": "PUT",
"RequestBody": "{\r\n \"kind\": \"Basic\",\r\n \"properties\": {\r\n \"virtualMachines\": [\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Compute/virtualMachines/syslogmyservice1vm\",\r\n \"ports\": [\r\n {\r\n \"number\": 8080,\r\n \"protocol\": \"TCP\",\r\n \"allowedSourceAddressPrefix\": \"192.168.0.5\",\r\n \"maxRequestAccessDuration\": \"PT5H\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n}",
"RequestHeaders": {
diff --git a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/JitNetworkAccessPoliciesTests/JitNetworkAccessPolicies_Delete.json b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/JitNetworkAccessPoliciesTests/JitNetworkAccessPolicies_Delete.json
index 7ab2c4171af6..541c5db3db60 100644
--- a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/JitNetworkAccessPoliciesTests/JitNetworkAccessPolicies_Delete.json
+++ b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/JitNetworkAccessPoliciesTests/JitNetworkAccessPolicies_Delete.json
@@ -1,8 +1,8 @@
{
"Entries": [
{
- "RequestUri": "/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/mainWS/providers/Microsoft.Security/locations/northeurope/jitNetworkAccessPolicies/default?api-version=2015-06-01-preview",
- "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvNDg3YmI0ODUtYjViMC00NzFlLTljMGQtMTA3MTc2MTJmODY5L3Jlc291cmNlR3JvdXBzL21haW5XUy9wcm92aWRlcnMvTWljcm9zb2Z0LlNlY3VyaXR5L2xvY2F0aW9ucy9ub3J0aGV1cm9wZS9qaXROZXR3b3JrQWNjZXNzUG9saWNpZXMvZGVmYXVsdD9hcGktdmVyc2lvbj0yMDE1LTA2LTAxLXByZXZpZXc=",
+ "RequestUri": "/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/mainWS/providers/Microsoft.Security/locations/northeurope/jitNetworkAccessPolicies/default?api-version=2020-01-01",
+ "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvNDg3YmI0ODUtYjViMC00NzFlLTljMGQtMTA3MTc2MTJmODY5L3Jlc291cmNlR3JvdXBzL21haW5XUy9wcm92aWRlcnMvTWljcm9zb2Z0LlNlY3VyaXR5L2xvY2F0aW9ucy9ub3J0aGV1cm9wZS9qaXROZXR3b3JrQWNjZXNzUG9saWNpZXMvZGVmYXVsdD9hcGktdmVyc2lvbj0yMDIwLTAxLTAx",
"RequestMethod": "DELETE",
"RequestBody": "",
"RequestHeaders": {
diff --git a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/JitNetworkAccessPoliciesTests/JitNetworkAccessPolicies_Get.json b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/JitNetworkAccessPoliciesTests/JitNetworkAccessPolicies_Get.json
index a4d7b134a87d..b3e3547110a7 100644
--- a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/JitNetworkAccessPoliciesTests/JitNetworkAccessPolicies_Get.json
+++ b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/JitNetworkAccessPoliciesTests/JitNetworkAccessPolicies_Get.json
@@ -1,8 +1,8 @@
{
"Entries": [
{
- "RequestUri": "/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/northeurope/jitNetworkAccessPolicies/default?api-version=2015-06-01-preview",
- "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvNDg3YmI0ODUtYjViMC00NzFlLTljMGQtMTA3MTc2MTJmODY5L3Jlc291cmNlR3JvdXBzL215U2VydmljZTEvcHJvdmlkZXJzL01pY3Jvc29mdC5TZWN1cml0eS9sb2NhdGlvbnMvbm9ydGhldXJvcGUvaml0TmV0d29ya0FjY2Vzc1BvbGljaWVzL2RlZmF1bHQ/YXBpLXZlcnNpb249MjAxNS0wNi0wMS1wcmV2aWV3",
+ "RequestUri": "/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/northeurope/jitNetworkAccessPolicies/default?api-version=2020-01-01",
+ "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvNDg3YmI0ODUtYjViMC00NzFlLTljMGQtMTA3MTc2MTJmODY5L3Jlc291cmNlR3JvdXBzL215U2VydmljZTEvcHJvdmlkZXJzL01pY3Jvc29mdC5TZWN1cml0eS9sb2NhdGlvbnMvbm9ydGhldXJvcGUvaml0TmV0d29ya0FjY2Vzc1BvbGljaWVzL2RlZmF1bHQ/YXBpLXZlcnNpb249MjAyMC0wMS0wMQ==",
"RequestMethod": "GET",
"RequestBody": "",
"RequestHeaders": {
diff --git a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/JitNetworkAccessPoliciesTests/JitNetworkAccessPolicies_Initiate.json b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/JitNetworkAccessPoliciesTests/JitNetworkAccessPolicies_Initiate.json
index aa4ff2d8986c..eb675f0cf295 100644
--- a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/JitNetworkAccessPoliciesTests/JitNetworkAccessPolicies_Initiate.json
+++ b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/JitNetworkAccessPoliciesTests/JitNetworkAccessPolicies_Initiate.json
@@ -1,8 +1,8 @@
{
"Entries": [
{
- "RequestUri": "/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/northeurope/jitNetworkAccessPolicies/default/initiate?api-version=2015-06-01-preview",
- "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvNDg3YmI0ODUtYjViMC00NzFlLTljMGQtMTA3MTc2MTJmODY5L3Jlc291cmNlR3JvdXBzL215U2VydmljZTEvcHJvdmlkZXJzL01pY3Jvc29mdC5TZWN1cml0eS9sb2NhdGlvbnMvbm9ydGhldXJvcGUvaml0TmV0d29ya0FjY2Vzc1BvbGljaWVzL2RlZmF1bHQvaW5pdGlhdGU/YXBpLXZlcnNpb249MjAxNS0wNi0wMS1wcmV2aWV3",
+ "RequestUri": "/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/northeurope/jitNetworkAccessPolicies/default/initiate?api-version=2020-01-01",
+ "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvNDg3YmI0ODUtYjViMC00NzFlLTljMGQtMTA3MTc2MTJmODY5L3Jlc291cmNlR3JvdXBzL215U2VydmljZTEvcHJvdmlkZXJzL01pY3Jvc29mdC5TZWN1cml0eS9sb2NhdGlvbnMvbm9ydGhldXJvcGUvaml0TmV0d29ya0FjY2Vzc1BvbGljaWVzL2RlZmF1bHQvaW5pdGlhdGU/YXBpLXZlcnNpb249MjAyMC0wMS0wMQ==",
"RequestMethod": "POST",
"RequestBody": "{\r\n \"virtualMachines\": [\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Compute/virtualMachines/testService\",\r\n \"ports\": [\r\n {\r\n \"number\": 3389,\r\n \"endTimeUtc\": \"2018-07-22T15:51:55.21337Z\"\r\n }\r\n ]\r\n }\r\n ]\r\n}",
"RequestHeaders": {
diff --git a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/JitNetworkAccessPoliciesTests/JitNetworkAccessPolicies_List.json b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/JitNetworkAccessPoliciesTests/JitNetworkAccessPolicies_List.json
index e0ae779978f7..390bda8454da 100644
--- a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/JitNetworkAccessPoliciesTests/JitNetworkAccessPolicies_List.json
+++ b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/JitNetworkAccessPoliciesTests/JitNetworkAccessPolicies_List.json
@@ -1,8 +1,8 @@
{
"Entries": [
{
- "RequestUri": "/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/providers/Microsoft.Security/jitNetworkAccessPolicies?api-version=2015-06-01-preview",
- "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvNDg3YmI0ODUtYjViMC00NzFlLTljMGQtMTA3MTc2MTJmODY5L3Byb3ZpZGVycy9NaWNyb3NvZnQuU2VjdXJpdHkvaml0TmV0d29ya0FjY2Vzc1BvbGljaWVzP2FwaS12ZXJzaW9uPTIwMTUtMDYtMDEtcHJldmlldw==",
+ "RequestUri": "/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/providers/Microsoft.Security/jitNetworkAccessPolicies?api-version=2020-01-01",
+ "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvNDg3YmI0ODUtYjViMC00NzFlLTljMGQtMTA3MTc2MTJmODY5L3Byb3ZpZGVycy9NaWNyb3NvZnQuU2VjdXJpdHkvaml0TmV0d29ya0FjY2Vzc1BvbGljaWVzP2FwaS12ZXJzaW9uPTIwMjAtMDEtMDE=",
"RequestMethod": "GET",
"RequestBody": "",
"RequestHeaders": {
diff --git a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/JitNetworkAccessPoliciesTests/JitNetworkAccessPolicies_ListByRegion.json b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/JitNetworkAccessPoliciesTests/JitNetworkAccessPolicies_ListByRegion.json
index 4a066a0e0b4e..138ad44864c8 100644
--- a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/JitNetworkAccessPoliciesTests/JitNetworkAccessPolicies_ListByRegion.json
+++ b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/JitNetworkAccessPoliciesTests/JitNetworkAccessPolicies_ListByRegion.json
@@ -1,8 +1,8 @@
{
"Entries": [
{
- "RequestUri": "/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/providers/Microsoft.Security/locations/northeurope/jitNetworkAccessPolicies?api-version=2015-06-01-preview",
- "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvNDg3YmI0ODUtYjViMC00NzFlLTljMGQtMTA3MTc2MTJmODY5L3Byb3ZpZGVycy9NaWNyb3NvZnQuU2VjdXJpdHkvbG9jYXRpb25zL25vcnRoZXVyb3BlL2ppdE5ldHdvcmtBY2Nlc3NQb2xpY2llcz9hcGktdmVyc2lvbj0yMDE1LTA2LTAxLXByZXZpZXc=",
+ "RequestUri": "/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/providers/Microsoft.Security/locations/northeurope/jitNetworkAccessPolicies?api-version=2020-01-01",
+ "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvNDg3YmI0ODUtYjViMC00NzFlLTljMGQtMTA3MTc2MTJmODY5L3Byb3ZpZGVycy9NaWNyb3NvZnQuU2VjdXJpdHkvbG9jYXRpb25zL25vcnRoZXVyb3BlL2ppdE5ldHdvcmtBY2Nlc3NQb2xpY2llcz9hcGktdmVyc2lvbj0yMDIwLTAxLTAx",
"RequestMethod": "GET",
"RequestBody": "",
"RequestHeaders": {
diff --git a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/JitNetworkAccessPoliciesTests/JitNetworkAccessPolicies_ListByResourceGroup.json b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/JitNetworkAccessPoliciesTests/JitNetworkAccessPolicies_ListByResourceGroup.json
index 0130b225e33f..5a81ee6056a7 100644
--- a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/JitNetworkAccessPoliciesTests/JitNetworkAccessPolicies_ListByResourceGroup.json
+++ b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/JitNetworkAccessPoliciesTests/JitNetworkAccessPolicies_ListByResourceGroup.json
@@ -1,8 +1,8 @@
{
"Entries": [
{
- "RequestUri": "/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/jitNetworkAccessPolicies?api-version=2015-06-01-preview",
- "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvNDg3YmI0ODUtYjViMC00NzFlLTljMGQtMTA3MTc2MTJmODY5L3Jlc291cmNlR3JvdXBzL215U2VydmljZTEvcHJvdmlkZXJzL01pY3Jvc29mdC5TZWN1cml0eS9qaXROZXR3b3JrQWNjZXNzUG9saWNpZXM/YXBpLXZlcnNpb249MjAxNS0wNi0wMS1wcmV2aWV3",
+ "RequestUri": "/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/jitNetworkAccessPolicies?api-version=2020-01-01",
+ "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvNDg3YmI0ODUtYjViMC00NzFlLTljMGQtMTA3MTc2MTJmODY5L3Jlc291cmNlR3JvdXBzL215U2VydmljZTEvcHJvdmlkZXJzL01pY3Jvc29mdC5TZWN1cml0eS9qaXROZXR3b3JrQWNjZXNzUG9saWNpZXM/YXBpLXZlcnNpb249MjAyMC0wMS0wMQ==",
"RequestMethod": "GET",
"RequestBody": "",
"RequestHeaders": {
diff --git a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/JitNetworkAccessPoliciesTests/JitNetworkAccessPolicies_ListByResourceGroupAndRegion.json b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/JitNetworkAccessPoliciesTests/JitNetworkAccessPolicies_ListByResourceGroupAndRegion.json
index 8b9c07d8c600..26a8eaca594d 100644
--- a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/JitNetworkAccessPoliciesTests/JitNetworkAccessPolicies_ListByResourceGroupAndRegion.json
+++ b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/JitNetworkAccessPoliciesTests/JitNetworkAccessPolicies_ListByResourceGroupAndRegion.json
@@ -1,8 +1,8 @@
{
"Entries": [
{
- "RequestUri": "/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/northeurope/jitNetworkAccessPolicies?api-version=2015-06-01-preview",
- "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvNDg3YmI0ODUtYjViMC00NzFlLTljMGQtMTA3MTc2MTJmODY5L3Jlc291cmNlR3JvdXBzL215U2VydmljZTEvcHJvdmlkZXJzL01pY3Jvc29mdC5TZWN1cml0eS9sb2NhdGlvbnMvbm9ydGhldXJvcGUvaml0TmV0d29ya0FjY2Vzc1BvbGljaWVzP2FwaS12ZXJzaW9uPTIwMTUtMDYtMDEtcHJldmlldw==",
+ "RequestUri": "/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/northeurope/jitNetworkAccessPolicies?api-version=2020-01-01",
+ "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvNDg3YmI0ODUtYjViMC00NzFlLTljMGQtMTA3MTc2MTJmODY5L3Jlc291cmNlR3JvdXBzL215U2VydmljZTEvcHJvdmlkZXJzL01pY3Jvc29mdC5TZWN1cml0eS9sb2NhdGlvbnMvbm9ydGhldXJvcGUvaml0TmV0d29ya0FjY2Vzc1BvbGljaWVzP2FwaS12ZXJzaW9uPTIwMjAtMDEtMDE=",
"RequestMethod": "GET",
"RequestBody": "",
"RequestHeaders": {
diff --git a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/SecurityAlertsTests/SecurityAlerts_GetResourceGroupLevelAlerts.json b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/SecurityAlertsTests/SecurityAlerts_GetResourceGroupLevelAlerts.json
index 95da8280f5d7..ba7a727dff05 100644
--- a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/SecurityAlertsTests/SecurityAlerts_GetResourceGroupLevelAlerts.json
+++ b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/SecurityAlertsTests/SecurityAlerts_GetResourceGroupLevelAlerts.json
@@ -7,7 +7,7 @@
"RequestBody": "",
"RequestHeaders": {
"x-ms-client-request-id": [
- "d2128902-c495-4cdb-af51-cf60d709b41e"
+ "e45fa95e-60c8-4610-8aec-e63c422baa1d"
],
"accept-language": [
"en-US"
@@ -15,8 +15,8 @@
"User-Agent": [
"FxVersion/4.6.26614.01",
"OSName/Windows",
- "OSVersion/Microsoft.Windows.10.0.17763.",
- "Microsoft.Azure.Management.Security.SecurityCenterClient/0.11.0.0"
+ "OSVersion/Microsoft.Windows.10.0.18363.",
+ "Microsoft.Azure.Management.Security.SecurityCenterClient/1.1.3.0"
]
},
"ResponseHeaders": {
@@ -24,26 +24,26 @@
"no-cache"
],
"Date": [
- "Mon, 04 Mar 2019 16:02:06 GMT"
+ "Mon, 04 May 2020 14:43:08 GMT"
],
"Pragma": [
"no-cache"
],
"x-ms-original-request-ids": [
- "a60517c9-10af-4fc4-8150-64c485f429ef",
- "b2ad334e-61d7-4336-8ecd-4c01af0833eb"
+ "6a891c4c-62ab-4bbb-8f99-e134341d6301",
+ "3d0870e6-3daa-40a4-81ed-88f4a15d830d"
],
"x-ms-ratelimit-remaining-subscription-resource-requests": [
- "749"
+ "748"
],
"x-ms-request-id": [
- "62899dad-6484-4348-b274-4e7597b10f87"
+ "9135b2b7-0cd4-47b8-8b83-fb8fa64dd952"
],
"x-ms-correlation-request-id": [
- "62899dad-6484-4348-b274-4e7597b10f87"
+ "9135b2b7-0cd4-47b8-8b83-fb8fa64dd952"
],
"x-ms-routing-request-id": [
- "UKWEST:20190304T160207Z:62899dad-6484-4348-b274-4e7597b10f87"
+ "GERMANYWESTCENTRAL:20200504T144309Z:9135b2b7-0cd4-47b8-8b83-fb8fa64dd952"
],
"Strict-Transport-Security": [
"max-age=31536000; includeSubDomains"
@@ -52,7 +52,7 @@
"nosniff"
],
"Content-Length": [
- "169158"
+ "25641"
],
"Content-Type": [
"application/json; charset=utf-8"
@@ -61,17 +61,17 @@
"-1"
]
},
- "ResponseBody": "{\r\n \"value\": [\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/rg/providers/Microsoft.Security/locations/centralus/alerts/2518532788749999999_66276b36-db2a-4b2c-84ad-9676fe753a01\",\r\n \"name\": \"2518532788749999999_66276b36-db2a-4b2c-84ad-9676fe753a01\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft\",\r\n \"alertDisplayName\": \"Web fingerprinting detected\",\r\n \"alertName\": \"APPS_Nmap\",\r\n \"detectedTimeUtc\": \"2019-03-03T17:40:43Z\",\r\n \"description\": \"Azure App Service activity log indicates a possible web fingerprinting activity on your App Service resource.The suspicious activity detected is associated with NMAP. Attackers often use this tool for probing the web application to find vulnerabilities.\",\r\n \"remediationSteps\": \"If only specific IP addresses should be allowed to access the web app, set IP restrictions (https://docs.microsoft.com/azure/app-service/app-service-ip-restrictions) for it.\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"High\",\r\n \"compromisedEntity\": \"sitename\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/rg/providers/Microsoft.Web/sites/sitename\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"b3d77198-6f95-40ed-9675-10001c2e93cc\",\r\n \"extendedProperties\": {\r\n \"last Event Time\": \"2/11/2019 5:40:46 PM\",\r\n \"sample URIs\": \"/sdk, /, /.git/HEAD, /favicon.ico, /evox/about, /robots.txt, /nmaplowercheck1549906843, /HNAP1\",\r\n \"sample User Agents\": \"Mozilla/5.0+(compatible;+Nmap+Scripting+Engine;+https://nmap.org/book/nse.html)\",\r\n \"sample Referer\": \"-\",\r\n \"resourceType\": \"App Service\"\r\n },\r\n \"state\": \"Dismissed\",\r\n \"reportedTimeUtc\": \"2019-03-03T20:41:03.846Z\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": [\r\n {\r\n \"$id\": \"centralus_1\",\r\n \"hostName\": \"sitename\",\r\n \"azureID\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/rg/providers/Microsoft.Web/sites/sitename\",\r\n \"type\": \"host\"\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/providers/Microsoft.Security/locations/centralus/alerts/2518532788749999999_66276b36-db2a-4b2c-84ad-9676fe753a02\",\r\n \"name\": \"2518532788749999999_66276b36-db2a-4b2c-84ad-9676fe753a02\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft\",\r\n \"alertDisplayName\": \"Web fingerprinting detected\",\r\n \"alertName\": \"APPS_Nmap\",\r\n \"detectedTimeUtc\": \"2019-03-03T17:40:43Z\",\r\n \"description\": \"Azure App Service activity log indicates a possible web fingerprinting activity on your App Service resource.The suspicious activity detected is associated with NMAP. Attackers often use this tool for probing the web application to find vulnerabilities.\",\r\n \"remediationSteps\": \"If only specific IP addresses should be allowed to access the web app, set IP restrictions (https://docs.microsoft.com/azure/app-service/app-service-ip-restrictions) for it.\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"High\",\r\n \"compromisedEntity\": \"sitename\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/providers/Microsoft.Web/sites/sitename\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"b3d77198-6f95-40ed-9675-10001c2e93cd\",\r\n \"extendedProperties\": {\r\n \"last Event Time\": \"2/11/2019 5:40:46 PM\",\r\n \"sample URIs\": \"/sdk, /, /.git/HEAD, /favicon.ico, /evox/about, /robots.txt, /nmaplowercheck1549906843, /HNAP1\",\r\n \"sample User Agents\": \"Mozilla/5.0+(compatible;+Nmap+Scripting+Engine;+https://nmap.org/book/nse.html)\",\r\n \"sample Referer\": \"-\",\r\n \"resourceType\": \"App Service\"\r\n },\r\n \"state\": \"Dismissed\",\r\n \"reportedTimeUtc\": \"2019-03-03T20:41:03.846Z\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": [\r\n {\r\n \"$id\": \"centralus_2\",\r\n \"hostName\": \"sitename\",\r\n \"azureID\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/providers/Microsoft.Web/sites/sitename\",\r\n \"type\": \"host\"\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518505891999999999_c908c4ae-9a04-4d98-bb7e-18c82dfd9a81\",\r\n \"name\": \"2518505891999999999_c908c4ae-9a04-4d98-bb7e-18c82dfd9a81\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-04T15:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"c908c4ae-9a04-4d98-bb7e-18c82dfd9a81\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"159.192.218.25\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T16:00:11.489254Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518505927999999999_38e859b9-60eb-406d-aa42-a54dc5be9b17\",\r\n \"name\": \"2518505927999999999_38e859b9-60eb-406d-aa42-a54dc5be9b17\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-04T14:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"38e859b9-60eb-406d-aa42-a54dc5be9b17\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T15:00:56.8950851Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518505927999999999_3c3f8a61-1245-4e92-be38-ac054249f4a2\",\r\n \"name\": \"2518505927999999999_3c3f8a61-1245-4e92-be38-ac054249f4a2\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-04T14:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with scripting/generic HTTP client Matched Data: python-requests found within REQUEST_HEADERS:User-Agent: python-requests/2.6.0 CPython/2.7.5 Linux/3.10.0-957.1.3.el7.x86_64\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"3c3f8a61-1245-4e92-be38-ac054249f4a2\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T15:00:56.8950851Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518505927999999999_f646ad4c-8a5d-4355-9dfc-56a3f2521310\",\r\n \"name\": \"2518505927999999999_f646ad4c-8a5d-4355-9dfc-56a3f2521310\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-04T14:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 8)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"f646ad4c-8a5d-4355-9dfc-56a3f2521310\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T15:00:56.4081088Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518505963999999999_7e0b842e-b80f-4544-979d-952ed3b60db6\",\r\n \"name\": \"2518505963999999999_7e0b842e-b80f-4544-979d-952ed3b60db6\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-04T13:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"7e0b842e-b80f-4544-979d-952ed3b60db6\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"103.94.170.218,113.161.130.251\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T14:00:41.0033381Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506035999999999_4316a00c-7ac8-4b34-8b74-cf73e2a91b70\",\r\n \"name\": \"2518506035999999999_4316a00c-7ac8-4b34-8b74-cf73e2a91b70\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-04T11:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with scripting/generic HTTP client Matched Data: python-requests found within REQUEST_HEADERS:User-Agent: python-requests/2.6.0 CPython/2.7.5 Linux/3.10.0-957.1.3.el7.x86_64\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"4316a00c-7ac8-4b34-8b74-cf73e2a91b70\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T12:00:02.3651318Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506035999999999_553a1004-ff2f-4d39-9baf-cdb764aa6a1e\",\r\n \"name\": \"2518506035999999999_553a1004-ff2f-4d39-9baf-cdb764aa6a1e\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-04T11:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 8)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"553a1004-ff2f-4d39-9baf-cdb764aa6a1e\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T12:00:01.7153581Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506035999999999_d91570aa-65a5-46de-aee7-98b41a8027e4\",\r\n \"name\": \"2518506035999999999_d91570aa-65a5-46de-aee7-98b41a8027e4\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-04T11:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"d91570aa-65a5-46de-aee7-98b41a8027e4\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"176.32.33.80,103.212.90.36\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T12:00:02.3651318Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506071999999999_129ec79b-c7a6-4082-91af-c6733ce46447\",\r\n \"name\": \"2518506071999999999_129ec79b-c7a6-4082-91af-c6733ce46447\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-04T10:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"129ec79b-c7a6-4082-91af-c6733ce46447\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"51.83.15.87\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T11:00:48.0270644Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506071999999999_784f1ab8-ec53-4216-a522-52669e63bcde\",\r\n \"name\": \"2518506071999999999_784f1ab8-ec53-4216-a522-52669e63bcde\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-04T10:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"784f1ab8-ec53-4216-a522-52669e63bcde\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"45.115.6.194\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T11:00:48.4809846Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506179999999999_a4b834f3-2e4b-406c-bc49-1dc4339732e6\",\r\n \"name\": \"2518506179999999999_a4b834f3-2e4b-406c-bc49-1dc4339732e6\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-04T07:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 8)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"a4b834f3-2e4b-406c-bc49-1dc4339732e6\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T08:00:01.2466784Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506179999999999_e2dfaff2-872b-479b-8ead-f3473da44a88\",\r\n \"name\": \"2518506179999999999_e2dfaff2-872b-479b-8ead-f3473da44a88\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-04T07:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"e2dfaff2-872b-479b-8ead-f3473da44a88\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"179.110.123.218,176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T08:00:02.116777Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506179999999999_e67879f8-55f1-49a0-bfde-d8d076fae90e\",\r\n \"name\": \"2518506179999999999_e67879f8-55f1-49a0-bfde-d8d076fae90e\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-04T07:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with scripting/generic HTTP client Matched Data: python-requests found within REQUEST_HEADERS:User-Agent: python-requests/2.6.0 CPython/2.7.5 Linux/3.10.0-957.1.3.el7.x86_64\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"e67879f8-55f1-49a0-bfde-d8d076fae90e\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T08:00:02.116777Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506215999999999_137fc371-1c41-4da3-9f32-61dbf0c876b3\",\r\n \"name\": \"2518506215999999999_137fc371-1c41-4da3-9f32-61dbf0c876b3\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-04T06:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"137fc371-1c41-4da3-9f32-61dbf0c876b3\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"186.226.218.121,191.37.250.231\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T07:00:47.1096409Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506215999999999_d1922f41-45da-4c89-b3f0-ae2ee97ca464\",\r\n \"name\": \"2518506215999999999_d1922f41-45da-4c89-b3f0-ae2ee97ca464\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-04T06:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"d1922f41-45da-4c89-b3f0-ae2ee97ca464\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"109.73.182.157\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T07:00:46.5853915Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506251999999999_8ad58304-6c26-4379-89fc-b89fcfa1e747\",\r\n \"name\": \"2518506251999999999_8ad58304-6c26-4379-89fc-b89fcfa1e747\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-04T05:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"8ad58304-6c26-4379-89fc-b89fcfa1e747\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"185.123.233.160\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T06:00:33.4180269Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506287999999999_1ed08eec-64cc-4d93-9eea-ea73822c2320\",\r\n \"name\": \"2518506287999999999_1ed08eec-64cc-4d93-9eea-ea73822c2320\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-04T04:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"1ed08eec-64cc-4d93-9eea-ea73822c2320\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T05:00:20.5069656Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506287999999999_8f8d4f63-d98c-4e11-aa94-d1f3886b6afb\",\r\n \"name\": \"2518506287999999999_8f8d4f63-d98c-4e11-aa94-d1f3886b6afb\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-04T04:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with scripting/generic HTTP client Matched Data: python-requests found within REQUEST_HEADERS:User-Agent: python-requests/2.6.0 CPython/2.7.5 Linux/3.10.0-957.1.3.el7.x86_64\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"8f8d4f63-d98c-4e11-aa94-d1f3886b6afb\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T05:00:20.5069656Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506287999999999_e84d6d25-d3fd-4198-a9ea-8d1a695a8a0e\",\r\n \"name\": \"2518506287999999999_e84d6d25-d3fd-4198-a9ea-8d1a695a8a0e\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-04T04:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 8)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"e84d6d25-d3fd-4198-a9ea-8d1a695a8a0e\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T05:00:20.5069656Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506395999999999_025841f9-9581-450c-8349-b96da379d72c\",\r\n \"name\": \"2518506395999999999_025841f9-9581-450c-8349-b96da379d72c\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-04T01:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 8)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"025841f9-9581-450c-8349-b96da379d72c\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T02:00:39.9205038Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506395999999999_21099c91-d37e-4843-966e-55f53d3fe657\",\r\n \"name\": \"2518506395999999999_21099c91-d37e-4843-966e-55f53d3fe657\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-04T01:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with scripting/generic HTTP client Matched Data: python-requests found within REQUEST_HEADERS:User-Agent: python-requests/2.6.0 CPython/2.7.5 Linux/3.10.0-957.1.3.el7.x86_64\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"21099c91-d37e-4843-966e-55f53d3fe657\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T02:00:40.4337488Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506395999999999_997886ee-adcc-4233-b389-4f349a4e4f19\",\r\n \"name\": \"2518506395999999999_997886ee-adcc-4233-b389-4f349a4e4f19\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-04T01:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"997886ee-adcc-4233-b389-4f349a4e4f19\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T02:00:40.4337488Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506431999999999_3628cfac-0858-4075-873e-cb45feafc2d8\",\r\n \"name\": \"2518506431999999999_3628cfac-0858-4075-873e-cb45feafc2d8\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"METHOD-ENFORCEMENT\",\r\n \"alertName\": \"METHOD-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-04T00:00:00Z\",\r\n \"description\": \"Detail:Method is not allowed by policy PROPFIND\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"3628cfac-0858-4075-873e-cb45feafc2d8\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"123.206.22.203\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T01:00:24.1988577Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506431999999999_65048fd9-87b9-4d11-9570-f3ea77419866\",\r\n \"name\": \"2518506431999999999_65048fd9-87b9-4d11-9570-f3ea77419866\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-04T00:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"65048fd9-87b9-4d11-9570-f3ea77419866\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"108\",\r\n \"source IPs\": \"45.170.220.47,123.206.22.203,183.89.68.95\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T01:00:24.1988577Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506431999999999_a8a29940-e0bd-4742-95cc-c6d01e1afe48\",\r\n \"name\": \"2518506431999999999_a8a29940-e0bd-4742-95cc-c6d01e1afe48\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"APPLICATION-ATTACK-SQLI\",\r\n \"alertName\": \"APPLICATION-ATTACK-SQLI\",\r\n \"detectedTimeUtc\": \"2019-03-04T00:00:00Z\",\r\n \"description\": \"Detail:SQL Injection Attack Matched Data: md5 found within ARGS:h: die(@md5(M4rch));\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"a8a29940-e0bd-4742-95cc-c6d01e1afe48\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"16\",\r\n \"source IPs\": \"123.206.22.203\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T01:00:24.1988577Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506431999999999_b41572ea-083b-4743-ab2f-f653b504c3c3\",\r\n \"name\": \"2518506431999999999_b41572ea-083b-4743-ab2f-f653b504c3c3\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-04T00:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 5)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"b41572ea-083b-4743-ab2f-f653b504c3c3\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"41\",\r\n \"source IPs\": \"123.206.22.203\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T01:00:24.1988577Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506431999999999_b463a506-46aa-4a9d-8468-40e2ed74fae2\",\r\n \"name\": \"2518506431999999999_b463a506-46aa-4a9d-8468-40e2ed74fae2\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"APPLICATION-ATTACK-SQLI\",\r\n \"alertName\": \"APPLICATION-ATTACK-SQLI\",\r\n \"detectedTimeUtc\": \"2019-03-04T00:00:00Z\",\r\n \"description\": \"Detail:SQL Injection Attack Matched Data: md5 found within ARGS:h: die(@md5(M4rch));\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"b463a506-46aa-4a9d-8468-40e2ed74fae2\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"24\",\r\n \"source IPs\": \"123.206.22.203\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T01:00:23.6287102Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506431999999999_da18a55d-358d-499b-97e2-d4a9169d6d79\",\r\n \"name\": \"2518506431999999999_da18a55d-358d-499b-97e2-d4a9169d6d79\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-04T00:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 12)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"da18a55d-358d-499b-97e2-d4a9169d6d79\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"43\",\r\n \"source IPs\": \"123.206.22.203\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T01:00:24.1988577Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506431999999999_e188c598-6c5a-4b88-b062-53a84c8e5866\",\r\n \"name\": \"2518506431999999999_e188c598-6c5a-4b88-b062-53a84c8e5866\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-04T00:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"e188c598-6c5a-4b88-b062-53a84c8e5866\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"98\",\r\n \"source IPs\": \"123.206.22.203\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T01:00:24.1988577Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506431999999999_f3759b4d-98d9-4133-820f-c53404075381\",\r\n \"name\": \"2518506431999999999_f3759b4d-98d9-4133-820f-c53404075381\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"APPLICATION-ATTACK-LFI\",\r\n \"alertName\": \"APPLICATION-ATTACK-LFI\",\r\n \"detectedTimeUtc\": \"2019-03-04T00:00:00Z\",\r\n \"description\": \"Detail:Restricted File Access Attempt Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"f3759b4d-98d9-4133-820f-c53404075381\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"123.206.22.203\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T01:00:24.1988577Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506467999999999_e16ffb83-a733-495b-b767-56079cca194b\",\r\n \"name\": \"2518506467999999999_e16ffb83-a733-495b-b767-56079cca194b\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T23:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"e16ffb83-a733-495b-b767-56079cca194b\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"37.57.97.61\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T00:00:05.2118352Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506539999999999_96264969-2f25-4495-8e4a-26d705da8fa9\",\r\n \"name\": \"2518506539999999999_96264969-2f25-4495-8e4a-26d705da8fa9\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-03T21:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with scripting/generic HTTP client Matched Data: python-requests found within REQUEST_HEADERS:User-Agent: python-requests/2.6.0 CPython/2.7.5 Linux/3.10.0-957.1.3.el7.x86_64\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"96264969-2f25-4495-8e4a-26d705da8fa9\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T22:00:34.1747263Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506539999999999_dd92cb6e-f129-4405-9e18-11fa5c1252c2\",\r\n \"name\": \"2518506539999999999_dd92cb6e-f129-4405-9e18-11fa5c1252c2\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T21:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 8)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"dd92cb6e-f129-4405-9e18-11fa5c1252c2\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T22:00:33.6975993Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506539999999999_ecdf89d6-b2a2-4d32-9e16-f7cd67984891\",\r\n \"name\": \"2518506539999999999_ecdf89d6-b2a2-4d32-9e16-f7cd67984891\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T21:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"ecdf89d6-b2a2-4d32-9e16-f7cd67984891\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"41.50.83.103,176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T22:00:34.1747263Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506575999999999_5aee1028-31b6-4d35-93cc-569793a2d3a2\",\r\n \"name\": \"2518506575999999999_5aee1028-31b6-4d35-93cc-569793a2d3a2\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T20:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"5aee1028-31b6-4d35-93cc-569793a2d3a2\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"181.166.19.204\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T21:00:19.3291561Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506611999999999_3c7cfa09-e213-4490-ba8d-a11b72b6d000\",\r\n \"name\": \"2518506611999999999_3c7cfa09-e213-4490-ba8d-a11b72b6d000\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T19:00:00Z\",\r\n \"description\": \"Detail:Request Missing a Host Header\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"3c7cfa09-e213-4490-ba8d-a11b72b6d000\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"178.73.215.171\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T20:00:05.4039046Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506611999999999_af8a5586-7eae-4aba-bb14-5a0d9f18bb97\",\r\n \"name\": \"2518506611999999999_af8a5586-7eae-4aba-bb14-5a0d9f18bb97\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T19:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"af8a5586-7eae-4aba-bb14-5a0d9f18bb97\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"39.96.43.158,200.207.20.30\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T20:00:05.4039046Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506611999999999_ea4eb36f-4b5c-4b3d-a52e-b06a0a8634ac\",\r\n \"name\": \"2518506611999999999_ea4eb36f-4b5c-4b3d-a52e-b06a0a8634ac\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T19:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 5)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"ea4eb36f-4b5c-4b3d-a52e-b06a0a8634ac\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"178.73.215.171\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T20:00:04.9007841Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506647999999999_2049cf22-f78e-45c4-8c8d-620175ea9b67\",\r\n \"name\": \"2518506647999999999_2049cf22-f78e-45c4-8c8d-620175ea9b67\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"APPLICATION-ATTACK-SQLI\",\r\n \"alertName\": \"APPLICATION-ATTACK-SQLI\",\r\n \"detectedTimeUtc\": \"2019-03-03T18:00:00Z\",\r\n \"description\": \"Detail:SQL Injection Attack: SQL Tautology Detected. Matched Data: methodName>system found within ARGS_NAMES: system.listMethods : system.listMethods \",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"2049cf22-f78e-45c4-8c8d-620175ea9b67\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"52.183.58.122\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T19:00:51.2707099Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506647999999999_5dd2d179-737e-47de-a37d-c6b6731c149a\",\r\n \"name\": \"2518506647999999999_5dd2d179-737e-47de-a37d-c6b6731c149a\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-03T18:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with security scanner Matched Data: nmap scripting engine found within REQUEST_HEADERS:User-Agent: Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"5dd2d179-737e-47de-a37d-c6b6731c149a\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"16\",\r\n \"source IPs\": \"52.183.58.122\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T19:00:51.2707099Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506647999999999_7bc4f2d4-49d2-4e83-801e-18e5f7288546\",\r\n \"name\": \"2518506647999999999_7bc4f2d4-49d2-4e83-801e-18e5f7288546\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T18:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 5)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"7bc4f2d4-49d2-4e83-801e-18e5f7288546\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"17\",\r\n \"source IPs\": \"52.183.58.122\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T19:00:51.2707099Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506647999999999_7db374f1-b737-40f9-9801-427d6ded6631\",\r\n \"name\": \"2518506647999999999_7db374f1-b737-40f9-9801-427d6ded6631\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T18:00:00Z\",\r\n \"description\": \"Detail:Request Missing a Host Header\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"7db374f1-b737-40f9-9801-427d6ded6631\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"29\",\r\n \"source IPs\": \"52.183.58.122\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T19:00:51.2707099Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506647999999999_7fdd74ca-ecdc-47c7-8ede-237604683d32\",\r\n \"name\": \"2518506647999999999_7fdd74ca-ecdc-47c7-8ede-237604683d32\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T18:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 10)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"7fdd74ca-ecdc-47c7-8ede-237604683d32\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"18\",\r\n \"source IPs\": \"52.183.58.122\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T19:00:51.2707099Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506647999999999_8a49395c-6a4a-44c1-ada6-5d9e25ad2cb4\",\r\n \"name\": \"2518506647999999999_8a49395c-6a4a-44c1-ada6-5d9e25ad2cb4\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-03T18:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with security scanner Matched Data: nmap scripting engine found within REQUEST_HEADERS:User-Agent: Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"8a49395c-6a4a-44c1-ada6-5d9e25ad2cb4\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"16\",\r\n \"source IPs\": \"52.183.58.122\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T19:00:51.2707099Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506647999999999_9aa674cd-3d5a-44d0-ae78-26bb404bb9cd\",\r\n \"name\": \"2518506647999999999_9aa674cd-3d5a-44d0-ae78-26bb404bb9cd\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"APPLICATION-ATTACK-LFI\",\r\n \"alertName\": \"APPLICATION-ATTACK-LFI\",\r\n \"detectedTimeUtc\": \"2019-03-03T18:00:00Z\",\r\n \"description\": \"Detail:Restricted File Access Attempt Matched Data: /.git/ found within REQUEST_FILENAME: /.git/HEAD\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"9aa674cd-3d5a-44d0-ae78-26bb404bb9cd\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"52.183.58.122\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T19:00:50.6994998Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506647999999999_a1d6f3b7-f990-4f60-aa51-f9dedb286a93\",\r\n \"name\": \"2518506647999999999_a1d6f3b7-f990-4f60-aa51-f9dedb286a93\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"METHOD-ENFORCEMENT\",\r\n \"alertName\": \"METHOD-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T18:00:00Z\",\r\n \"description\": \"Detail:Method is not allowed by policy PROPFIND\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"a1d6f3b7-f990-4f60-aa51-f9dedb286a93\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"4\",\r\n \"source IPs\": \"52.183.58.122\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T19:00:51.2707099Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506647999999999_e88f0966-faba-4c11-806c-1dd3d0f02349\",\r\n \"name\": \"2518506647999999999_e88f0966-faba-4c11-806c-1dd3d0f02349\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T18:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"e88f0966-faba-4c11-806c-1dd3d0f02349\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"30\",\r\n \"source IPs\": \"52.183.58.122\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T19:00:51.2707099Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506683999999999_3ffd1f5a-8a43-42dd-950f-94a708c4eccf\",\r\n \"name\": \"2518506683999999999_3ffd1f5a-8a43-42dd-950f-94a708c4eccf\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-03T17:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with scripting/generic HTTP client Matched Data: Python-urllib found within REQUEST_HEADERS:User-Agent: Python-urllib/2.7\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"3ffd1f5a-8a43-42dd-950f-94a708c4eccf\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"5.189.188.237\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T18:00:33.544093Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506683999999999_45daf153-e9c2-4943-aa00-60a4d57dfe57\",\r\n \"name\": \"2518506683999999999_45daf153-e9c2-4943-aa00-60a4d57dfe57\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T17:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 5)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"45daf153-e9c2-4943-aa00-60a4d57dfe57\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"185\",\r\n \"source IPs\": \"153.37.197.94\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T18:00:34.0159991Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506683999999999_5f021722-537d-490c-bdfd-ac6fc510da5c\",\r\n \"name\": \"2518506683999999999_5f021722-537d-490c-bdfd-ac6fc510da5c\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T17:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"5f021722-537d-490c-bdfd-ac6fc510da5c\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"241\",\r\n \"source IPs\": \"153.37.197.94\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T18:00:34.0159991Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506683999999999_6a5df300-a1b4-4403-a419-eb6688efdf7b\",\r\n \"name\": \"2518506683999999999_6a5df300-a1b4-4403-a419-eb6688efdf7b\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"APPLICATION-ATTACK-SQLI\",\r\n \"alertName\": \"APPLICATION-ATTACK-SQLI\",\r\n \"detectedTimeUtc\": \"2019-03-03T17:00:00Z\",\r\n \"description\": \"Detail:SQL Injection Attack Matched Data: md5 found within ARGS:h: die(@md5(M4rch));\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"6a5df300-a1b4-4403-a419-eb6688efdf7b\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"258\",\r\n \"source IPs\": \"153.37.197.94\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T18:00:34.0159991Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506683999999999_874c6ebd-1e67-4774-a5ce-0d731c1c27db\",\r\n \"name\": \"2518506683999999999_874c6ebd-1e67-4774-a5ce-0d731c1c27db\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T17:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 12)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"874c6ebd-1e67-4774-a5ce-0d731c1c27db\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"187\",\r\n \"source IPs\": \"153.37.197.94,5.189.188.237\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T18:00:34.0159991Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506683999999999_96f96063-0f51-4b5a-8548-a58f55a126bb\",\r\n \"name\": \"2518506683999999999_96f96063-0f51-4b5a-8548-a58f55a126bb\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"APPLICATION-ATTACK-LFI\",\r\n \"alertName\": \"APPLICATION-ATTACK-LFI\",\r\n \"detectedTimeUtc\": \"2019-03-03T17:00:00Z\",\r\n \"description\": \"Detail:Restricted File Access Attempt Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"96f96063-0f51-4b5a-8548-a58f55a126bb\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"153.37.197.94\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T18:00:34.0159991Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506683999999999_a1fd9cb6-278c-4fa8-8378-b88d15b68e37\",\r\n \"name\": \"2518506683999999999_a1fd9cb6-278c-4fa8-8378-b88d15b68e37\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"APPLICATION-ATTACK-SQLI\",\r\n \"alertName\": \"APPLICATION-ATTACK-SQLI\",\r\n \"detectedTimeUtc\": \"2019-03-03T17:00:00Z\",\r\n \"description\": \"Detail:SQL Injection Attack Matched Data: md5 found within ARGS:h: die(@md5(M4rch));\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"a1fd9cb6-278c-4fa8-8378-b88d15b68e37\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"242\",\r\n \"source IPs\": \"153.37.197.94\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T18:00:34.0159991Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506683999999999_e4985ba6-3474-4f25-8d0e-0d29bb6b38c9\",\r\n \"name\": \"2518506683999999999_e4985ba6-3474-4f25-8d0e-0d29bb6b38c9\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T17:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"e4985ba6-3474-4f25-8d0e-0d29bb6b38c9\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"254\",\r\n \"source IPs\": \"143.255.242.186,153.37.197.94,5.189.188.237\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T18:00:34.0159991Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506683999999999_e6988005-220a-4136-82fd-14ef12b4ddf1\",\r\n \"name\": \"2518506683999999999_e6988005-220a-4136-82fd-14ef12b4ddf1\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"METHOD-ENFORCEMENT\",\r\n \"alertName\": \"METHOD-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T17:00:00Z\",\r\n \"description\": \"Detail:Method is not allowed by policy PROPFIND\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"e6988005-220a-4136-82fd-14ef12b4ddf1\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"153.37.197.94\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T18:00:34.0159991Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506719999999999_13a28970-6f30-4c49-8db1-bbeb8c53f358\",\r\n \"name\": \"2518506719999999999_13a28970-6f30-4c49-8db1-bbeb8c53f358\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-03T16:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with scripting/generic HTTP client Matched Data: python-requests found within REQUEST_HEADERS:User-Agent: python-requests/2.6.0 CPython/2.7.5 Linux/3.10.0-957.1.3.el7.x86_64\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"13a28970-6f30-4c49-8db1-bbeb8c53f358\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T17:00:20.7167821Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506719999999999_3dd7d880-0612-484b-9352-47cbe5e955c0\",\r\n \"name\": \"2518506719999999999_3dd7d880-0612-484b-9352-47cbe5e955c0\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T16:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"3dd7d880-0612-484b-9352-47cbe5e955c0\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"4\",\r\n \"source IPs\": \"151.14.49.82,106.12.205.48,176.32.33.80,27.112.69.69\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T17:00:20.7167821Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506719999999999_45ad41ef-a52a-4383-b5a0-cf77d0f52769\",\r\n \"name\": \"2518506719999999999_45ad41ef-a52a-4383-b5a0-cf77d0f52769\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T16:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 8)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"45ad41ef-a52a-4383-b5a0-cf77d0f52769\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T17:00:20.7167821Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506755999999999_08c7bb21-5ce6-4a29-8559-e0f681637727\",\r\n \"name\": \"2518506755999999999_08c7bb21-5ce6-4a29-8559-e0f681637727\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T15:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"08c7bb21-5ce6-4a29-8559-e0f681637727\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"112.109.90.7\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T16:00:13.9856128Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506791999999999_a4f72ed5-04a4-4396-a55f-6c1e53f5de88\",\r\n \"name\": \"2518506791999999999_a4f72ed5-04a4-4396-a55f-6c1e53f5de88\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T14:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"a4f72ed5-04a4-4396-a55f-6c1e53f5de88\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"191.19.156.211\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T15:00:53.1284306Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506791999999999_d7624e51-e813-4e82-9d24-b0c7d1ee54a2\",\r\n \"name\": \"2518506791999999999_d7624e51-e813-4e82-9d24-b0c7d1ee54a2\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T14:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"d7624e51-e813-4e82-9d24-b0c7d1ee54a2\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"191.19.156.211\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T15:00:53.5907512Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506827999999999_5d48c911-b79f-4a9c-adf7-b1f7b542e139\",\r\n \"name\": \"2518506827999999999_5d48c911-b79f-4a9c-adf7-b1f7b542e139\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T13:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"5d48c911-b79f-4a9c-adf7-b1f7b542e139\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"47.44.40.236\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T14:00:40.9369659Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506827999999999_6705b59f-aa53-4b22-a799-0ec168f16554\",\r\n \"name\": \"2518506827999999999_6705b59f-aa53-4b22-a799-0ec168f16554\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T13:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 5)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"6705b59f-aa53-4b22-a799-0ec168f16554\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"86.101.76.223\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T14:00:41.4313385Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506827999999999_8ef4d78a-8e10-42c2-809c-b06a1dbac6ff\",\r\n \"name\": \"2518506827999999999_8ef4d78a-8e10-42c2-809c-b06a1dbac6ff\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T13:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"8ef4d78a-8e10-42c2-809c-b06a1dbac6ff\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"3\",\r\n \"source IPs\": \"86.101.76.223,37.112.145.247\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T14:00:41.4313385Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506863999999999_0a57514d-bfbb-40de-945f-edab4061fa9f\",\r\n \"name\": \"2518506863999999999_0a57514d-bfbb-40de-945f-edab4061fa9f\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-03T12:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with scripting/generic HTTP client Matched Data: python-requests found within REQUEST_HEADERS:User-Agent: python-requests/2.6.0 CPython/2.7.5 Linux/3.10.0-957.1.3.el7.x86_64\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"0a57514d-bfbb-40de-945f-edab4061fa9f\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T13:00:27.4966084Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506863999999999_2aec0c06-933a-4981-bd34-59809b81bdcf\",\r\n \"name\": \"2518506863999999999_2aec0c06-933a-4981-bd34-59809b81bdcf\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T12:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"2aec0c06-933a-4981-bd34-59809b81bdcf\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"3\",\r\n \"source IPs\": \"139.162.106.181,176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T13:00:27.9629747Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506863999999999_3906c573-8bb4-47b5-922d-3a93dacb999a\",\r\n \"name\": \"2518506863999999999_3906c573-8bb4-47b5-922d-3a93dacb999a\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T12:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 5)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"3906c573-8bb4-47b5-922d-3a93dacb999a\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"139.162.106.181,176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T13:00:27.9629747Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506863999999999_ccc614e5-38e9-4794-a4a7-b084779313b2\",\r\n \"name\": \"2518506863999999999_ccc614e5-38e9-4794-a4a7-b084779313b2\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T12:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"ccc614e5-38e9-4794-a4a7-b084779313b2\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"189.79.106.13,175.106.10.226\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T13:00:27.9629747Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506899999999999_0628b610-6b29-45ec-a08c-2561f6201681\",\r\n \"name\": \"2518506899999999999_0628b610-6b29-45ec-a08c-2561f6201681\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T11:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"0628b610-6b29-45ec-a08c-2561f6201681\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"4\",\r\n \"source IPs\": \"170.233.47.249,149.71.160.254,125.64.94.200\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T12:00:05.3305889Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506899999999999_7008ba75-4cc8-4291-93bc-ea17eba8f37c\",\r\n \"name\": \"2518506899999999999_7008ba75-4cc8-4291-93bc-ea17eba8f37c\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T11:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 5)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"7008ba75-4cc8-4291-93bc-ea17eba8f37c\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"125.64.94.200\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T12:00:04.8798965Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506935999999999_6f663a4f-982b-4818-8ef1-f87730e40dcc\",\r\n \"name\": \"2518506935999999999_6f663a4f-982b-4818-8ef1-f87730e40dcc\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T10:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"6f663a4f-982b-4818-8ef1-f87730e40dcc\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"177.190.65.151\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T11:00:50.1566901Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506971999999999_205da57b-4636-44f8-894e-3a78c60e78be\",\r\n \"name\": \"2518506971999999999_205da57b-4636-44f8-894e-3a78c60e78be\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-03T09:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with security scanner Matched Data: zmeu found within REQUEST_HEADERS:User-Agent: ZmEu\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"205da57b-4636-44f8-894e-3a78c60e78be\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"5\",\r\n \"source IPs\": \"202.111.175.134\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T10:00:37.6036112Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506971999999999_36d74c57-219a-48dd-9d85-8edf5dad9605\",\r\n \"name\": \"2518506971999999999_36d74c57-219a-48dd-9d85-8edf5dad9605\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T09:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 8)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"36d74c57-219a-48dd-9d85-8edf5dad9605\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"3\",\r\n \"source IPs\": \"176.32.33.80,202.111.175.134\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T10:00:37.6036112Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506971999999999_51794aa7-6274-4156-b321-a8404ec2c8a1\",\r\n \"name\": \"2518506971999999999_51794aa7-6274-4156-b321-a8404ec2c8a1\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T09:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 13)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"51794aa7-6274-4156-b321-a8404ec2c8a1\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"4\",\r\n \"source IPs\": \"202.111.175.134\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T10:00:36.6754928Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506971999999999_8fd280c9-d229-4ab0-b7c2-a1e6ed13d475\",\r\n \"name\": \"2518506971999999999_8fd280c9-d229-4ab0-b7c2-a1e6ed13d475\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T09:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"8fd280c9-d229-4ab0-b7c2-a1e6ed13d475\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"4\",\r\n \"source IPs\": \"202.111.175.134\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T10:00:37.6036112Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506971999999999_c5f9f5ef-e626-494f-af62-296e9a3aae90\",\r\n \"name\": \"2518506971999999999_c5f9f5ef-e626-494f-af62-296e9a3aae90\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T09:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"c5f9f5ef-e626-494f-af62-296e9a3aae90\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"3\",\r\n \"source IPs\": \"176.32.33.80,202.111.175.134\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T10:00:37.6036112Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506971999999999_f2c8d1c4-1673-484b-a6dd-83ba0f631030\",\r\n \"name\": \"2518506971999999999_f2c8d1c4-1673-484b-a6dd-83ba0f631030\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-03T09:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with scripting/generic HTTP client Matched Data: python-requests found within REQUEST_HEADERS:User-Agent: python-requests/2.6.0 CPython/2.7.5 Linux/3.10.0-957.1.3.el7.x86_64\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"f2c8d1c4-1673-484b-a6dd-83ba0f631030\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"3\",\r\n \"source IPs\": \"176.32.33.80,202.111.175.134\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T10:00:37.6036112Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507007999999999_d08f4e21-7e7a-4f55-8d05-c262b6ea7296\",\r\n \"name\": \"2518507007999999999_d08f4e21-7e7a-4f55-8d05-c262b6ea7296\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T08:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"d08f4e21-7e7a-4f55-8d05-c262b6ea7296\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"200.170.107.213\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T09:00:23.6177593Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507043999999999_4113b94b-e345-435c-9860-319263f7dd62\",\r\n \"name\": \"2518507043999999999_4113b94b-e345-435c-9860-319263f7dd62\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T07:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"4113b94b-e345-435c-9860-319263f7dd62\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"3\",\r\n \"source IPs\": \"185.53.88.120,177.95.121.11\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T08:00:08.812839Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507043999999999_61e42d8a-87ae-4aad-909c-c68cf39040d4\",\r\n \"name\": \"2518507043999999999_61e42d8a-87ae-4aad-909c-c68cf39040d4\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T07:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 5)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"61e42d8a-87ae-4aad-909c-c68cf39040d4\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"185.53.88.120\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T08:00:08.812839Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507043999999999_61fd9c97-c980-48c2-b39a-defed87af2a2\",\r\n \"name\": \"2518507043999999999_61fd9c97-c980-48c2-b39a-defed87af2a2\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T07:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"61fd9c97-c980-48c2-b39a-defed87af2a2\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"189.211.124.220\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T08:00:08.812839Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507079999999999_1b89d7cb-b586-4a38-ad61-75bbaebf2170\",\r\n \"name\": \"2518507079999999999_1b89d7cb-b586-4a38-ad61-75bbaebf2170\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-03T06:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with security scanner Matched Data: masscan found within REQUEST_HEADERS:User-Agent: masscan/1.0 (https://github.com/robertdavidgraham/masscan)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"1b89d7cb-b586-4a38-ad61-75bbaebf2170\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"185.165.169.28\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T07:00:54.0188006Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507079999999999_c2c1230a-f1d5-4fe1-9aa3-0a77e7299186\",\r\n \"name\": \"2518507079999999999_c2c1230a-f1d5-4fe1-9aa3-0a77e7299186\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T06:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 8)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"c2c1230a-f1d5-4fe1-9aa3-0a77e7299186\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"185.165.169.28\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T07:00:53.5777047Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507079999999999_eac52c76-659b-498e-91f5-525511b48ded\",\r\n \"name\": \"2518507079999999999_eac52c76-659b-498e-91f5-525511b48ded\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T06:00:00Z\",\r\n \"description\": \"Detail:Request Missing a Host Header\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"eac52c76-659b-498e-91f5-525511b48ded\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"185.165.169.28\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T07:00:54.0188006Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507115999999999_3f4c572d-c6c7-440c-84e7-7a3f4cd866af\",\r\n \"name\": \"2518507115999999999_3f4c572d-c6c7-440c-84e7-7a3f4cd866af\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T05:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"3f4c572d-c6c7-440c-84e7-7a3f4cd866af\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"191.19.210.54\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T06:00:38.331985Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507115999999999_537e6f2f-d393-4cdf-a530-3255b9cc34c9\",\r\n \"name\": \"2518507115999999999_537e6f2f-d393-4cdf-a530-3255b9cc34c9\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T05:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 8)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"537e6f2f-d393-4cdf-a530-3255b9cc34c9\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"176.32.33.80,106.75.63.218\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T06:00:38.8618086Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507115999999999_b291073d-47ad-4563-b5be-d3cc4955e3db\",\r\n \"name\": \"2518507115999999999_b291073d-47ad-4563-b5be-d3cc4955e3db\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-03T05:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with scripting/generic HTTP client Matched Data: python-requests found within REQUEST_HEADERS:User-Agent: python-requests/2.6.0 CPython/2.7.5 Linux/3.10.0-957.1.3.el7.x86_64\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"b291073d-47ad-4563-b5be-d3cc4955e3db\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T06:00:38.8618086Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507115999999999_c9b1c4e8-589e-4c7e-945f-ef107e422d0e\",\r\n \"name\": \"2518507115999999999_c9b1c4e8-589e-4c7e-945f-ef107e422d0e\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T05:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"c9b1c4e8-589e-4c7e-945f-ef107e422d0e\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"3\",\r\n \"source IPs\": \"176.32.33.80,106.75.63.218\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T06:00:38.8618086Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507151999999999_395b050b-039c-42ac-84eb-93d3e7faea3e\",\r\n \"name\": \"2518507151999999999_395b050b-039c-42ac-84eb-93d3e7faea3e\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T04:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"395b050b-039c-42ac-84eb-93d3e7faea3e\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"82.227.32.4\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T05:00:24.7267003Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507151999999999_6db5bd58-9d70-42c8-b0c1-723f6cd5b8e7\",\r\n \"name\": \"2518507151999999999_6db5bd58-9d70-42c8-b0c1-723f6cd5b8e7\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T04:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 5)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"6db5bd58-9d70-42c8-b0c1-723f6cd5b8e7\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"82.227.32.4\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T05:00:24.2392146Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507223999999999_ee9ccd4a-9ffe-4674-93a3-8dce991f38ab\",\r\n \"name\": \"2518507223999999999_ee9ccd4a-9ffe-4674-93a3-8dce991f38ab\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T02:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"ee9ccd4a-9ffe-4674-93a3-8dce991f38ab\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"3\",\r\n \"source IPs\": \"46.201.249.7,91.192.33.145,95.133.40.164\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T03:00:56.5825657Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507295999999999_4fe4d5bf-6672-490d-b840-051c7f68b697\",\r\n \"name\": \"2518507295999999999_4fe4d5bf-6672-490d-b840-051c7f68b697\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T00:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 5)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"4fe4d5bf-6672-490d-b840-051c7f68b697\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"61.62.156.174\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T01:00:28.5948373Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507295999999999_863f36fb-20ad-45d2-9063-2a07be7f4d5f\",\r\n \"name\": \"2518507295999999999_863f36fb-20ad-45d2-9063-2a07be7f4d5f\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T00:00:00Z\",\r\n \"description\": \"Detail:Request Missing a Host Header\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"863f36fb-20ad-45d2-9063-2a07be7f4d5f\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"61.62.156.174\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T01:00:29.0871558Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507331999999999_3462bbf4-9200-4fdc-871c-01f2eb234c84\",\r\n \"name\": \"2518507331999999999_3462bbf4-9200-4fdc-871c-01f2eb234c84\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-02T23:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"3462bbf4-9200-4fdc-871c-01f2eb234c84\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"3\",\r\n \"source IPs\": \"179.110.96.144,95.85.11.140,185.219.135.195\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T00:00:16.354891Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507331999999999_99ba6c6b-501a-41df-a80a-d3c5fddff4e1\",\r\n \"name\": \"2518507331999999999_99ba6c6b-501a-41df-a80a-d3c5fddff4e1\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-02T23:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"99ba6c6b-501a-41df-a80a-d3c5fddff4e1\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"185.219.135.195\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T00:00:15.8819814Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507403999999999_7f0e0ee0-50f0-4f6d-87f6-3a386629e3ee\",\r\n \"name\": \"2518507403999999999_7f0e0ee0-50f0-4f6d-87f6-3a386629e3ee\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-02T21:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"7f0e0ee0-50f0-4f6d-87f6-3a386629e3ee\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"1.245.46.34,200.207.141.250\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-02T22:00:38.1461713Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507403999999999_b8d1e867-333f-4776-bfb1-23dc9d0f3883\",\r\n \"name\": \"2518507403999999999_b8d1e867-333f-4776-bfb1-23dc9d0f3883\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-02T21:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"b8d1e867-333f-4776-bfb1-23dc9d0f3883\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"42.51.32.9,200.207.141.250\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-02T22:00:38.6594318Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507439999999999_1b54ab81-5ca3-4ea0-a706-38112361afaa\",\r\n \"name\": \"2518507439999999999_1b54ab81-5ca3-4ea0-a706-38112361afaa\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-02T20:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with security scanner Matched Data: nmap scripting engine found within REQUEST_HEADERS:User-Agent: Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"bc09060f-3280-4734-a595-310679b63b8f.cloudapp.net\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"1b54ab81-5ca3-4ea0-a706-38112361afaa\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"16\",\r\n \"source IPs\": \"52.183.32.182\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-02T21:00:26.0576367Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507439999999999_3e947bdc-233d-4de1-8031-2038a4d74620\",\r\n \"name\": \"2518507439999999999_3e947bdc-233d-4de1-8031-2038a4d74620\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-02T20:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with security scanner Matched Data: nmap scripting engine found within REQUEST_HEADERS:User-Agent: Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"bc09060f-3280-4734-a595-310679b63b8f.cloudapp.net\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"3e947bdc-233d-4de1-8031-2038a4d74620\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"17\",\r\n \"source IPs\": \"52.183.32.182\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-02T21:00:26.0576367Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n }\r\n ],\r\n \"nextLink\": \"https://management.azure.com/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/providers/Microsoft.Security/alerts?api-version=2019-01-01&%24skiptoken=TY%2fLbqMwAEX%2fhcXsCDYBEkeqRmpqmKQFUmMbys482jjhNdhpIFX%2ffTLSLEa6u3N1ru6X0dWTfpHdWRmbLyPFCcWMxAdsbIyj1oPaWFYrOvFRt3WnF%2bJ2GetF2bcbx1la6lKocpSDln2nLGe9Kgpn7ZqFWwDTWcHaRCWoTAhWcOVB%2b33tIWsY%2b09Z1aOyQlmOverf9SKpy8so9WyJph61%2bikGaX7eK3frgw0gMgG854c6y4H257p7qOd9nGdHwAJ%2froIGiBRdEpu7u1MvwwSDeOvHJChvaQr3IUaYZyQXTT5QFl5D7HqknUIeTL8pq0iFIXulUcSDcKacPBcM4ZQy%2bbL9t9Gi5X%2fuZST9SDTcoYDwCrgey4YDDxSkkIwRQ0zc%2bIGfPmaaDWfxl9N9%2fHrze9pUzwJPjLUwFo0PUk6U4MNT%2bPQYccxA2pB9yNAv1uqI%2b0zv5FXSljuVT45v7dTQ1td5svOKjqtie5X8%2fj23OaABOr1lZChsR8anR2R8f%2f8B\"\r\n}",
+ "ResponseBody": "{\r\n \"value\": [\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Security/locations/westeurope/alerts/2518136982923187680_ef6aa4e6-9c60-4405-8f08-f465e8e50cd2\",\r\n \"name\": \"2518136982923187680_ef6aa4e6-9c60-4405-8f08-f465e8e50cd2\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft\",\r\n \"alertDisplayName\": \"Azure Security Center test alert (not a threat)\",\r\n \"alertName\": \"VM_EICAR\",\r\n \"detectedTimeUtc\": \"2020-05-04T14:28:27.6812319Z\",\r\n \"description\": \"This is a test alert generated by Azure Security Center. No further action is needed.\",\r\n \"remediationSteps\": \"No further action is needed.\",\r\n \"actionTaken\": \"Undefined\",\r\n \"reportedSeverity\": \"High\",\r\n \"compromisedEntity\": \"ALERTSTEST\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"ef6aa4e6-9c60-4405-8f08-f465e8e50cd2\",\r\n \"extendedProperties\": {\r\n \"compromised Host\": \"ALERTSTEST\",\r\n \"user Name\": \"WORKGROUP\\\\alertsTest$\",\r\n \"account Session Id\": \"0x3e7\",\r\n \"suspicious Process\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe\",\r\n \"suspicious Command Line\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"parent Process\": \"c:\\\\windows\\\\system32\\\\svchost.exe\",\r\n \"suspicious Process Id\": \"0x688\",\r\n \"arguments Auditing Enabled\": \"true\",\r\n \"enrichment_tas_threat__reports\": \"{\\\"Kind\\\":\\\"MultiLink\\\",\\\"DisplayValueToUrlDictionary\\\":{\\\"Report: EICAR File\\\":\\\"https://interflowwebportalext.trafficmanager.net/reports/DisplayReport?callerIdentity=ddd5443d-e6f4-441c-b52b-5278d2f21dfa&reportCreateDateTime=2020-05-04T09%3a13%3a05&reportName=MSTI-TS-EICAR-File.pdf&tenantId=387eb67f-0039-43ad-81b9-b66c6c0b1951&urlCreateDateTime=2020-05-04T09%3a13%3a05&token=aRLLv1q8UI%20eVn54OVy%20WbqcH7H9dSGDUOuWywymCrQ=\\\"}}\",\r\n \"resourceType\": \"Virtual Machine\"\r\n },\r\n \"state\": \"Dismissed\",\r\n \"reportedTimeUtc\": \"2020-05-04T14:29:05.5983077Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/mainws/providers/microsoft.operationalinsights/workspaces/securityuserws\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": [\r\n {\r\n \"$id\": \"westeurope_1\",\r\n \"dnsDomain\": \"\",\r\n \"ntDomain\": \"\",\r\n \"hostName\": \"ALERTSTEST\",\r\n \"netBiosName\": \"ALERTSTEST\",\r\n \"azureID\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"omsAgentID\": \"6bc4f1df-17e1-40f0-8227-f1635aea54dd\",\r\n \"osFamily\": \"Windows\",\r\n \"osVersion\": \"Windows\",\r\n \"isDomainJoined\": false,\r\n \"type\": \"host\"\r\n },\r\n {\r\n \"$id\": \"westeurope_2\",\r\n \"directory\": \"c:\\\\windows\\\\system32\",\r\n \"name\": \"svchost.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_3\",\r\n \"processId\": \"0x6ec\",\r\n \"commandLine\": \"\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_2\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_1\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_4\",\r\n \"name\": \"alertsTest$\",\r\n \"ntDomain\": \"WORKGROUP\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_1\"\r\n },\r\n \"sid\": \"S-1-5-18\",\r\n \"isDomainJoined\": true,\r\n \"type\": \"account\",\r\n \"LogonId\": \"0x3e7\"\r\n },\r\n {\r\n \"$id\": \"westeurope_5\",\r\n \"directory\": \"c:\\\\scripts\",\r\n \"name\": \"asc_alerttest_662jfi039n.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_6\",\r\n \"processId\": \"0x688\",\r\n \"commandLine\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"elevationToken\": \"Default\",\r\n \"creationTimeUtc\": \"2020-05-04T14:28:27.6812319Z\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_5\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_4\"\r\n },\r\n \"parentProcess\": {\r\n \"$ref\": \"westeurope_3\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_1\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_7\",\r\n \"sessionId\": \"0x3e7\",\r\n \"startTimeUtc\": \"2020-05-04T14:28:27.6812319Z\",\r\n \"endTimeUtc\": \"2020-05-04T14:28:27.6812319Z\",\r\n \"type\": \"host-logon-session\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_1\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_4\"\r\n }\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Security/locations/westeurope/alerts/2518137000923212703_d25bac04-7492-4ece-9d75-7a377d74d833\",\r\n \"name\": \"2518137000923212703_d25bac04-7492-4ece-9d75-7a377d74d833\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft\",\r\n \"alertDisplayName\": \"Azure Security Center test alert (not a threat)\",\r\n \"alertName\": \"VM_EICAR\",\r\n \"detectedTimeUtc\": \"2020-05-04T13:58:27.6787296Z\",\r\n \"description\": \"This is a test alert generated by Azure Security Center. No further action is needed.\",\r\n \"remediationSteps\": \"No further action is needed.\",\r\n \"actionTaken\": \"Undefined\",\r\n \"reportedSeverity\": \"High\",\r\n \"compromisedEntity\": \"ALERTSTEST\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"d25bac04-7492-4ece-9d75-7a377d74d833\",\r\n \"extendedProperties\": {\r\n \"compromised Host\": \"ALERTSTEST\",\r\n \"user Name\": \"WORKGROUP\\\\alertsTest$\",\r\n \"account Session Id\": \"0x3e7\",\r\n \"suspicious Process\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe\",\r\n \"suspicious Command Line\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"parent Process\": \"c:\\\\windows\\\\system32\\\\svchost.exe\",\r\n \"suspicious Process Id\": \"0x1c7c\",\r\n \"arguments Auditing Enabled\": \"true\",\r\n \"enrichment_tas_threat__reports\": \"{\\\"Kind\\\":\\\"MultiLink\\\",\\\"DisplayValueToUrlDictionary\\\":{\\\"Report: EICAR File\\\":\\\"https://interflowwebportalext.trafficmanager.net/reports/DisplayReport?callerIdentity=ddd5443d-e6f4-441c-b52b-5278d2f21dfa&reportCreateDateTime=2020-05-04T09%3a13%3a05&reportName=MSTI-TS-EICAR-File.pdf&tenantId=387eb67f-0039-43ad-81b9-b66c6c0b1951&urlCreateDateTime=2020-05-04T09%3a13%3a05&token=aRLLv1q8UI%20eVn54OVy%20WbqcH7H9dSGDUOuWywymCrQ=\\\"}}\",\r\n \"resourceType\": \"Virtual Machine\"\r\n },\r\n \"state\": \"Dismissed\",\r\n \"reportedTimeUtc\": \"2020-05-04T13:58:34.2198556Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/mainws/providers/microsoft.operationalinsights/workspaces/securityuserws\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": [\r\n {\r\n \"$id\": \"westeurope_8\",\r\n \"dnsDomain\": \"\",\r\n \"ntDomain\": \"\",\r\n \"hostName\": \"ALERTSTEST\",\r\n \"netBiosName\": \"ALERTSTEST\",\r\n \"azureID\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"omsAgentID\": \"6bc4f1df-17e1-40f0-8227-f1635aea54dd\",\r\n \"osFamily\": \"Windows\",\r\n \"osVersion\": \"Windows\",\r\n \"isDomainJoined\": false,\r\n \"type\": \"host\"\r\n },\r\n {\r\n \"$id\": \"westeurope_9\",\r\n \"directory\": \"c:\\\\windows\\\\system32\",\r\n \"name\": \"svchost.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_10\",\r\n \"processId\": \"0x6ec\",\r\n \"commandLine\": \"\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_9\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_8\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_11\",\r\n \"name\": \"alertsTest$\",\r\n \"ntDomain\": \"WORKGROUP\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_8\"\r\n },\r\n \"sid\": \"S-1-5-18\",\r\n \"isDomainJoined\": true,\r\n \"type\": \"account\",\r\n \"LogonId\": \"0x3e7\"\r\n },\r\n {\r\n \"$id\": \"westeurope_12\",\r\n \"directory\": \"c:\\\\scripts\",\r\n \"name\": \"asc_alerttest_662jfi039n.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_13\",\r\n \"processId\": \"0x1c7c\",\r\n \"commandLine\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"elevationToken\": \"Default\",\r\n \"creationTimeUtc\": \"2020-05-04T13:58:27.6787296Z\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_12\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_11\"\r\n },\r\n \"parentProcess\": {\r\n \"$ref\": \"westeurope_10\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_8\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_14\",\r\n \"sessionId\": \"0x3e7\",\r\n \"startTimeUtc\": \"2020-05-04T13:58:27.6787296Z\",\r\n \"endTimeUtc\": \"2020-05-04T13:58:27.6787296Z\",\r\n \"type\": \"host-logon-session\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_8\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_11\"\r\n }\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Security/locations/westeurope/alerts/2518137018913138372_93d99441-2eff-436e-ab25-0307b3484bb4\",\r\n \"name\": \"2518137018913138372_93d99441-2eff-436e-ab25-0307b3484bb4\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft\",\r\n \"alertDisplayName\": \"Azure Security Center test alert (not a threat)\",\r\n \"alertName\": \"VM_EICAR\",\r\n \"detectedTimeUtc\": \"2020-05-04T13:28:28.6861627Z\",\r\n \"description\": \"This is a test alert generated by Azure Security Center. No further action is needed.\",\r\n \"remediationSteps\": \"No further action is needed.\",\r\n \"actionTaken\": \"Undefined\",\r\n \"reportedSeverity\": \"High\",\r\n \"compromisedEntity\": \"ALERTSTEST\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"93d99441-2eff-436e-ab25-0307b3484bb4\",\r\n \"extendedProperties\": {\r\n \"compromised Host\": \"ALERTSTEST\",\r\n \"user Name\": \"WORKGROUP\\\\alertsTest$\",\r\n \"account Session Id\": \"0x3e7\",\r\n \"suspicious Process\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe\",\r\n \"suspicious Command Line\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"parent Process\": \"c:\\\\windows\\\\system32\\\\svchost.exe\",\r\n \"suspicious Process Id\": \"0x122c\",\r\n \"arguments Auditing Enabled\": \"true\",\r\n \"enrichment_tas_threat__reports\": \"{\\\"Kind\\\":\\\"MultiLink\\\",\\\"DisplayValueToUrlDictionary\\\":{\\\"Report: EICAR File\\\":\\\"https://interflowwebportalext.trafficmanager.net/reports/DisplayReport?callerIdentity=ddd5443d-e6f4-441c-b52b-5278d2f21dfa&reportCreateDateTime=2020-05-04T08%3a32%3a57&reportName=MSTI-TS-EICAR-File.pdf&tenantId=1c68e967-70a6-4cda-a34b-6d281cffe06e&urlCreateDateTime=2020-05-04T08%3a32%3a57&token=s7wyF62JLdEde8/SccnrGqIJxUOajFUpTETdhi3lCyY=\\\"}}\",\r\n \"resourceType\": \"Virtual Machine\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2020-05-04T13:28:59.9528247Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/mainws/providers/microsoft.operationalinsights/workspaces/securityuserws\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": [\r\n {\r\n \"$id\": \"westeurope_15\",\r\n \"dnsDomain\": \"\",\r\n \"ntDomain\": \"\",\r\n \"hostName\": \"ALERTSTEST\",\r\n \"netBiosName\": \"ALERTSTEST\",\r\n \"azureID\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"omsAgentID\": \"6bc4f1df-17e1-40f0-8227-f1635aea54dd\",\r\n \"osFamily\": \"Windows\",\r\n \"osVersion\": \"Windows\",\r\n \"isDomainJoined\": false,\r\n \"type\": \"host\"\r\n },\r\n {\r\n \"$id\": \"westeurope_16\",\r\n \"directory\": \"c:\\\\windows\\\\system32\",\r\n \"name\": \"svchost.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_17\",\r\n \"processId\": \"0x6ec\",\r\n \"commandLine\": \"\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_16\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_15\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_18\",\r\n \"name\": \"alertsTest$\",\r\n \"ntDomain\": \"WORKGROUP\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_15\"\r\n },\r\n \"sid\": \"S-1-5-18\",\r\n \"isDomainJoined\": true,\r\n \"type\": \"account\",\r\n \"LogonId\": \"0x3e7\"\r\n },\r\n {\r\n \"$id\": \"westeurope_19\",\r\n \"directory\": \"c:\\\\scripts\",\r\n \"name\": \"asc_alerttest_662jfi039n.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_20\",\r\n \"processId\": \"0x122c\",\r\n \"commandLine\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"elevationToken\": \"Default\",\r\n \"creationTimeUtc\": \"2020-05-04T13:28:28.6861627Z\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_19\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_18\"\r\n },\r\n \"parentProcess\": {\r\n \"$ref\": \"westeurope_17\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_15\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_21\",\r\n \"sessionId\": \"0x3e7\",\r\n \"startTimeUtc\": \"2020-05-04T13:28:28.6861627Z\",\r\n \"endTimeUtc\": \"2020-05-04T13:28:28.6861627Z\",\r\n \"type\": \"host-logon-session\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_15\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_18\"\r\n }\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Security/locations/westeurope/alerts/2518137035665338254_a345cb85-18aa-4d14-9293-e4d2ba15cb9d\",\r\n \"name\": \"2518137035665338254_a345cb85-18aa-4d14-9293-e4d2ba15cb9d\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft\",\r\n \"alertDisplayName\": \"Azure Security Center test alert (not a threat)\",\r\n \"alertName\": \"VM_EICAR\",\r\n \"detectedTimeUtc\": \"2020-05-04T13:00:33.4661745Z\",\r\n \"description\": \"This is a test alert generated by Azure Security Center. No further action is needed.\",\r\n \"remediationSteps\": \"No further action is needed.\",\r\n \"actionTaken\": \"Undefined\",\r\n \"reportedSeverity\": \"High\",\r\n \"compromisedEntity\": \"ALERTSTEST\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"a345cb85-18aa-4d14-9293-e4d2ba15cb9d\",\r\n \"extendedProperties\": {\r\n \"compromised Host\": \"ALERTSTEST\",\r\n \"user Name\": \"WORKGROUP\\\\alertsTest$\",\r\n \"account Session Id\": \"0x3e7\",\r\n \"suspicious Process\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe\",\r\n \"suspicious Command Line\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"parent Process\": \"c:\\\\windows\\\\system32\\\\svchost.exe\",\r\n \"suspicious Process Id\": \"0xe38\",\r\n \"arguments Auditing Enabled\": \"true\",\r\n \"enrichment_tas_threat__reports\": \"{\\\"Kind\\\":\\\"MultiLink\\\",\\\"DisplayValueToUrlDictionary\\\":{\\\"Report: EICAR File\\\":\\\"https://interflowwebportalext.trafficmanager.net/reports/DisplayReport?callerIdentity=ddd5443d-e6f4-441c-b52b-5278d2f21dfa&reportCreateDateTime=2020-05-04T09%3a13%3a05&reportName=MSTI-TS-EICAR-File.pdf&tenantId=387eb67f-0039-43ad-81b9-b66c6c0b1951&urlCreateDateTime=2020-05-04T09%3a13%3a05&token=aRLLv1q8UI%20eVn54OVy%20WbqcH7H9dSGDUOuWywymCrQ=\\\"}}\",\r\n \"resourceType\": \"Virtual Machine\"\r\n },\r\n \"state\": \"Dismissed\",\r\n \"reportedTimeUtc\": \"2020-05-04T13:00:37.889087Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/mainws/providers/microsoft.operationalinsights/workspaces/securityuserws\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": [\r\n {\r\n \"$id\": \"westeurope_22\",\r\n \"dnsDomain\": \"\",\r\n \"ntDomain\": \"\",\r\n \"hostName\": \"ALERTSTEST\",\r\n \"netBiosName\": \"ALERTSTEST\",\r\n \"azureID\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"omsAgentID\": \"6bc4f1df-17e1-40f0-8227-f1635aea54dd\",\r\n \"osFamily\": \"Windows\",\r\n \"osVersion\": \"Windows\",\r\n \"isDomainJoined\": false,\r\n \"type\": \"host\"\r\n },\r\n {\r\n \"$id\": \"westeurope_23\",\r\n \"directory\": \"c:\\\\windows\\\\system32\",\r\n \"name\": \"svchost.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_24\",\r\n \"processId\": \"0x6ec\",\r\n \"commandLine\": \"\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_23\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_22\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_25\",\r\n \"name\": \"alertsTest$\",\r\n \"ntDomain\": \"WORKGROUP\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_22\"\r\n },\r\n \"sid\": \"S-1-5-18\",\r\n \"isDomainJoined\": true,\r\n \"type\": \"account\",\r\n \"LogonId\": \"0x3e7\"\r\n },\r\n {\r\n \"$id\": \"westeurope_26\",\r\n \"directory\": \"c:\\\\scripts\",\r\n \"name\": \"asc_alerttest_662jfi039n.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_27\",\r\n \"processId\": \"0xe38\",\r\n \"commandLine\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"elevationToken\": \"Default\",\r\n \"creationTimeUtc\": \"2020-05-04T13:00:33.4661745Z\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_26\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_25\"\r\n },\r\n \"parentProcess\": {\r\n \"$ref\": \"westeurope_24\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_22\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_28\",\r\n \"sessionId\": \"0x3e7\",\r\n \"startTimeUtc\": \"2020-05-04T13:00:33.4661745Z\",\r\n \"endTimeUtc\": \"2020-05-04T13:00:33.4661745Z\",\r\n \"type\": \"host-logon-session\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_22\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_25\"\r\n }\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Security/locations/westeurope/alerts/2518137036458453383_d763b77f-129c-4e95-af39-5c4b4c411b5b\",\r\n \"name\": \"2518137036458453383_d763b77f-129c-4e95-af39-5c4b4c411b5b\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft\",\r\n \"alertDisplayName\": \"Azure Security Center test alert (not a threat)\",\r\n \"alertName\": \"VM_EICAR\",\r\n \"detectedTimeUtc\": \"2020-05-04T12:59:14.1546616Z\",\r\n \"description\": \"This is a test alert generated by Azure Security Center. No further action is needed.\",\r\n \"remediationSteps\": \"No further action is needed.\",\r\n \"actionTaken\": \"Undefined\",\r\n \"reportedSeverity\": \"High\",\r\n \"compromisedEntity\": \"ALERTSTEST\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"d763b77f-129c-4e95-af39-5c4b4c411b5b\",\r\n \"extendedProperties\": {\r\n \"compromised Host\": \"ALERTSTEST\",\r\n \"user Name\": \"WORKGROUP\\\\alertsTest$\",\r\n \"account Session Id\": \"0x3e7\",\r\n \"suspicious Process\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe\",\r\n \"suspicious Command Line\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"parent Process\": \"c:\\\\windows\\\\system32\\\\svchost.exe\",\r\n \"suspicious Process Id\": \"0xe7c\",\r\n \"arguments Auditing Enabled\": \"true\",\r\n \"enrichment_tas_threat__reports\": \"{\\\"Kind\\\":\\\"MultiLink\\\",\\\"DisplayValueToUrlDictionary\\\":{\\\"Report: EICAR File\\\":\\\"https://interflowwebportalext.trafficmanager.net/reports/DisplayReport?callerIdentity=ddd5443d-e6f4-441c-b52b-5278d2f21dfa&reportCreateDateTime=2020-05-04T08%3a32%3a57&reportName=MSTI-TS-EICAR-File.pdf&tenantId=1c68e967-70a6-4cda-a34b-6d281cffe06e&urlCreateDateTime=2020-05-04T08%3a32%3a57&token=s7wyF62JLdEde8/SccnrGqIJxUOajFUpTETdhi3lCyY=\\\"}}\",\r\n \"resourceType\": \"Virtual Machine\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2020-05-04T12:59:35.6273663Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/mainws/providers/microsoft.operationalinsights/workspaces/securityuserws\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": [\r\n {\r\n \"$id\": \"westeurope_29\",\r\n \"dnsDomain\": \"\",\r\n \"ntDomain\": \"\",\r\n \"hostName\": \"ALERTSTEST\",\r\n \"netBiosName\": \"ALERTSTEST\",\r\n \"azureID\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"omsAgentID\": \"6bc4f1df-17e1-40f0-8227-f1635aea54dd\",\r\n \"osFamily\": \"Windows\",\r\n \"osVersion\": \"Windows\",\r\n \"isDomainJoined\": false,\r\n \"type\": \"host\"\r\n },\r\n {\r\n \"$id\": \"westeurope_30\",\r\n \"directory\": \"c:\\\\windows\\\\system32\",\r\n \"name\": \"svchost.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_31\",\r\n \"processId\": \"0x6ec\",\r\n \"commandLine\": \"\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_30\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_29\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_32\",\r\n \"name\": \"alertsTest$\",\r\n \"ntDomain\": \"WORKGROUP\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_29\"\r\n },\r\n \"sid\": \"S-1-5-18\",\r\n \"isDomainJoined\": true,\r\n \"type\": \"account\",\r\n \"LogonId\": \"0x3e7\"\r\n },\r\n {\r\n \"$id\": \"westeurope_33\",\r\n \"directory\": \"c:\\\\scripts\",\r\n \"name\": \"asc_alerttest_662jfi039n.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_34\",\r\n \"processId\": \"0xe7c\",\r\n \"commandLine\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"elevationToken\": \"Default\",\r\n \"creationTimeUtc\": \"2020-05-04T12:59:14.1546616Z\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_33\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_32\"\r\n },\r\n \"parentProcess\": {\r\n \"$ref\": \"westeurope_31\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_29\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_35\",\r\n \"sessionId\": \"0x3e7\",\r\n \"startTimeUtc\": \"2020-05-04T12:59:14.1546616Z\",\r\n \"endTimeUtc\": \"2020-05-04T12:59:14.1546616Z\",\r\n \"type\": \"host-logon-session\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_29\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_32\"\r\n }\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Security/locations/westeurope/alerts/2518137036914144805_a3d0999b-cdfc-41d9-9d28-ee1335f03081\",\r\n \"name\": \"2518137036914144805_a3d0999b-cdfc-41d9-9d28-ee1335f03081\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft\",\r\n \"alertDisplayName\": \"Azure Security Center test alert (not a threat)\",\r\n \"alertName\": \"VM_EICAR\",\r\n \"detectedTimeUtc\": \"2020-05-04T12:58:28.5855194Z\",\r\n \"description\": \"This is a test alert generated by Azure Security Center. No further action is needed.\",\r\n \"remediationSteps\": \"No further action is needed.\",\r\n \"actionTaken\": \"Undefined\",\r\n \"reportedSeverity\": \"High\",\r\n \"compromisedEntity\": \"ALERTSTEST\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"a3d0999b-cdfc-41d9-9d28-ee1335f03081\",\r\n \"extendedProperties\": {\r\n \"compromised Host\": \"ALERTSTEST\",\r\n \"user Name\": \"WORKGROUP\\\\alertsTest$\",\r\n \"account Session Id\": \"0x3e7\",\r\n \"suspicious Process\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe\",\r\n \"suspicious Command Line\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"parent Process\": \"c:\\\\windows\\\\system32\\\\svchost.exe\",\r\n \"suspicious Process Id\": \"0xfac\",\r\n \"arguments Auditing Enabled\": \"true\",\r\n \"enrichment_tas_threat__reports\": \"{\\\"Kind\\\":\\\"MultiLink\\\",\\\"DisplayValueToUrlDictionary\\\":{\\\"Report: EICAR File\\\":\\\"https://interflowwebportalext.trafficmanager.net/reports/DisplayReport?callerIdentity=ddd5443d-e6f4-441c-b52b-5278d2f21dfa&reportCreateDateTime=2020-05-04T09%3a23%3a00&reportName=MSTI-TS-EICAR-File.pdf&tenantId=b11492db-77a6-4ec0-9ff7-17b6ba420e1e&urlCreateDateTime=2020-05-04T09%3a23%3a00&token=XhSuWhrbEKAk2sXS1TcK0SVTLOehFDirzLCUSUoWPL4=\\\"}}\",\r\n \"resourceType\": \"Virtual Machine\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2020-05-04T12:58:46.4927078Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/mainws/providers/microsoft.operationalinsights/workspaces/securityuserws\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": [\r\n {\r\n \"$id\": \"westeurope_36\",\r\n \"dnsDomain\": \"\",\r\n \"ntDomain\": \"\",\r\n \"hostName\": \"ALERTSTEST\",\r\n \"netBiosName\": \"ALERTSTEST\",\r\n \"azureID\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"omsAgentID\": \"6bc4f1df-17e1-40f0-8227-f1635aea54dd\",\r\n \"osFamily\": \"Windows\",\r\n \"osVersion\": \"Windows\",\r\n \"isDomainJoined\": false,\r\n \"type\": \"host\"\r\n },\r\n {\r\n \"$id\": \"westeurope_37\",\r\n \"directory\": \"c:\\\\windows\\\\system32\",\r\n \"name\": \"svchost.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_38\",\r\n \"processId\": \"0x6ec\",\r\n \"commandLine\": \"\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_37\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_36\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_39\",\r\n \"name\": \"alertsTest$\",\r\n \"ntDomain\": \"WORKGROUP\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_36\"\r\n },\r\n \"sid\": \"S-1-5-18\",\r\n \"isDomainJoined\": true,\r\n \"type\": \"account\",\r\n \"LogonId\": \"0x3e7\"\r\n },\r\n {\r\n \"$id\": \"westeurope_40\",\r\n \"directory\": \"c:\\\\scripts\",\r\n \"name\": \"asc_alerttest_662jfi039n.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_41\",\r\n \"processId\": \"0xfac\",\r\n \"commandLine\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"elevationToken\": \"Default\",\r\n \"creationTimeUtc\": \"2020-05-04T12:58:28.5855194Z\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_40\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_39\"\r\n },\r\n \"parentProcess\": {\r\n \"$ref\": \"westeurope_38\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_36\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_42\",\r\n \"sessionId\": \"0x3e7\",\r\n \"startTimeUtc\": \"2020-05-04T12:58:28.5855194Z\",\r\n \"endTimeUtc\": \"2020-05-04T12:58:28.5855194Z\",\r\n \"type\": \"host-logon-session\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_36\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_39\"\r\n }\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Security/locations/westeurope/alerts/2518137037321194617_adafe5f0-ade9-47b4-86f3-3155038827f6\",\r\n \"name\": \"2518137037321194617_adafe5f0-ade9-47b4-86f3-3155038827f6\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft\",\r\n \"alertDisplayName\": \"Azure Security Center test alert (not a threat)\",\r\n \"alertName\": \"VM_EICAR\",\r\n \"detectedTimeUtc\": \"2020-05-04T12:57:47.8805382Z\",\r\n \"description\": \"This is a test alert generated by Azure Security Center. No further action is needed.\",\r\n \"remediationSteps\": \"No further action is needed.\",\r\n \"actionTaken\": \"Undefined\",\r\n \"reportedSeverity\": \"High\",\r\n \"compromisedEntity\": \"ALERTSTEST\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"adafe5f0-ade9-47b4-86f3-3155038827f6\",\r\n \"extendedProperties\": {\r\n \"compromised Host\": \"ALERTSTEST\",\r\n \"user Name\": \"WORKGROUP\\\\alertsTest$\",\r\n \"account Session Id\": \"0x3e7\",\r\n \"suspicious Process\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe\",\r\n \"suspicious Command Line\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"parent Process\": \"c:\\\\windows\\\\system32\\\\svchost.exe\",\r\n \"suspicious Process Id\": \"0x1d50\",\r\n \"arguments Auditing Enabled\": \"true\",\r\n \"enrichment_tas_threat__reports\": \"{\\\"Kind\\\":\\\"MultiLink\\\",\\\"DisplayValueToUrlDictionary\\\":{\\\"Report: EICAR File\\\":\\\"https://interflowwebportalext.trafficmanager.net/reports/DisplayReport?callerIdentity=ddd5443d-e6f4-441c-b52b-5278d2f21dfa&reportCreateDateTime=2020-05-04T08%3a32%3a57&reportName=MSTI-TS-EICAR-File.pdf&tenantId=1c68e967-70a6-4cda-a34b-6d281cffe06e&urlCreateDateTime=2020-05-04T08%3a32%3a57&token=s7wyF62JLdEde8/SccnrGqIJxUOajFUpTETdhi3lCyY=\\\"}}\",\r\n \"resourceType\": \"Virtual Machine\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2020-05-04T12:57:53.7990186Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/mainws/providers/microsoft.operationalinsights/workspaces/securityuserws\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": [\r\n {\r\n \"$id\": \"westeurope_43\",\r\n \"dnsDomain\": \"\",\r\n \"ntDomain\": \"\",\r\n \"hostName\": \"ALERTSTEST\",\r\n \"netBiosName\": \"ALERTSTEST\",\r\n \"azureID\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"omsAgentID\": \"6bc4f1df-17e1-40f0-8227-f1635aea54dd\",\r\n \"osFamily\": \"Windows\",\r\n \"osVersion\": \"Windows\",\r\n \"isDomainJoined\": false,\r\n \"type\": \"host\"\r\n },\r\n {\r\n \"$id\": \"westeurope_44\",\r\n \"directory\": \"c:\\\\windows\\\\system32\",\r\n \"name\": \"svchost.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_45\",\r\n \"processId\": \"0x6ec\",\r\n \"commandLine\": \"\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_44\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_43\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_46\",\r\n \"name\": \"alertsTest$\",\r\n \"ntDomain\": \"WORKGROUP\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_43\"\r\n },\r\n \"sid\": \"S-1-5-18\",\r\n \"isDomainJoined\": true,\r\n \"type\": \"account\",\r\n \"LogonId\": \"0x3e7\"\r\n },\r\n {\r\n \"$id\": \"westeurope_47\",\r\n \"directory\": \"c:\\\\scripts\",\r\n \"name\": \"asc_alerttest_662jfi039n.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_48\",\r\n \"processId\": \"0x1d50\",\r\n \"commandLine\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"elevationToken\": \"Default\",\r\n \"creationTimeUtc\": \"2020-05-04T12:57:47.8805382Z\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_47\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_46\"\r\n },\r\n \"parentProcess\": {\r\n \"$ref\": \"westeurope_45\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_43\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_49\",\r\n \"sessionId\": \"0x3e7\",\r\n \"startTimeUtc\": \"2020-05-04T12:57:47.8805382Z\",\r\n \"endTimeUtc\": \"2020-05-04T12:57:47.8805382Z\",\r\n \"type\": \"host-logon-session\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_43\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_46\"\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n}",
"StatusCode": 200
},
{
- "RequestUri": "/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/rg/providers/Microsoft.Security/locations/centralus/alerts/2518532788749999999_66276b36-db2a-4b2c-84ad-9676fe753a01?api-version=2019-01-01",
- "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvNDg3YmI0ODUtYjViMC00NzFlLTljMGQtMTA3MTc2MTJmODY5L3Jlc291cmNlR3JvdXBzL3JnL3Byb3ZpZGVycy9NaWNyb3NvZnQuU2VjdXJpdHkvbG9jYXRpb25zL2NlbnRyYWx1cy9hbGVydHMvMjUxODUzMjc4ODc0OTk5OTk5OV82NjI3NmIzNi1kYjJhLTRiMmMtODRhZC05Njc2ZmU3NTNhMDE/YXBpLXZlcnNpb249MjAxOS0wMS0wMQ==",
+ "RequestUri": "/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Security/locations/westeurope/alerts/2518136982923187680_ef6aa4e6-9c60-4405-8f08-f465e8e50cd2?api-version=2019-01-01",
+ "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvNDg3YmI0ODUtYjViMC00NzFlLTljMGQtMTA3MTc2MTJmODY5L3Jlc291cmNlR3JvdXBzL3Rha2xlaS9wcm92aWRlcnMvTWljcm9zb2Z0LlNlY3VyaXR5L2xvY2F0aW9ucy93ZXN0ZXVyb3BlL2FsZXJ0cy8yNTE4MTM2OTgyOTIzMTg3NjgwX2VmNmFhNGU2LTljNjAtNDQwNS04ZjA4LWY0NjVlOGU1MGNkMj9hcGktdmVyc2lvbj0yMDE5LTAxLTAx",
"RequestMethod": "GET",
"RequestBody": "",
"RequestHeaders": {
"x-ms-client-request-id": [
- "dcd6cce1-f242-41d7-8817-f4c9c700f83b"
+ "84bad27c-006b-4d6e-b0dd-5a76d6c6d377"
],
"accept-language": [
"en-US"
@@ -79,8 +79,8 @@
"User-Agent": [
"FxVersion/4.6.26614.01",
"OSName/Windows",
- "OSVersion/Microsoft.Windows.10.0.17763.",
- "Microsoft.Azure.Management.Security.SecurityCenterClient/0.11.0.0"
+ "OSVersion/Microsoft.Windows.10.0.18363.",
+ "Microsoft.Azure.Management.Security.SecurityCenterClient/1.1.3.0"
]
},
"ResponseHeaders": {
@@ -88,7 +88,7 @@
"no-cache"
],
"Date": [
- "Mon, 04 Mar 2019 16:02:07 GMT"
+ "Mon, 04 May 2020 14:43:09 GMT"
],
"Pragma": [
"no-cache"
@@ -100,22 +100,22 @@
"max-age=31536000; includeSubDomains"
],
"x-ms-request-id": [
- "7ae9f3a0-54c1-4ca5-8c3e-a8b234f519e7"
+ "948235d7-180a-47b4-81d1-2c51cd2a0577"
],
"x-ms-ratelimit-remaining-subscription-resource-requests": [
- "749"
+ "748"
],
"x-ms-correlation-request-id": [
- "9307ae8a-477e-4747-a685-2385399816ca"
+ "bfbdf92d-aaf5-4056-a5ec-517cbd7d15fb"
],
"x-ms-routing-request-id": [
- "UKWEST:20190304T160207Z:9307ae8a-477e-4747-a685-2385399816ca"
+ "GERMANYWESTCENTRAL:20200504T144309Z:bfbdf92d-aaf5-4056-a5ec-517cbd7d15fb"
],
"X-Content-Type-Options": [
"nosniff"
],
"Content-Length": [
- "1918"
+ "3651"
],
"Content-Type": [
"application/json; charset=utf-8"
@@ -124,12 +124,10 @@
"-1"
]
},
- "ResponseBody": "{\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/rg/providers/Microsoft.Security/locations/centralus/alerts/2518532788749999999_66276b36-db2a-4b2c-84ad-9676fe753a01\",\r\n \"name\": \"2518532788749999999_66276b36-db2a-4b2c-84ad-9676fe753a01\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft\",\r\n \"alertDisplayName\": \"Web fingerprinting detected\",\r\n \"alertName\": \"APPS_Nmap\",\r\n \"detectedTimeUtc\": \"2019-03-03T17:40:43Z\",\r\n \"description\": \"Azure App Service activity log indicates a possible web fingerprinting activity on your App Service resource.The suspicious activity detected is associated with NMAP. Attackers often use this tool for probing the web application to find vulnerabilities.\",\r\n \"remediationSteps\": \"If only specific IP addresses should be allowed to access the web app, set IP restrictions (https://docs.microsoft.com/azure/app-service/app-service-ip-restrictions) for it.\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"High\",\r\n \"compromisedEntity\": \"sitename\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/rg/providers/Microsoft.Web/sites/sitename\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"b3d77198-6f95-40ed-9675-10001c2e93cc\",\r\n \"extendedProperties\": {\r\n \"last Event Time\": \"2/11/2019 5:40:46 PM\",\r\n \"sample URIs\": \"/sdk, /, /.git/HEAD, /favicon.ico, /evox/about, /robots.txt, /nmaplowercheck1549906843, /HNAP1\",\r\n \"sample User Agents\": \"Mozilla/5.0+(compatible;+Nmap+Scripting+Engine;+https://nmap.org/book/nse.html)\",\r\n \"sample Referer\": \"-\",\r\n \"resourceType\": \"App Service\"\r\n },\r\n \"state\": \"Dismissed\",\r\n \"reportedTimeUtc\": \"2019-03-03T20:41:03.846Z\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": [\r\n {\r\n \"$id\": \"centralus_1\",\r\n \"hostName\": \"sitename\",\r\n \"azureID\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/rg/providers/Microsoft.Web/sites/sitename\",\r\n \"type\": \"host\"\r\n }\r\n ]\r\n }\r\n}",
+ "ResponseBody": "{\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Security/locations/westeurope/alerts/2518136982923187680_ef6aa4e6-9c60-4405-8f08-f465e8e50cd2\",\r\n \"name\": \"2518136982923187680_ef6aa4e6-9c60-4405-8f08-f465e8e50cd2\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft\",\r\n \"alertDisplayName\": \"Azure Security Center test alert (not a threat)\",\r\n \"alertName\": \"VM_EICAR\",\r\n \"detectedTimeUtc\": \"2020-05-04T14:28:27.6812319Z\",\r\n \"description\": \"This is a test alert generated by Azure Security Center. No further action is needed.\",\r\n \"remediationSteps\": \"No further action is needed.\",\r\n \"actionTaken\": \"Undefined\",\r\n \"reportedSeverity\": \"High\",\r\n \"compromisedEntity\": \"ALERTSTEST\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"ef6aa4e6-9c60-4405-8f08-f465e8e50cd2\",\r\n \"extendedProperties\": {\r\n \"compromised Host\": \"ALERTSTEST\",\r\n \"user Name\": \"WORKGROUP\\\\alertsTest$\",\r\n \"account Session Id\": \"0x3e7\",\r\n \"suspicious Process\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe\",\r\n \"suspicious Command Line\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"parent Process\": \"c:\\\\windows\\\\system32\\\\svchost.exe\",\r\n \"suspicious Process Id\": \"0x688\",\r\n \"arguments Auditing Enabled\": \"true\",\r\n \"enrichment_tas_threat__reports\": \"{\\\"Kind\\\":\\\"MultiLink\\\",\\\"DisplayValueToUrlDictionary\\\":{\\\"Report: EICAR File\\\":\\\"https://interflowwebportalext.trafficmanager.net/reports/DisplayReport?callerIdentity=ddd5443d-e6f4-441c-b52b-5278d2f21dfa&reportCreateDateTime=2020-05-04T09%3a13%3a05&reportName=MSTI-TS-EICAR-File.pdf&tenantId=387eb67f-0039-43ad-81b9-b66c6c0b1951&urlCreateDateTime=2020-05-04T09%3a13%3a05&token=aRLLv1q8UI%20eVn54OVy%20WbqcH7H9dSGDUOuWywymCrQ=\\\"}}\",\r\n \"resourceType\": \"Virtual Machine\"\r\n },\r\n \"state\": \"Dismissed\",\r\n \"reportedTimeUtc\": \"2020-05-04T14:29:05.5983077Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/mainws/providers/microsoft.operationalinsights/workspaces/securityuserws\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": [\r\n {\r\n \"$id\": \"westeurope_1\",\r\n \"dnsDomain\": \"\",\r\n \"ntDomain\": \"\",\r\n \"hostName\": \"ALERTSTEST\",\r\n \"netBiosName\": \"ALERTSTEST\",\r\n \"azureID\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"omsAgentID\": \"6bc4f1df-17e1-40f0-8227-f1635aea54dd\",\r\n \"osFamily\": \"Windows\",\r\n \"osVersion\": \"Windows\",\r\n \"isDomainJoined\": false,\r\n \"type\": \"host\"\r\n },\r\n {\r\n \"$id\": \"westeurope_2\",\r\n \"directory\": \"c:\\\\windows\\\\system32\",\r\n \"name\": \"svchost.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_3\",\r\n \"processId\": \"0x6ec\",\r\n \"commandLine\": \"\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_2\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_1\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_4\",\r\n \"name\": \"alertsTest$\",\r\n \"ntDomain\": \"WORKGROUP\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_1\"\r\n },\r\n \"sid\": \"S-1-5-18\",\r\n \"isDomainJoined\": true,\r\n \"type\": \"account\",\r\n \"LogonId\": \"0x3e7\"\r\n },\r\n {\r\n \"$id\": \"westeurope_5\",\r\n \"directory\": \"c:\\\\scripts\",\r\n \"name\": \"asc_alerttest_662jfi039n.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_6\",\r\n \"processId\": \"0x688\",\r\n \"commandLine\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"elevationToken\": \"Default\",\r\n \"creationTimeUtc\": \"2020-05-04T14:28:27.6812319Z\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_5\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_4\"\r\n },\r\n \"parentProcess\": {\r\n \"$ref\": \"westeurope_3\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_1\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_7\",\r\n \"sessionId\": \"0x3e7\",\r\n \"startTimeUtc\": \"2020-05-04T14:28:27.6812319Z\",\r\n \"endTimeUtc\": \"2020-05-04T14:28:27.6812319Z\",\r\n \"type\": \"host-logon-session\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_1\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_4\"\r\n }\r\n }\r\n ]\r\n }\r\n}",
"StatusCode": 200
}
],
"Names": {},
- "Variables": {
- "SubscriptionId": "487bb485-b5b0-471e-9c0d-10717612f869"
- }
+ "Variables": {}
}
\ No newline at end of file
diff --git a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/SecurityAlertsTests/SecurityAlerts_GetSubscriptionLevelAlert.json b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/SecurityAlertsTests/SecurityAlerts_GetSubscriptionLevelAlert.json
index fe793c6d3e8f..74935ad18fd9 100644
--- a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/SecurityAlertsTests/SecurityAlerts_GetSubscriptionLevelAlert.json
+++ b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/SecurityAlertsTests/SecurityAlerts_GetSubscriptionLevelAlert.json
@@ -7,7 +7,7 @@
"RequestBody": "",
"RequestHeaders": {
"x-ms-client-request-id": [
- "cf9c2f40-36fe-4179-ad98-604de3b07c2d"
+ "345bc7b2-fa3d-46a7-a83c-05483eb45b97"
],
"accept-language": [
"en-US"
@@ -15,8 +15,8 @@
"User-Agent": [
"FxVersion/4.6.26614.01",
"OSName/Windows",
- "OSVersion/Microsoft.Windows.10.0.17763.",
- "Microsoft.Azure.Management.Security.SecurityCenterClient/0.11.0.0"
+ "OSVersion/Microsoft.Windows.10.0.18363.",
+ "Microsoft.Azure.Management.Security.SecurityCenterClient/1.1.3.0"
]
},
"ResponseHeaders": {
@@ -24,26 +24,26 @@
"no-cache"
],
"Date": [
- "Mon, 04 Mar 2019 16:01:58 GMT"
+ "Mon, 04 May 2020 14:42:59 GMT"
],
"Pragma": [
"no-cache"
],
"x-ms-original-request-ids": [
- "036f4045-479a-427f-b927-58fe597b3f18",
- "ae1c2e7f-084e-45d6-ad8f-a24da23e6262"
+ "9f5ec8db-e7ef-428d-b5eb-7396f05a06fa",
+ "524a1d93-204b-4b99-bfaf-9579cad60c81"
],
"x-ms-ratelimit-remaining-subscription-resource-requests": [
"749"
],
"x-ms-request-id": [
- "a91ec75c-3a30-4e1d-8665-babec2d5e7a4"
+ "5ca4dc5d-099c-4206-8f1e-73aadbad934e"
],
"x-ms-correlation-request-id": [
- "a91ec75c-3a30-4e1d-8665-babec2d5e7a4"
+ "5ca4dc5d-099c-4206-8f1e-73aadbad934e"
],
"x-ms-routing-request-id": [
- "UKWEST:20190304T160158Z:a91ec75c-3a30-4e1d-8665-babec2d5e7a4"
+ "GERMANYWESTCENTRAL:20200504T144300Z:5ca4dc5d-099c-4206-8f1e-73aadbad934e"
],
"Strict-Transport-Security": [
"max-age=31536000; includeSubDomains"
@@ -52,7 +52,7 @@
"nosniff"
],
"Content-Length": [
- "169158"
+ "25641"
],
"Content-Type": [
"application/json; charset=utf-8"
@@ -61,17 +61,17 @@
"-1"
]
},
- "ResponseBody": "{\r\n \"value\": [\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/rg/providers/Microsoft.Security/locations/centralus/alerts/2518532788749999999_66276b36-db2a-4b2c-84ad-9676fe753a01\",\r\n \"name\": \"2518532788749999999_66276b36-db2a-4b2c-84ad-9676fe753a01\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft\",\r\n \"alertDisplayName\": \"Web fingerprinting detected\",\r\n \"alertName\": \"APPS_Nmap\",\r\n \"detectedTimeUtc\": \"2019-03-03T17:40:43Z\",\r\n \"description\": \"Azure App Service activity log indicates a possible web fingerprinting activity on your App Service resource.The suspicious activity detected is associated with NMAP. Attackers often use this tool for probing the web application to find vulnerabilities.\",\r\n \"remediationSteps\": \"If only specific IP addresses should be allowed to access the web app, set IP restrictions (https://docs.microsoft.com/azure/app-service/app-service-ip-restrictions) for it.\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"High\",\r\n \"compromisedEntity\": \"sitename\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/rg/providers/Microsoft.Web/sites/sitename\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"b3d77198-6f95-40ed-9675-10001c2e93cc\",\r\n \"extendedProperties\": {\r\n \"last Event Time\": \"2/11/2019 5:40:46 PM\",\r\n \"sample URIs\": \"/sdk, /, /.git/HEAD, /favicon.ico, /evox/about, /robots.txt, /nmaplowercheck1549906843, /HNAP1\",\r\n \"sample User Agents\": \"Mozilla/5.0+(compatible;+Nmap+Scripting+Engine;+https://nmap.org/book/nse.html)\",\r\n \"sample Referer\": \"-\",\r\n \"resourceType\": \"App Service\"\r\n },\r\n \"state\": \"Dismissed\",\r\n \"reportedTimeUtc\": \"2019-03-03T20:41:03.846Z\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": [\r\n {\r\n \"$id\": \"centralus_1\",\r\n \"hostName\": \"sitename\",\r\n \"azureID\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/rg/providers/Microsoft.Web/sites/sitename\",\r\n \"type\": \"host\"\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/providers/Microsoft.Security/locations/centralus/alerts/2518532788749999999_66276b36-db2a-4b2c-84ad-9676fe753a02\",\r\n \"name\": \"2518532788749999999_66276b36-db2a-4b2c-84ad-9676fe753a02\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft\",\r\n \"alertDisplayName\": \"Web fingerprinting detected\",\r\n \"alertName\": \"APPS_Nmap\",\r\n \"detectedTimeUtc\": \"2019-03-03T17:40:43Z\",\r\n \"description\": \"Azure App Service activity log indicates a possible web fingerprinting activity on your App Service resource.The suspicious activity detected is associated with NMAP. Attackers often use this tool for probing the web application to find vulnerabilities.\",\r\n \"remediationSteps\": \"If only specific IP addresses should be allowed to access the web app, set IP restrictions (https://docs.microsoft.com/azure/app-service/app-service-ip-restrictions) for it.\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"High\",\r\n \"compromisedEntity\": \"sitename\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/providers/Microsoft.Web/sites/sitename\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"b3d77198-6f95-40ed-9675-10001c2e93cd\",\r\n \"extendedProperties\": {\r\n \"last Event Time\": \"2/11/2019 5:40:46 PM\",\r\n \"sample URIs\": \"/sdk, /, /.git/HEAD, /favicon.ico, /evox/about, /robots.txt, /nmaplowercheck1549906843, /HNAP1\",\r\n \"sample User Agents\": \"Mozilla/5.0+(compatible;+Nmap+Scripting+Engine;+https://nmap.org/book/nse.html)\",\r\n \"sample Referer\": \"-\",\r\n \"resourceType\": \"App Service\"\r\n },\r\n \"state\": \"Dismissed\",\r\n \"reportedTimeUtc\": \"2019-03-03T20:41:03.846Z\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": [\r\n {\r\n \"$id\": \"centralus_2\",\r\n \"hostName\": \"sitename\",\r\n \"azureID\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/providers/Microsoft.Web/sites/sitename\",\r\n \"type\": \"host\"\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518505891999999999_c908c4ae-9a04-4d98-bb7e-18c82dfd9a81\",\r\n \"name\": \"2518505891999999999_c908c4ae-9a04-4d98-bb7e-18c82dfd9a81\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-04T15:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"c908c4ae-9a04-4d98-bb7e-18c82dfd9a81\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"159.192.218.25\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T16:00:11.489254Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518505927999999999_38e859b9-60eb-406d-aa42-a54dc5be9b17\",\r\n \"name\": \"2518505927999999999_38e859b9-60eb-406d-aa42-a54dc5be9b17\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-04T14:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"38e859b9-60eb-406d-aa42-a54dc5be9b17\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T15:00:56.8950851Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518505927999999999_3c3f8a61-1245-4e92-be38-ac054249f4a2\",\r\n \"name\": \"2518505927999999999_3c3f8a61-1245-4e92-be38-ac054249f4a2\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-04T14:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with scripting/generic HTTP client Matched Data: python-requests found within REQUEST_HEADERS:User-Agent: python-requests/2.6.0 CPython/2.7.5 Linux/3.10.0-957.1.3.el7.x86_64\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"3c3f8a61-1245-4e92-be38-ac054249f4a2\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T15:00:56.8950851Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518505927999999999_f646ad4c-8a5d-4355-9dfc-56a3f2521310\",\r\n \"name\": \"2518505927999999999_f646ad4c-8a5d-4355-9dfc-56a3f2521310\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-04T14:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 8)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"f646ad4c-8a5d-4355-9dfc-56a3f2521310\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T15:00:56.4081088Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518505963999999999_7e0b842e-b80f-4544-979d-952ed3b60db6\",\r\n \"name\": \"2518505963999999999_7e0b842e-b80f-4544-979d-952ed3b60db6\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-04T13:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"7e0b842e-b80f-4544-979d-952ed3b60db6\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"103.94.170.218,113.161.130.251\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T14:00:41.0033381Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506035999999999_4316a00c-7ac8-4b34-8b74-cf73e2a91b70\",\r\n \"name\": \"2518506035999999999_4316a00c-7ac8-4b34-8b74-cf73e2a91b70\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-04T11:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with scripting/generic HTTP client Matched Data: python-requests found within REQUEST_HEADERS:User-Agent: python-requests/2.6.0 CPython/2.7.5 Linux/3.10.0-957.1.3.el7.x86_64\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"4316a00c-7ac8-4b34-8b74-cf73e2a91b70\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T12:00:02.3651318Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506035999999999_553a1004-ff2f-4d39-9baf-cdb764aa6a1e\",\r\n \"name\": \"2518506035999999999_553a1004-ff2f-4d39-9baf-cdb764aa6a1e\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-04T11:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 8)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"553a1004-ff2f-4d39-9baf-cdb764aa6a1e\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T12:00:01.7153581Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506035999999999_d91570aa-65a5-46de-aee7-98b41a8027e4\",\r\n \"name\": \"2518506035999999999_d91570aa-65a5-46de-aee7-98b41a8027e4\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-04T11:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"d91570aa-65a5-46de-aee7-98b41a8027e4\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"176.32.33.80,103.212.90.36\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T12:00:02.3651318Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506071999999999_129ec79b-c7a6-4082-91af-c6733ce46447\",\r\n \"name\": \"2518506071999999999_129ec79b-c7a6-4082-91af-c6733ce46447\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-04T10:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"129ec79b-c7a6-4082-91af-c6733ce46447\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"51.83.15.87\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T11:00:48.0270644Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506071999999999_784f1ab8-ec53-4216-a522-52669e63bcde\",\r\n \"name\": \"2518506071999999999_784f1ab8-ec53-4216-a522-52669e63bcde\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-04T10:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"784f1ab8-ec53-4216-a522-52669e63bcde\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"45.115.6.194\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T11:00:48.4809846Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506179999999999_a4b834f3-2e4b-406c-bc49-1dc4339732e6\",\r\n \"name\": \"2518506179999999999_a4b834f3-2e4b-406c-bc49-1dc4339732e6\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-04T07:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 8)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"a4b834f3-2e4b-406c-bc49-1dc4339732e6\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T08:00:01.2466784Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506179999999999_e2dfaff2-872b-479b-8ead-f3473da44a88\",\r\n \"name\": \"2518506179999999999_e2dfaff2-872b-479b-8ead-f3473da44a88\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-04T07:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"e2dfaff2-872b-479b-8ead-f3473da44a88\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"179.110.123.218,176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T08:00:02.116777Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506179999999999_e67879f8-55f1-49a0-bfde-d8d076fae90e\",\r\n \"name\": \"2518506179999999999_e67879f8-55f1-49a0-bfde-d8d076fae90e\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-04T07:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with scripting/generic HTTP client Matched Data: python-requests found within REQUEST_HEADERS:User-Agent: python-requests/2.6.0 CPython/2.7.5 Linux/3.10.0-957.1.3.el7.x86_64\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"e67879f8-55f1-49a0-bfde-d8d076fae90e\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T08:00:02.116777Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506215999999999_137fc371-1c41-4da3-9f32-61dbf0c876b3\",\r\n \"name\": \"2518506215999999999_137fc371-1c41-4da3-9f32-61dbf0c876b3\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-04T06:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"137fc371-1c41-4da3-9f32-61dbf0c876b3\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"186.226.218.121,191.37.250.231\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T07:00:47.1096409Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506215999999999_d1922f41-45da-4c89-b3f0-ae2ee97ca464\",\r\n \"name\": \"2518506215999999999_d1922f41-45da-4c89-b3f0-ae2ee97ca464\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-04T06:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"d1922f41-45da-4c89-b3f0-ae2ee97ca464\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"109.73.182.157\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T07:00:46.5853915Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506251999999999_8ad58304-6c26-4379-89fc-b89fcfa1e747\",\r\n \"name\": \"2518506251999999999_8ad58304-6c26-4379-89fc-b89fcfa1e747\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-04T05:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"8ad58304-6c26-4379-89fc-b89fcfa1e747\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"185.123.233.160\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T06:00:33.4180269Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506287999999999_1ed08eec-64cc-4d93-9eea-ea73822c2320\",\r\n \"name\": \"2518506287999999999_1ed08eec-64cc-4d93-9eea-ea73822c2320\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-04T04:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"1ed08eec-64cc-4d93-9eea-ea73822c2320\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T05:00:20.5069656Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506287999999999_8f8d4f63-d98c-4e11-aa94-d1f3886b6afb\",\r\n \"name\": \"2518506287999999999_8f8d4f63-d98c-4e11-aa94-d1f3886b6afb\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-04T04:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with scripting/generic HTTP client Matched Data: python-requests found within REQUEST_HEADERS:User-Agent: python-requests/2.6.0 CPython/2.7.5 Linux/3.10.0-957.1.3.el7.x86_64\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"8f8d4f63-d98c-4e11-aa94-d1f3886b6afb\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T05:00:20.5069656Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506287999999999_e84d6d25-d3fd-4198-a9ea-8d1a695a8a0e\",\r\n \"name\": \"2518506287999999999_e84d6d25-d3fd-4198-a9ea-8d1a695a8a0e\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-04T04:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 8)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"e84d6d25-d3fd-4198-a9ea-8d1a695a8a0e\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T05:00:20.5069656Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506395999999999_025841f9-9581-450c-8349-b96da379d72c\",\r\n \"name\": \"2518506395999999999_025841f9-9581-450c-8349-b96da379d72c\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-04T01:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 8)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"025841f9-9581-450c-8349-b96da379d72c\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T02:00:39.9205038Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506395999999999_21099c91-d37e-4843-966e-55f53d3fe657\",\r\n \"name\": \"2518506395999999999_21099c91-d37e-4843-966e-55f53d3fe657\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-04T01:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with scripting/generic HTTP client Matched Data: python-requests found within REQUEST_HEADERS:User-Agent: python-requests/2.6.0 CPython/2.7.5 Linux/3.10.0-957.1.3.el7.x86_64\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"21099c91-d37e-4843-966e-55f53d3fe657\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T02:00:40.4337488Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506395999999999_997886ee-adcc-4233-b389-4f349a4e4f19\",\r\n \"name\": \"2518506395999999999_997886ee-adcc-4233-b389-4f349a4e4f19\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-04T01:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"997886ee-adcc-4233-b389-4f349a4e4f19\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T02:00:40.4337488Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506431999999999_3628cfac-0858-4075-873e-cb45feafc2d8\",\r\n \"name\": \"2518506431999999999_3628cfac-0858-4075-873e-cb45feafc2d8\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"METHOD-ENFORCEMENT\",\r\n \"alertName\": \"METHOD-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-04T00:00:00Z\",\r\n \"description\": \"Detail:Method is not allowed by policy PROPFIND\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"3628cfac-0858-4075-873e-cb45feafc2d8\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"123.206.22.203\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T01:00:24.1988577Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506431999999999_65048fd9-87b9-4d11-9570-f3ea77419866\",\r\n \"name\": \"2518506431999999999_65048fd9-87b9-4d11-9570-f3ea77419866\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-04T00:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"65048fd9-87b9-4d11-9570-f3ea77419866\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"108\",\r\n \"source IPs\": \"45.170.220.47,123.206.22.203,183.89.68.95\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T01:00:24.1988577Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506431999999999_a8a29940-e0bd-4742-95cc-c6d01e1afe48\",\r\n \"name\": \"2518506431999999999_a8a29940-e0bd-4742-95cc-c6d01e1afe48\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"APPLICATION-ATTACK-SQLI\",\r\n \"alertName\": \"APPLICATION-ATTACK-SQLI\",\r\n \"detectedTimeUtc\": \"2019-03-04T00:00:00Z\",\r\n \"description\": \"Detail:SQL Injection Attack Matched Data: md5 found within ARGS:h: die(@md5(M4rch));\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"a8a29940-e0bd-4742-95cc-c6d01e1afe48\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"16\",\r\n \"source IPs\": \"123.206.22.203\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T01:00:24.1988577Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506431999999999_b41572ea-083b-4743-ab2f-f653b504c3c3\",\r\n \"name\": \"2518506431999999999_b41572ea-083b-4743-ab2f-f653b504c3c3\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-04T00:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 5)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"b41572ea-083b-4743-ab2f-f653b504c3c3\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"41\",\r\n \"source IPs\": \"123.206.22.203\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T01:00:24.1988577Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506431999999999_b463a506-46aa-4a9d-8468-40e2ed74fae2\",\r\n \"name\": \"2518506431999999999_b463a506-46aa-4a9d-8468-40e2ed74fae2\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"APPLICATION-ATTACK-SQLI\",\r\n \"alertName\": \"APPLICATION-ATTACK-SQLI\",\r\n \"detectedTimeUtc\": \"2019-03-04T00:00:00Z\",\r\n \"description\": \"Detail:SQL Injection Attack Matched Data: md5 found within ARGS:h: die(@md5(M4rch));\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"b463a506-46aa-4a9d-8468-40e2ed74fae2\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"24\",\r\n \"source IPs\": \"123.206.22.203\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T01:00:23.6287102Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506431999999999_da18a55d-358d-499b-97e2-d4a9169d6d79\",\r\n \"name\": \"2518506431999999999_da18a55d-358d-499b-97e2-d4a9169d6d79\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-04T00:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 12)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"da18a55d-358d-499b-97e2-d4a9169d6d79\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"43\",\r\n \"source IPs\": \"123.206.22.203\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T01:00:24.1988577Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506431999999999_e188c598-6c5a-4b88-b062-53a84c8e5866\",\r\n \"name\": \"2518506431999999999_e188c598-6c5a-4b88-b062-53a84c8e5866\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-04T00:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"e188c598-6c5a-4b88-b062-53a84c8e5866\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"98\",\r\n \"source IPs\": \"123.206.22.203\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T01:00:24.1988577Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506431999999999_f3759b4d-98d9-4133-820f-c53404075381\",\r\n \"name\": \"2518506431999999999_f3759b4d-98d9-4133-820f-c53404075381\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"APPLICATION-ATTACK-LFI\",\r\n \"alertName\": \"APPLICATION-ATTACK-LFI\",\r\n \"detectedTimeUtc\": \"2019-03-04T00:00:00Z\",\r\n \"description\": \"Detail:Restricted File Access Attempt Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"f3759b4d-98d9-4133-820f-c53404075381\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"123.206.22.203\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T01:00:24.1988577Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506467999999999_e16ffb83-a733-495b-b767-56079cca194b\",\r\n \"name\": \"2518506467999999999_e16ffb83-a733-495b-b767-56079cca194b\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T23:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"e16ffb83-a733-495b-b767-56079cca194b\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"37.57.97.61\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T00:00:05.2118352Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506539999999999_96264969-2f25-4495-8e4a-26d705da8fa9\",\r\n \"name\": \"2518506539999999999_96264969-2f25-4495-8e4a-26d705da8fa9\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-03T21:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with scripting/generic HTTP client Matched Data: python-requests found within REQUEST_HEADERS:User-Agent: python-requests/2.6.0 CPython/2.7.5 Linux/3.10.0-957.1.3.el7.x86_64\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"96264969-2f25-4495-8e4a-26d705da8fa9\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T22:00:34.1747263Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506539999999999_dd92cb6e-f129-4405-9e18-11fa5c1252c2\",\r\n \"name\": \"2518506539999999999_dd92cb6e-f129-4405-9e18-11fa5c1252c2\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T21:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 8)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"dd92cb6e-f129-4405-9e18-11fa5c1252c2\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T22:00:33.6975993Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506539999999999_ecdf89d6-b2a2-4d32-9e16-f7cd67984891\",\r\n \"name\": \"2518506539999999999_ecdf89d6-b2a2-4d32-9e16-f7cd67984891\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T21:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"ecdf89d6-b2a2-4d32-9e16-f7cd67984891\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"41.50.83.103,176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T22:00:34.1747263Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506575999999999_5aee1028-31b6-4d35-93cc-569793a2d3a2\",\r\n \"name\": \"2518506575999999999_5aee1028-31b6-4d35-93cc-569793a2d3a2\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T20:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"5aee1028-31b6-4d35-93cc-569793a2d3a2\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"181.166.19.204\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T21:00:19.3291561Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506611999999999_3c7cfa09-e213-4490-ba8d-a11b72b6d000\",\r\n \"name\": \"2518506611999999999_3c7cfa09-e213-4490-ba8d-a11b72b6d000\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T19:00:00Z\",\r\n \"description\": \"Detail:Request Missing a Host Header\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"3c7cfa09-e213-4490-ba8d-a11b72b6d000\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"178.73.215.171\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T20:00:05.4039046Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506611999999999_af8a5586-7eae-4aba-bb14-5a0d9f18bb97\",\r\n \"name\": \"2518506611999999999_af8a5586-7eae-4aba-bb14-5a0d9f18bb97\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T19:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"af8a5586-7eae-4aba-bb14-5a0d9f18bb97\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"39.96.43.158,200.207.20.30\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T20:00:05.4039046Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506611999999999_ea4eb36f-4b5c-4b3d-a52e-b06a0a8634ac\",\r\n \"name\": \"2518506611999999999_ea4eb36f-4b5c-4b3d-a52e-b06a0a8634ac\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T19:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 5)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"ea4eb36f-4b5c-4b3d-a52e-b06a0a8634ac\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"178.73.215.171\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T20:00:04.9007841Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506647999999999_2049cf22-f78e-45c4-8c8d-620175ea9b67\",\r\n \"name\": \"2518506647999999999_2049cf22-f78e-45c4-8c8d-620175ea9b67\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"APPLICATION-ATTACK-SQLI\",\r\n \"alertName\": \"APPLICATION-ATTACK-SQLI\",\r\n \"detectedTimeUtc\": \"2019-03-03T18:00:00Z\",\r\n \"description\": \"Detail:SQL Injection Attack: SQL Tautology Detected. Matched Data: methodName>system found within ARGS_NAMES: system.listMethods : system.listMethods \",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"2049cf22-f78e-45c4-8c8d-620175ea9b67\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"52.183.58.122\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T19:00:51.2707099Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506647999999999_5dd2d179-737e-47de-a37d-c6b6731c149a\",\r\n \"name\": \"2518506647999999999_5dd2d179-737e-47de-a37d-c6b6731c149a\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-03T18:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with security scanner Matched Data: nmap scripting engine found within REQUEST_HEADERS:User-Agent: Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"5dd2d179-737e-47de-a37d-c6b6731c149a\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"16\",\r\n \"source IPs\": \"52.183.58.122\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T19:00:51.2707099Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506647999999999_7bc4f2d4-49d2-4e83-801e-18e5f7288546\",\r\n \"name\": \"2518506647999999999_7bc4f2d4-49d2-4e83-801e-18e5f7288546\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T18:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 5)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"7bc4f2d4-49d2-4e83-801e-18e5f7288546\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"17\",\r\n \"source IPs\": \"52.183.58.122\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T19:00:51.2707099Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506647999999999_7db374f1-b737-40f9-9801-427d6ded6631\",\r\n \"name\": \"2518506647999999999_7db374f1-b737-40f9-9801-427d6ded6631\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T18:00:00Z\",\r\n \"description\": \"Detail:Request Missing a Host Header\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"7db374f1-b737-40f9-9801-427d6ded6631\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"29\",\r\n \"source IPs\": \"52.183.58.122\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T19:00:51.2707099Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506647999999999_7fdd74ca-ecdc-47c7-8ede-237604683d32\",\r\n \"name\": \"2518506647999999999_7fdd74ca-ecdc-47c7-8ede-237604683d32\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T18:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 10)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"7fdd74ca-ecdc-47c7-8ede-237604683d32\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"18\",\r\n \"source IPs\": \"52.183.58.122\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T19:00:51.2707099Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506647999999999_8a49395c-6a4a-44c1-ada6-5d9e25ad2cb4\",\r\n \"name\": \"2518506647999999999_8a49395c-6a4a-44c1-ada6-5d9e25ad2cb4\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-03T18:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with security scanner Matched Data: nmap scripting engine found within REQUEST_HEADERS:User-Agent: Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"8a49395c-6a4a-44c1-ada6-5d9e25ad2cb4\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"16\",\r\n \"source IPs\": \"52.183.58.122\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T19:00:51.2707099Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506647999999999_9aa674cd-3d5a-44d0-ae78-26bb404bb9cd\",\r\n \"name\": \"2518506647999999999_9aa674cd-3d5a-44d0-ae78-26bb404bb9cd\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"APPLICATION-ATTACK-LFI\",\r\n \"alertName\": \"APPLICATION-ATTACK-LFI\",\r\n \"detectedTimeUtc\": \"2019-03-03T18:00:00Z\",\r\n \"description\": \"Detail:Restricted File Access Attempt Matched Data: /.git/ found within REQUEST_FILENAME: /.git/HEAD\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"9aa674cd-3d5a-44d0-ae78-26bb404bb9cd\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"52.183.58.122\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T19:00:50.6994998Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506647999999999_a1d6f3b7-f990-4f60-aa51-f9dedb286a93\",\r\n \"name\": \"2518506647999999999_a1d6f3b7-f990-4f60-aa51-f9dedb286a93\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"METHOD-ENFORCEMENT\",\r\n \"alertName\": \"METHOD-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T18:00:00Z\",\r\n \"description\": \"Detail:Method is not allowed by policy PROPFIND\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"a1d6f3b7-f990-4f60-aa51-f9dedb286a93\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"4\",\r\n \"source IPs\": \"52.183.58.122\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T19:00:51.2707099Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506647999999999_e88f0966-faba-4c11-806c-1dd3d0f02349\",\r\n \"name\": \"2518506647999999999_e88f0966-faba-4c11-806c-1dd3d0f02349\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T18:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"e88f0966-faba-4c11-806c-1dd3d0f02349\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"30\",\r\n \"source IPs\": \"52.183.58.122\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T19:00:51.2707099Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506683999999999_3ffd1f5a-8a43-42dd-950f-94a708c4eccf\",\r\n \"name\": \"2518506683999999999_3ffd1f5a-8a43-42dd-950f-94a708c4eccf\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-03T17:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with scripting/generic HTTP client Matched Data: Python-urllib found within REQUEST_HEADERS:User-Agent: Python-urllib/2.7\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"3ffd1f5a-8a43-42dd-950f-94a708c4eccf\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"5.189.188.237\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T18:00:33.544093Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506683999999999_45daf153-e9c2-4943-aa00-60a4d57dfe57\",\r\n \"name\": \"2518506683999999999_45daf153-e9c2-4943-aa00-60a4d57dfe57\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T17:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 5)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"45daf153-e9c2-4943-aa00-60a4d57dfe57\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"185\",\r\n \"source IPs\": \"153.37.197.94\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T18:00:34.0159991Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506683999999999_5f021722-537d-490c-bdfd-ac6fc510da5c\",\r\n \"name\": \"2518506683999999999_5f021722-537d-490c-bdfd-ac6fc510da5c\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T17:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"5f021722-537d-490c-bdfd-ac6fc510da5c\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"241\",\r\n \"source IPs\": \"153.37.197.94\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T18:00:34.0159991Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506683999999999_6a5df300-a1b4-4403-a419-eb6688efdf7b\",\r\n \"name\": \"2518506683999999999_6a5df300-a1b4-4403-a419-eb6688efdf7b\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"APPLICATION-ATTACK-SQLI\",\r\n \"alertName\": \"APPLICATION-ATTACK-SQLI\",\r\n \"detectedTimeUtc\": \"2019-03-03T17:00:00Z\",\r\n \"description\": \"Detail:SQL Injection Attack Matched Data: md5 found within ARGS:h: die(@md5(M4rch));\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"6a5df300-a1b4-4403-a419-eb6688efdf7b\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"258\",\r\n \"source IPs\": \"153.37.197.94\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T18:00:34.0159991Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506683999999999_874c6ebd-1e67-4774-a5ce-0d731c1c27db\",\r\n \"name\": \"2518506683999999999_874c6ebd-1e67-4774-a5ce-0d731c1c27db\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T17:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 12)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"874c6ebd-1e67-4774-a5ce-0d731c1c27db\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"187\",\r\n \"source IPs\": \"153.37.197.94,5.189.188.237\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T18:00:34.0159991Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506683999999999_96f96063-0f51-4b5a-8548-a58f55a126bb\",\r\n \"name\": \"2518506683999999999_96f96063-0f51-4b5a-8548-a58f55a126bb\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"APPLICATION-ATTACK-LFI\",\r\n \"alertName\": \"APPLICATION-ATTACK-LFI\",\r\n \"detectedTimeUtc\": \"2019-03-03T17:00:00Z\",\r\n \"description\": \"Detail:Restricted File Access Attempt Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"96f96063-0f51-4b5a-8548-a58f55a126bb\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"153.37.197.94\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T18:00:34.0159991Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506683999999999_a1fd9cb6-278c-4fa8-8378-b88d15b68e37\",\r\n \"name\": \"2518506683999999999_a1fd9cb6-278c-4fa8-8378-b88d15b68e37\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"APPLICATION-ATTACK-SQLI\",\r\n \"alertName\": \"APPLICATION-ATTACK-SQLI\",\r\n \"detectedTimeUtc\": \"2019-03-03T17:00:00Z\",\r\n \"description\": \"Detail:SQL Injection Attack Matched Data: md5 found within ARGS:h: die(@md5(M4rch));\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"a1fd9cb6-278c-4fa8-8378-b88d15b68e37\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"242\",\r\n \"source IPs\": \"153.37.197.94\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T18:00:34.0159991Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506683999999999_e4985ba6-3474-4f25-8d0e-0d29bb6b38c9\",\r\n \"name\": \"2518506683999999999_e4985ba6-3474-4f25-8d0e-0d29bb6b38c9\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T17:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"e4985ba6-3474-4f25-8d0e-0d29bb6b38c9\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"254\",\r\n \"source IPs\": \"143.255.242.186,153.37.197.94,5.189.188.237\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T18:00:34.0159991Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506683999999999_e6988005-220a-4136-82fd-14ef12b4ddf1\",\r\n \"name\": \"2518506683999999999_e6988005-220a-4136-82fd-14ef12b4ddf1\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"METHOD-ENFORCEMENT\",\r\n \"alertName\": \"METHOD-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T17:00:00Z\",\r\n \"description\": \"Detail:Method is not allowed by policy PROPFIND\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"e6988005-220a-4136-82fd-14ef12b4ddf1\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"153.37.197.94\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T18:00:34.0159991Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506719999999999_13a28970-6f30-4c49-8db1-bbeb8c53f358\",\r\n \"name\": \"2518506719999999999_13a28970-6f30-4c49-8db1-bbeb8c53f358\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-03T16:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with scripting/generic HTTP client Matched Data: python-requests found within REQUEST_HEADERS:User-Agent: python-requests/2.6.0 CPython/2.7.5 Linux/3.10.0-957.1.3.el7.x86_64\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"13a28970-6f30-4c49-8db1-bbeb8c53f358\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T17:00:20.7167821Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506719999999999_3dd7d880-0612-484b-9352-47cbe5e955c0\",\r\n \"name\": \"2518506719999999999_3dd7d880-0612-484b-9352-47cbe5e955c0\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T16:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"3dd7d880-0612-484b-9352-47cbe5e955c0\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"4\",\r\n \"source IPs\": \"151.14.49.82,106.12.205.48,176.32.33.80,27.112.69.69\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T17:00:20.7167821Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506719999999999_45ad41ef-a52a-4383-b5a0-cf77d0f52769\",\r\n \"name\": \"2518506719999999999_45ad41ef-a52a-4383-b5a0-cf77d0f52769\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T16:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 8)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"45ad41ef-a52a-4383-b5a0-cf77d0f52769\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T17:00:20.7167821Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506755999999999_08c7bb21-5ce6-4a29-8559-e0f681637727\",\r\n \"name\": \"2518506755999999999_08c7bb21-5ce6-4a29-8559-e0f681637727\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T15:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"08c7bb21-5ce6-4a29-8559-e0f681637727\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"112.109.90.7\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T16:00:13.9856128Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506791999999999_a4f72ed5-04a4-4396-a55f-6c1e53f5de88\",\r\n \"name\": \"2518506791999999999_a4f72ed5-04a4-4396-a55f-6c1e53f5de88\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T14:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"a4f72ed5-04a4-4396-a55f-6c1e53f5de88\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"191.19.156.211\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T15:00:53.1284306Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506791999999999_d7624e51-e813-4e82-9d24-b0c7d1ee54a2\",\r\n \"name\": \"2518506791999999999_d7624e51-e813-4e82-9d24-b0c7d1ee54a2\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T14:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"d7624e51-e813-4e82-9d24-b0c7d1ee54a2\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"191.19.156.211\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T15:00:53.5907512Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506827999999999_5d48c911-b79f-4a9c-adf7-b1f7b542e139\",\r\n \"name\": \"2518506827999999999_5d48c911-b79f-4a9c-adf7-b1f7b542e139\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T13:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"5d48c911-b79f-4a9c-adf7-b1f7b542e139\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"47.44.40.236\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T14:00:40.9369659Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506827999999999_6705b59f-aa53-4b22-a799-0ec168f16554\",\r\n \"name\": \"2518506827999999999_6705b59f-aa53-4b22-a799-0ec168f16554\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T13:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 5)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"6705b59f-aa53-4b22-a799-0ec168f16554\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"86.101.76.223\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T14:00:41.4313385Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506827999999999_8ef4d78a-8e10-42c2-809c-b06a1dbac6ff\",\r\n \"name\": \"2518506827999999999_8ef4d78a-8e10-42c2-809c-b06a1dbac6ff\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T13:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"8ef4d78a-8e10-42c2-809c-b06a1dbac6ff\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"3\",\r\n \"source IPs\": \"86.101.76.223,37.112.145.247\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T14:00:41.4313385Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506863999999999_0a57514d-bfbb-40de-945f-edab4061fa9f\",\r\n \"name\": \"2518506863999999999_0a57514d-bfbb-40de-945f-edab4061fa9f\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-03T12:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with scripting/generic HTTP client Matched Data: python-requests found within REQUEST_HEADERS:User-Agent: python-requests/2.6.0 CPython/2.7.5 Linux/3.10.0-957.1.3.el7.x86_64\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"0a57514d-bfbb-40de-945f-edab4061fa9f\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T13:00:27.4966084Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506863999999999_2aec0c06-933a-4981-bd34-59809b81bdcf\",\r\n \"name\": \"2518506863999999999_2aec0c06-933a-4981-bd34-59809b81bdcf\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T12:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"2aec0c06-933a-4981-bd34-59809b81bdcf\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"3\",\r\n \"source IPs\": \"139.162.106.181,176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T13:00:27.9629747Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506863999999999_3906c573-8bb4-47b5-922d-3a93dacb999a\",\r\n \"name\": \"2518506863999999999_3906c573-8bb4-47b5-922d-3a93dacb999a\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T12:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 5)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"3906c573-8bb4-47b5-922d-3a93dacb999a\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"139.162.106.181,176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T13:00:27.9629747Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506863999999999_ccc614e5-38e9-4794-a4a7-b084779313b2\",\r\n \"name\": \"2518506863999999999_ccc614e5-38e9-4794-a4a7-b084779313b2\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T12:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"ccc614e5-38e9-4794-a4a7-b084779313b2\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"189.79.106.13,175.106.10.226\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T13:00:27.9629747Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506899999999999_0628b610-6b29-45ec-a08c-2561f6201681\",\r\n \"name\": \"2518506899999999999_0628b610-6b29-45ec-a08c-2561f6201681\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T11:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"0628b610-6b29-45ec-a08c-2561f6201681\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"4\",\r\n \"source IPs\": \"170.233.47.249,149.71.160.254,125.64.94.200\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T12:00:05.3305889Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506899999999999_7008ba75-4cc8-4291-93bc-ea17eba8f37c\",\r\n \"name\": \"2518506899999999999_7008ba75-4cc8-4291-93bc-ea17eba8f37c\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T11:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 5)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"7008ba75-4cc8-4291-93bc-ea17eba8f37c\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"125.64.94.200\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T12:00:04.8798965Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506935999999999_6f663a4f-982b-4818-8ef1-f87730e40dcc\",\r\n \"name\": \"2518506935999999999_6f663a4f-982b-4818-8ef1-f87730e40dcc\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T10:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"6f663a4f-982b-4818-8ef1-f87730e40dcc\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"177.190.65.151\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T11:00:50.1566901Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506971999999999_205da57b-4636-44f8-894e-3a78c60e78be\",\r\n \"name\": \"2518506971999999999_205da57b-4636-44f8-894e-3a78c60e78be\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-03T09:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with security scanner Matched Data: zmeu found within REQUEST_HEADERS:User-Agent: ZmEu\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"205da57b-4636-44f8-894e-3a78c60e78be\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"5\",\r\n \"source IPs\": \"202.111.175.134\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T10:00:37.6036112Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506971999999999_36d74c57-219a-48dd-9d85-8edf5dad9605\",\r\n \"name\": \"2518506971999999999_36d74c57-219a-48dd-9d85-8edf5dad9605\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T09:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 8)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"36d74c57-219a-48dd-9d85-8edf5dad9605\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"3\",\r\n \"source IPs\": \"176.32.33.80,202.111.175.134\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T10:00:37.6036112Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506971999999999_51794aa7-6274-4156-b321-a8404ec2c8a1\",\r\n \"name\": \"2518506971999999999_51794aa7-6274-4156-b321-a8404ec2c8a1\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T09:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 13)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"51794aa7-6274-4156-b321-a8404ec2c8a1\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"4\",\r\n \"source IPs\": \"202.111.175.134\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T10:00:36.6754928Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506971999999999_8fd280c9-d229-4ab0-b7c2-a1e6ed13d475\",\r\n \"name\": \"2518506971999999999_8fd280c9-d229-4ab0-b7c2-a1e6ed13d475\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T09:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"8fd280c9-d229-4ab0-b7c2-a1e6ed13d475\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"4\",\r\n \"source IPs\": \"202.111.175.134\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T10:00:37.6036112Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506971999999999_c5f9f5ef-e626-494f-af62-296e9a3aae90\",\r\n \"name\": \"2518506971999999999_c5f9f5ef-e626-494f-af62-296e9a3aae90\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T09:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"c5f9f5ef-e626-494f-af62-296e9a3aae90\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"3\",\r\n \"source IPs\": \"176.32.33.80,202.111.175.134\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T10:00:37.6036112Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506971999999999_f2c8d1c4-1673-484b-a6dd-83ba0f631030\",\r\n \"name\": \"2518506971999999999_f2c8d1c4-1673-484b-a6dd-83ba0f631030\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-03T09:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with scripting/generic HTTP client Matched Data: python-requests found within REQUEST_HEADERS:User-Agent: python-requests/2.6.0 CPython/2.7.5 Linux/3.10.0-957.1.3.el7.x86_64\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"f2c8d1c4-1673-484b-a6dd-83ba0f631030\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"3\",\r\n \"source IPs\": \"176.32.33.80,202.111.175.134\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T10:00:37.6036112Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507007999999999_d08f4e21-7e7a-4f55-8d05-c262b6ea7296\",\r\n \"name\": \"2518507007999999999_d08f4e21-7e7a-4f55-8d05-c262b6ea7296\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T08:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"d08f4e21-7e7a-4f55-8d05-c262b6ea7296\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"200.170.107.213\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T09:00:23.6177593Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507043999999999_4113b94b-e345-435c-9860-319263f7dd62\",\r\n \"name\": \"2518507043999999999_4113b94b-e345-435c-9860-319263f7dd62\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T07:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"4113b94b-e345-435c-9860-319263f7dd62\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"3\",\r\n \"source IPs\": \"185.53.88.120,177.95.121.11\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T08:00:08.812839Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507043999999999_61e42d8a-87ae-4aad-909c-c68cf39040d4\",\r\n \"name\": \"2518507043999999999_61e42d8a-87ae-4aad-909c-c68cf39040d4\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T07:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 5)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"61e42d8a-87ae-4aad-909c-c68cf39040d4\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"185.53.88.120\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T08:00:08.812839Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507043999999999_61fd9c97-c980-48c2-b39a-defed87af2a2\",\r\n \"name\": \"2518507043999999999_61fd9c97-c980-48c2-b39a-defed87af2a2\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T07:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"61fd9c97-c980-48c2-b39a-defed87af2a2\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"189.211.124.220\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T08:00:08.812839Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507079999999999_1b89d7cb-b586-4a38-ad61-75bbaebf2170\",\r\n \"name\": \"2518507079999999999_1b89d7cb-b586-4a38-ad61-75bbaebf2170\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-03T06:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with security scanner Matched Data: masscan found within REQUEST_HEADERS:User-Agent: masscan/1.0 (https://github.com/robertdavidgraham/masscan)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"1b89d7cb-b586-4a38-ad61-75bbaebf2170\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"185.165.169.28\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T07:00:54.0188006Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507079999999999_c2c1230a-f1d5-4fe1-9aa3-0a77e7299186\",\r\n \"name\": \"2518507079999999999_c2c1230a-f1d5-4fe1-9aa3-0a77e7299186\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T06:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 8)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"c2c1230a-f1d5-4fe1-9aa3-0a77e7299186\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"185.165.169.28\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T07:00:53.5777047Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507079999999999_eac52c76-659b-498e-91f5-525511b48ded\",\r\n \"name\": \"2518507079999999999_eac52c76-659b-498e-91f5-525511b48ded\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T06:00:00Z\",\r\n \"description\": \"Detail:Request Missing a Host Header\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"eac52c76-659b-498e-91f5-525511b48ded\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"185.165.169.28\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T07:00:54.0188006Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507115999999999_3f4c572d-c6c7-440c-84e7-7a3f4cd866af\",\r\n \"name\": \"2518507115999999999_3f4c572d-c6c7-440c-84e7-7a3f4cd866af\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T05:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"3f4c572d-c6c7-440c-84e7-7a3f4cd866af\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"191.19.210.54\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T06:00:38.331985Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507115999999999_537e6f2f-d393-4cdf-a530-3255b9cc34c9\",\r\n \"name\": \"2518507115999999999_537e6f2f-d393-4cdf-a530-3255b9cc34c9\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T05:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 8)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"537e6f2f-d393-4cdf-a530-3255b9cc34c9\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"176.32.33.80,106.75.63.218\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T06:00:38.8618086Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507115999999999_b291073d-47ad-4563-b5be-d3cc4955e3db\",\r\n \"name\": \"2518507115999999999_b291073d-47ad-4563-b5be-d3cc4955e3db\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-03T05:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with scripting/generic HTTP client Matched Data: python-requests found within REQUEST_HEADERS:User-Agent: python-requests/2.6.0 CPython/2.7.5 Linux/3.10.0-957.1.3.el7.x86_64\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"b291073d-47ad-4563-b5be-d3cc4955e3db\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T06:00:38.8618086Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507115999999999_c9b1c4e8-589e-4c7e-945f-ef107e422d0e\",\r\n \"name\": \"2518507115999999999_c9b1c4e8-589e-4c7e-945f-ef107e422d0e\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T05:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"c9b1c4e8-589e-4c7e-945f-ef107e422d0e\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"3\",\r\n \"source IPs\": \"176.32.33.80,106.75.63.218\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T06:00:38.8618086Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507151999999999_395b050b-039c-42ac-84eb-93d3e7faea3e\",\r\n \"name\": \"2518507151999999999_395b050b-039c-42ac-84eb-93d3e7faea3e\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T04:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"395b050b-039c-42ac-84eb-93d3e7faea3e\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"82.227.32.4\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T05:00:24.7267003Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507151999999999_6db5bd58-9d70-42c8-b0c1-723f6cd5b8e7\",\r\n \"name\": \"2518507151999999999_6db5bd58-9d70-42c8-b0c1-723f6cd5b8e7\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T04:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 5)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"6db5bd58-9d70-42c8-b0c1-723f6cd5b8e7\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"82.227.32.4\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T05:00:24.2392146Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507223999999999_ee9ccd4a-9ffe-4674-93a3-8dce991f38ab\",\r\n \"name\": \"2518507223999999999_ee9ccd4a-9ffe-4674-93a3-8dce991f38ab\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T02:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"ee9ccd4a-9ffe-4674-93a3-8dce991f38ab\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"3\",\r\n \"source IPs\": \"46.201.249.7,91.192.33.145,95.133.40.164\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T03:00:56.5825657Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507295999999999_4fe4d5bf-6672-490d-b840-051c7f68b697\",\r\n \"name\": \"2518507295999999999_4fe4d5bf-6672-490d-b840-051c7f68b697\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T00:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 5)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"4fe4d5bf-6672-490d-b840-051c7f68b697\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"61.62.156.174\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T01:00:28.5948373Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507295999999999_863f36fb-20ad-45d2-9063-2a07be7f4d5f\",\r\n \"name\": \"2518507295999999999_863f36fb-20ad-45d2-9063-2a07be7f4d5f\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T00:00:00Z\",\r\n \"description\": \"Detail:Request Missing a Host Header\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"863f36fb-20ad-45d2-9063-2a07be7f4d5f\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"61.62.156.174\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T01:00:29.0871558Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507331999999999_3462bbf4-9200-4fdc-871c-01f2eb234c84\",\r\n \"name\": \"2518507331999999999_3462bbf4-9200-4fdc-871c-01f2eb234c84\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-02T23:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"3462bbf4-9200-4fdc-871c-01f2eb234c84\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"3\",\r\n \"source IPs\": \"179.110.96.144,95.85.11.140,185.219.135.195\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T00:00:16.354891Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507331999999999_99ba6c6b-501a-41df-a80a-d3c5fddff4e1\",\r\n \"name\": \"2518507331999999999_99ba6c6b-501a-41df-a80a-d3c5fddff4e1\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-02T23:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"99ba6c6b-501a-41df-a80a-d3c5fddff4e1\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"185.219.135.195\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T00:00:15.8819814Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507403999999999_7f0e0ee0-50f0-4f6d-87f6-3a386629e3ee\",\r\n \"name\": \"2518507403999999999_7f0e0ee0-50f0-4f6d-87f6-3a386629e3ee\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-02T21:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"7f0e0ee0-50f0-4f6d-87f6-3a386629e3ee\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"1.245.46.34,200.207.141.250\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-02T22:00:38.1461713Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507403999999999_b8d1e867-333f-4776-bfb1-23dc9d0f3883\",\r\n \"name\": \"2518507403999999999_b8d1e867-333f-4776-bfb1-23dc9d0f3883\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-02T21:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"b8d1e867-333f-4776-bfb1-23dc9d0f3883\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"42.51.32.9,200.207.141.250\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-02T22:00:38.6594318Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507439999999999_1b54ab81-5ca3-4ea0-a706-38112361afaa\",\r\n \"name\": \"2518507439999999999_1b54ab81-5ca3-4ea0-a706-38112361afaa\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-02T20:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with security scanner Matched Data: nmap scripting engine found within REQUEST_HEADERS:User-Agent: Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"bc09060f-3280-4734-a595-310679b63b8f.cloudapp.net\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"1b54ab81-5ca3-4ea0-a706-38112361afaa\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"16\",\r\n \"source IPs\": \"52.183.32.182\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-02T21:00:26.0576367Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507439999999999_3e947bdc-233d-4de1-8031-2038a4d74620\",\r\n \"name\": \"2518507439999999999_3e947bdc-233d-4de1-8031-2038a4d74620\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-02T20:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with security scanner Matched Data: nmap scripting engine found within REQUEST_HEADERS:User-Agent: Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"bc09060f-3280-4734-a595-310679b63b8f.cloudapp.net\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"3e947bdc-233d-4de1-8031-2038a4d74620\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"17\",\r\n \"source IPs\": \"52.183.32.182\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-02T21:00:26.0576367Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n }\r\n ],\r\n \"nextLink\": \"https://management.azure.com/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/providers/Microsoft.Security/alerts?api-version=2019-01-01&%24skiptoken=TY%2fLbqMwAEX%2fhcXsCDYBEkeqRmpqmKQFUmMbys482jjhNdhpIFX%2ffTLSLEa6u3N1ru6X0dWTfpHdWRmbLyPFCcWMxAdsbIyj1oPaWFYrOvFRt3WnF%2bJ2GetF2bcbx1la6lKocpSDln2nLGe9Kgpn7ZqFWwDTWcHaRCWoTAhWcOVB%2b33tIWsY%2b09Z1aOyQlmOverf9SKpy8so9WyJph61%2bikGaX7eK3frgw0gMgG854c6y4H257p7qOd9nGdHwAJ%2froIGiBRdEpu7u1MvwwSDeOvHJChvaQr3IUaYZyQXTT5QFl5D7HqknUIeTL8pq0iFIXulUcSDcKacPBcM4ZQy%2bbL9t9Gi5X%2fuZST9SDTcoYDwCrgey4YDDxSkkIwRQ0zc%2bIGfPmaaDWfxl9N9%2fHrze9pUzwJPjLUwFo0PUk6U4MNT%2bPQYccxA2pB9yNAv1uqI%2b0zv5FXSljuVT45v7dTQ1td5svOKjqtie5X8%2fj23OaABOr1lZChsR8anR2R8f%2f8B\"\r\n}",
+ "ResponseBody": "{\r\n \"value\": [\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Security/locations/westeurope/alerts/2518136982923187680_ef6aa4e6-9c60-4405-8f08-f465e8e50cd2\",\r\n \"name\": \"2518136982923187680_ef6aa4e6-9c60-4405-8f08-f465e8e50cd2\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft\",\r\n \"alertDisplayName\": \"Azure Security Center test alert (not a threat)\",\r\n \"alertName\": \"VM_EICAR\",\r\n \"detectedTimeUtc\": \"2020-05-04T14:28:27.6812319Z\",\r\n \"description\": \"This is a test alert generated by Azure Security Center. No further action is needed.\",\r\n \"remediationSteps\": \"No further action is needed.\",\r\n \"actionTaken\": \"Undefined\",\r\n \"reportedSeverity\": \"High\",\r\n \"compromisedEntity\": \"ALERTSTEST\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"ef6aa4e6-9c60-4405-8f08-f465e8e50cd2\",\r\n \"extendedProperties\": {\r\n \"compromised Host\": \"ALERTSTEST\",\r\n \"user Name\": \"WORKGROUP\\\\alertsTest$\",\r\n \"account Session Id\": \"0x3e7\",\r\n \"suspicious Process\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe\",\r\n \"suspicious Command Line\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"parent Process\": \"c:\\\\windows\\\\system32\\\\svchost.exe\",\r\n \"suspicious Process Id\": \"0x688\",\r\n \"arguments Auditing Enabled\": \"true\",\r\n \"enrichment_tas_threat__reports\": \"{\\\"Kind\\\":\\\"MultiLink\\\",\\\"DisplayValueToUrlDictionary\\\":{\\\"Report: EICAR File\\\":\\\"https://interflowwebportalext.trafficmanager.net/reports/DisplayReport?callerIdentity=ddd5443d-e6f4-441c-b52b-5278d2f21dfa&reportCreateDateTime=2020-05-04T09%3a13%3a05&reportName=MSTI-TS-EICAR-File.pdf&tenantId=387eb67f-0039-43ad-81b9-b66c6c0b1951&urlCreateDateTime=2020-05-04T09%3a13%3a05&token=aRLLv1q8UI%20eVn54OVy%20WbqcH7H9dSGDUOuWywymCrQ=\\\"}}\",\r\n \"resourceType\": \"Virtual Machine\"\r\n },\r\n \"state\": \"Dismissed\",\r\n \"reportedTimeUtc\": \"2020-05-04T14:29:05.5983077Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/mainws/providers/microsoft.operationalinsights/workspaces/securityuserws\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": [\r\n {\r\n \"$id\": \"westeurope_1\",\r\n \"dnsDomain\": \"\",\r\n \"ntDomain\": \"\",\r\n \"hostName\": \"ALERTSTEST\",\r\n \"netBiosName\": \"ALERTSTEST\",\r\n \"azureID\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"omsAgentID\": \"6bc4f1df-17e1-40f0-8227-f1635aea54dd\",\r\n \"osFamily\": \"Windows\",\r\n \"osVersion\": \"Windows\",\r\n \"isDomainJoined\": false,\r\n \"type\": \"host\"\r\n },\r\n {\r\n \"$id\": \"westeurope_2\",\r\n \"directory\": \"c:\\\\windows\\\\system32\",\r\n \"name\": \"svchost.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_3\",\r\n \"processId\": \"0x6ec\",\r\n \"commandLine\": \"\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_2\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_1\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_4\",\r\n \"name\": \"alertsTest$\",\r\n \"ntDomain\": \"WORKGROUP\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_1\"\r\n },\r\n \"sid\": \"S-1-5-18\",\r\n \"isDomainJoined\": true,\r\n \"type\": \"account\",\r\n \"LogonId\": \"0x3e7\"\r\n },\r\n {\r\n \"$id\": \"westeurope_5\",\r\n \"directory\": \"c:\\\\scripts\",\r\n \"name\": \"asc_alerttest_662jfi039n.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_6\",\r\n \"processId\": \"0x688\",\r\n \"commandLine\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"elevationToken\": \"Default\",\r\n \"creationTimeUtc\": \"2020-05-04T14:28:27.6812319Z\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_5\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_4\"\r\n },\r\n \"parentProcess\": {\r\n \"$ref\": \"westeurope_3\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_1\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_7\",\r\n \"sessionId\": \"0x3e7\",\r\n \"startTimeUtc\": \"2020-05-04T14:28:27.6812319Z\",\r\n \"endTimeUtc\": \"2020-05-04T14:28:27.6812319Z\",\r\n \"type\": \"host-logon-session\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_1\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_4\"\r\n }\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Security/locations/westeurope/alerts/2518137000923212703_d25bac04-7492-4ece-9d75-7a377d74d833\",\r\n \"name\": \"2518137000923212703_d25bac04-7492-4ece-9d75-7a377d74d833\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft\",\r\n \"alertDisplayName\": \"Azure Security Center test alert (not a threat)\",\r\n \"alertName\": \"VM_EICAR\",\r\n \"detectedTimeUtc\": \"2020-05-04T13:58:27.6787296Z\",\r\n \"description\": \"This is a test alert generated by Azure Security Center. No further action is needed.\",\r\n \"remediationSteps\": \"No further action is needed.\",\r\n \"actionTaken\": \"Undefined\",\r\n \"reportedSeverity\": \"High\",\r\n \"compromisedEntity\": \"ALERTSTEST\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"d25bac04-7492-4ece-9d75-7a377d74d833\",\r\n \"extendedProperties\": {\r\n \"compromised Host\": \"ALERTSTEST\",\r\n \"user Name\": \"WORKGROUP\\\\alertsTest$\",\r\n \"account Session Id\": \"0x3e7\",\r\n \"suspicious Process\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe\",\r\n \"suspicious Command Line\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"parent Process\": \"c:\\\\windows\\\\system32\\\\svchost.exe\",\r\n \"suspicious Process Id\": \"0x1c7c\",\r\n \"arguments Auditing Enabled\": \"true\",\r\n \"enrichment_tas_threat__reports\": \"{\\\"Kind\\\":\\\"MultiLink\\\",\\\"DisplayValueToUrlDictionary\\\":{\\\"Report: EICAR File\\\":\\\"https://interflowwebportalext.trafficmanager.net/reports/DisplayReport?callerIdentity=ddd5443d-e6f4-441c-b52b-5278d2f21dfa&reportCreateDateTime=2020-05-04T09%3a13%3a05&reportName=MSTI-TS-EICAR-File.pdf&tenantId=387eb67f-0039-43ad-81b9-b66c6c0b1951&urlCreateDateTime=2020-05-04T09%3a13%3a05&token=aRLLv1q8UI%20eVn54OVy%20WbqcH7H9dSGDUOuWywymCrQ=\\\"}}\",\r\n \"resourceType\": \"Virtual Machine\"\r\n },\r\n \"state\": \"Dismissed\",\r\n \"reportedTimeUtc\": \"2020-05-04T13:58:34.2198556Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/mainws/providers/microsoft.operationalinsights/workspaces/securityuserws\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": [\r\n {\r\n \"$id\": \"westeurope_8\",\r\n \"dnsDomain\": \"\",\r\n \"ntDomain\": \"\",\r\n \"hostName\": \"ALERTSTEST\",\r\n \"netBiosName\": \"ALERTSTEST\",\r\n \"azureID\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"omsAgentID\": \"6bc4f1df-17e1-40f0-8227-f1635aea54dd\",\r\n \"osFamily\": \"Windows\",\r\n \"osVersion\": \"Windows\",\r\n \"isDomainJoined\": false,\r\n \"type\": \"host\"\r\n },\r\n {\r\n \"$id\": \"westeurope_9\",\r\n \"directory\": \"c:\\\\windows\\\\system32\",\r\n \"name\": \"svchost.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_10\",\r\n \"processId\": \"0x6ec\",\r\n \"commandLine\": \"\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_9\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_8\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_11\",\r\n \"name\": \"alertsTest$\",\r\n \"ntDomain\": \"WORKGROUP\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_8\"\r\n },\r\n \"sid\": \"S-1-5-18\",\r\n \"isDomainJoined\": true,\r\n \"type\": \"account\",\r\n \"LogonId\": \"0x3e7\"\r\n },\r\n {\r\n \"$id\": \"westeurope_12\",\r\n \"directory\": \"c:\\\\scripts\",\r\n \"name\": \"asc_alerttest_662jfi039n.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_13\",\r\n \"processId\": \"0x1c7c\",\r\n \"commandLine\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"elevationToken\": \"Default\",\r\n \"creationTimeUtc\": \"2020-05-04T13:58:27.6787296Z\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_12\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_11\"\r\n },\r\n \"parentProcess\": {\r\n \"$ref\": \"westeurope_10\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_8\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_14\",\r\n \"sessionId\": \"0x3e7\",\r\n \"startTimeUtc\": \"2020-05-04T13:58:27.6787296Z\",\r\n \"endTimeUtc\": \"2020-05-04T13:58:27.6787296Z\",\r\n \"type\": \"host-logon-session\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_8\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_11\"\r\n }\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Security/locations/westeurope/alerts/2518137018913138372_93d99441-2eff-436e-ab25-0307b3484bb4\",\r\n \"name\": \"2518137018913138372_93d99441-2eff-436e-ab25-0307b3484bb4\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft\",\r\n \"alertDisplayName\": \"Azure Security Center test alert (not a threat)\",\r\n \"alertName\": \"VM_EICAR\",\r\n \"detectedTimeUtc\": \"2020-05-04T13:28:28.6861627Z\",\r\n \"description\": \"This is a test alert generated by Azure Security Center. No further action is needed.\",\r\n \"remediationSteps\": \"No further action is needed.\",\r\n \"actionTaken\": \"Undefined\",\r\n \"reportedSeverity\": \"High\",\r\n \"compromisedEntity\": \"ALERTSTEST\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"93d99441-2eff-436e-ab25-0307b3484bb4\",\r\n \"extendedProperties\": {\r\n \"compromised Host\": \"ALERTSTEST\",\r\n \"user Name\": \"WORKGROUP\\\\alertsTest$\",\r\n \"account Session Id\": \"0x3e7\",\r\n \"suspicious Process\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe\",\r\n \"suspicious Command Line\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"parent Process\": \"c:\\\\windows\\\\system32\\\\svchost.exe\",\r\n \"suspicious Process Id\": \"0x122c\",\r\n \"arguments Auditing Enabled\": \"true\",\r\n \"enrichment_tas_threat__reports\": \"{\\\"Kind\\\":\\\"MultiLink\\\",\\\"DisplayValueToUrlDictionary\\\":{\\\"Report: EICAR File\\\":\\\"https://interflowwebportalext.trafficmanager.net/reports/DisplayReport?callerIdentity=ddd5443d-e6f4-441c-b52b-5278d2f21dfa&reportCreateDateTime=2020-05-04T08%3a32%3a57&reportName=MSTI-TS-EICAR-File.pdf&tenantId=1c68e967-70a6-4cda-a34b-6d281cffe06e&urlCreateDateTime=2020-05-04T08%3a32%3a57&token=s7wyF62JLdEde8/SccnrGqIJxUOajFUpTETdhi3lCyY=\\\"}}\",\r\n \"resourceType\": \"Virtual Machine\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2020-05-04T13:28:59.9528247Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/mainws/providers/microsoft.operationalinsights/workspaces/securityuserws\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": [\r\n {\r\n \"$id\": \"westeurope_15\",\r\n \"dnsDomain\": \"\",\r\n \"ntDomain\": \"\",\r\n \"hostName\": \"ALERTSTEST\",\r\n \"netBiosName\": \"ALERTSTEST\",\r\n \"azureID\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"omsAgentID\": \"6bc4f1df-17e1-40f0-8227-f1635aea54dd\",\r\n \"osFamily\": \"Windows\",\r\n \"osVersion\": \"Windows\",\r\n \"isDomainJoined\": false,\r\n \"type\": \"host\"\r\n },\r\n {\r\n \"$id\": \"westeurope_16\",\r\n \"directory\": \"c:\\\\windows\\\\system32\",\r\n \"name\": \"svchost.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_17\",\r\n \"processId\": \"0x6ec\",\r\n \"commandLine\": \"\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_16\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_15\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_18\",\r\n \"name\": \"alertsTest$\",\r\n \"ntDomain\": \"WORKGROUP\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_15\"\r\n },\r\n \"sid\": \"S-1-5-18\",\r\n \"isDomainJoined\": true,\r\n \"type\": \"account\",\r\n \"LogonId\": \"0x3e7\"\r\n },\r\n {\r\n \"$id\": \"westeurope_19\",\r\n \"directory\": \"c:\\\\scripts\",\r\n \"name\": \"asc_alerttest_662jfi039n.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_20\",\r\n \"processId\": \"0x122c\",\r\n \"commandLine\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"elevationToken\": \"Default\",\r\n \"creationTimeUtc\": \"2020-05-04T13:28:28.6861627Z\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_19\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_18\"\r\n },\r\n \"parentProcess\": {\r\n \"$ref\": \"westeurope_17\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_15\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_21\",\r\n \"sessionId\": \"0x3e7\",\r\n \"startTimeUtc\": \"2020-05-04T13:28:28.6861627Z\",\r\n \"endTimeUtc\": \"2020-05-04T13:28:28.6861627Z\",\r\n \"type\": \"host-logon-session\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_15\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_18\"\r\n }\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Security/locations/westeurope/alerts/2518137035665338254_a345cb85-18aa-4d14-9293-e4d2ba15cb9d\",\r\n \"name\": \"2518137035665338254_a345cb85-18aa-4d14-9293-e4d2ba15cb9d\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft\",\r\n \"alertDisplayName\": \"Azure Security Center test alert (not a threat)\",\r\n \"alertName\": \"VM_EICAR\",\r\n \"detectedTimeUtc\": \"2020-05-04T13:00:33.4661745Z\",\r\n \"description\": \"This is a test alert generated by Azure Security Center. No further action is needed.\",\r\n \"remediationSteps\": \"No further action is needed.\",\r\n \"actionTaken\": \"Undefined\",\r\n \"reportedSeverity\": \"High\",\r\n \"compromisedEntity\": \"ALERTSTEST\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"a345cb85-18aa-4d14-9293-e4d2ba15cb9d\",\r\n \"extendedProperties\": {\r\n \"compromised Host\": \"ALERTSTEST\",\r\n \"user Name\": \"WORKGROUP\\\\alertsTest$\",\r\n \"account Session Id\": \"0x3e7\",\r\n \"suspicious Process\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe\",\r\n \"suspicious Command Line\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"parent Process\": \"c:\\\\windows\\\\system32\\\\svchost.exe\",\r\n \"suspicious Process Id\": \"0xe38\",\r\n \"arguments Auditing Enabled\": \"true\",\r\n \"enrichment_tas_threat__reports\": \"{\\\"Kind\\\":\\\"MultiLink\\\",\\\"DisplayValueToUrlDictionary\\\":{\\\"Report: EICAR File\\\":\\\"https://interflowwebportalext.trafficmanager.net/reports/DisplayReport?callerIdentity=ddd5443d-e6f4-441c-b52b-5278d2f21dfa&reportCreateDateTime=2020-05-04T09%3a13%3a05&reportName=MSTI-TS-EICAR-File.pdf&tenantId=387eb67f-0039-43ad-81b9-b66c6c0b1951&urlCreateDateTime=2020-05-04T09%3a13%3a05&token=aRLLv1q8UI%20eVn54OVy%20WbqcH7H9dSGDUOuWywymCrQ=\\\"}}\",\r\n \"resourceType\": \"Virtual Machine\"\r\n },\r\n \"state\": \"Dismissed\",\r\n \"reportedTimeUtc\": \"2020-05-04T13:00:37.889087Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/mainws/providers/microsoft.operationalinsights/workspaces/securityuserws\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": [\r\n {\r\n \"$id\": \"westeurope_22\",\r\n \"dnsDomain\": \"\",\r\n \"ntDomain\": \"\",\r\n \"hostName\": \"ALERTSTEST\",\r\n \"netBiosName\": \"ALERTSTEST\",\r\n \"azureID\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"omsAgentID\": \"6bc4f1df-17e1-40f0-8227-f1635aea54dd\",\r\n \"osFamily\": \"Windows\",\r\n \"osVersion\": \"Windows\",\r\n \"isDomainJoined\": false,\r\n \"type\": \"host\"\r\n },\r\n {\r\n \"$id\": \"westeurope_23\",\r\n \"directory\": \"c:\\\\windows\\\\system32\",\r\n \"name\": \"svchost.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_24\",\r\n \"processId\": \"0x6ec\",\r\n \"commandLine\": \"\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_23\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_22\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_25\",\r\n \"name\": \"alertsTest$\",\r\n \"ntDomain\": \"WORKGROUP\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_22\"\r\n },\r\n \"sid\": \"S-1-5-18\",\r\n \"isDomainJoined\": true,\r\n \"type\": \"account\",\r\n \"LogonId\": \"0x3e7\"\r\n },\r\n {\r\n \"$id\": \"westeurope_26\",\r\n \"directory\": \"c:\\\\scripts\",\r\n \"name\": \"asc_alerttest_662jfi039n.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_27\",\r\n \"processId\": \"0xe38\",\r\n \"commandLine\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"elevationToken\": \"Default\",\r\n \"creationTimeUtc\": \"2020-05-04T13:00:33.4661745Z\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_26\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_25\"\r\n },\r\n \"parentProcess\": {\r\n \"$ref\": \"westeurope_24\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_22\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_28\",\r\n \"sessionId\": \"0x3e7\",\r\n \"startTimeUtc\": \"2020-05-04T13:00:33.4661745Z\",\r\n \"endTimeUtc\": \"2020-05-04T13:00:33.4661745Z\",\r\n \"type\": \"host-logon-session\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_22\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_25\"\r\n }\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Security/locations/westeurope/alerts/2518137036458453383_d763b77f-129c-4e95-af39-5c4b4c411b5b\",\r\n \"name\": \"2518137036458453383_d763b77f-129c-4e95-af39-5c4b4c411b5b\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft\",\r\n \"alertDisplayName\": \"Azure Security Center test alert (not a threat)\",\r\n \"alertName\": \"VM_EICAR\",\r\n \"detectedTimeUtc\": \"2020-05-04T12:59:14.1546616Z\",\r\n \"description\": \"This is a test alert generated by Azure Security Center. No further action is needed.\",\r\n \"remediationSteps\": \"No further action is needed.\",\r\n \"actionTaken\": \"Undefined\",\r\n \"reportedSeverity\": \"High\",\r\n \"compromisedEntity\": \"ALERTSTEST\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"d763b77f-129c-4e95-af39-5c4b4c411b5b\",\r\n \"extendedProperties\": {\r\n \"compromised Host\": \"ALERTSTEST\",\r\n \"user Name\": \"WORKGROUP\\\\alertsTest$\",\r\n \"account Session Id\": \"0x3e7\",\r\n \"suspicious Process\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe\",\r\n \"suspicious Command Line\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"parent Process\": \"c:\\\\windows\\\\system32\\\\svchost.exe\",\r\n \"suspicious Process Id\": \"0xe7c\",\r\n \"arguments Auditing Enabled\": \"true\",\r\n \"enrichment_tas_threat__reports\": \"{\\\"Kind\\\":\\\"MultiLink\\\",\\\"DisplayValueToUrlDictionary\\\":{\\\"Report: EICAR File\\\":\\\"https://interflowwebportalext.trafficmanager.net/reports/DisplayReport?callerIdentity=ddd5443d-e6f4-441c-b52b-5278d2f21dfa&reportCreateDateTime=2020-05-04T08%3a32%3a57&reportName=MSTI-TS-EICAR-File.pdf&tenantId=1c68e967-70a6-4cda-a34b-6d281cffe06e&urlCreateDateTime=2020-05-04T08%3a32%3a57&token=s7wyF62JLdEde8/SccnrGqIJxUOajFUpTETdhi3lCyY=\\\"}}\",\r\n \"resourceType\": \"Virtual Machine\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2020-05-04T12:59:35.6273663Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/mainws/providers/microsoft.operationalinsights/workspaces/securityuserws\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": [\r\n {\r\n \"$id\": \"westeurope_29\",\r\n \"dnsDomain\": \"\",\r\n \"ntDomain\": \"\",\r\n \"hostName\": \"ALERTSTEST\",\r\n \"netBiosName\": \"ALERTSTEST\",\r\n \"azureID\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"omsAgentID\": \"6bc4f1df-17e1-40f0-8227-f1635aea54dd\",\r\n \"osFamily\": \"Windows\",\r\n \"osVersion\": \"Windows\",\r\n \"isDomainJoined\": false,\r\n \"type\": \"host\"\r\n },\r\n {\r\n \"$id\": \"westeurope_30\",\r\n \"directory\": \"c:\\\\windows\\\\system32\",\r\n \"name\": \"svchost.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_31\",\r\n \"processId\": \"0x6ec\",\r\n \"commandLine\": \"\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_30\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_29\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_32\",\r\n \"name\": \"alertsTest$\",\r\n \"ntDomain\": \"WORKGROUP\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_29\"\r\n },\r\n \"sid\": \"S-1-5-18\",\r\n \"isDomainJoined\": true,\r\n \"type\": \"account\",\r\n \"LogonId\": \"0x3e7\"\r\n },\r\n {\r\n \"$id\": \"westeurope_33\",\r\n \"directory\": \"c:\\\\scripts\",\r\n \"name\": \"asc_alerttest_662jfi039n.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_34\",\r\n \"processId\": \"0xe7c\",\r\n \"commandLine\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"elevationToken\": \"Default\",\r\n \"creationTimeUtc\": \"2020-05-04T12:59:14.1546616Z\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_33\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_32\"\r\n },\r\n \"parentProcess\": {\r\n \"$ref\": \"westeurope_31\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_29\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_35\",\r\n \"sessionId\": \"0x3e7\",\r\n \"startTimeUtc\": \"2020-05-04T12:59:14.1546616Z\",\r\n \"endTimeUtc\": \"2020-05-04T12:59:14.1546616Z\",\r\n \"type\": \"host-logon-session\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_29\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_32\"\r\n }\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Security/locations/westeurope/alerts/2518137036914144805_a3d0999b-cdfc-41d9-9d28-ee1335f03081\",\r\n \"name\": \"2518137036914144805_a3d0999b-cdfc-41d9-9d28-ee1335f03081\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft\",\r\n \"alertDisplayName\": \"Azure Security Center test alert (not a threat)\",\r\n \"alertName\": \"VM_EICAR\",\r\n \"detectedTimeUtc\": \"2020-05-04T12:58:28.5855194Z\",\r\n \"description\": \"This is a test alert generated by Azure Security Center. No further action is needed.\",\r\n \"remediationSteps\": \"No further action is needed.\",\r\n \"actionTaken\": \"Undefined\",\r\n \"reportedSeverity\": \"High\",\r\n \"compromisedEntity\": \"ALERTSTEST\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"a3d0999b-cdfc-41d9-9d28-ee1335f03081\",\r\n \"extendedProperties\": {\r\n \"compromised Host\": \"ALERTSTEST\",\r\n \"user Name\": \"WORKGROUP\\\\alertsTest$\",\r\n \"account Session Id\": \"0x3e7\",\r\n \"suspicious Process\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe\",\r\n \"suspicious Command Line\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"parent Process\": \"c:\\\\windows\\\\system32\\\\svchost.exe\",\r\n \"suspicious Process Id\": \"0xfac\",\r\n \"arguments Auditing Enabled\": \"true\",\r\n \"enrichment_tas_threat__reports\": \"{\\\"Kind\\\":\\\"MultiLink\\\",\\\"DisplayValueToUrlDictionary\\\":{\\\"Report: EICAR File\\\":\\\"https://interflowwebportalext.trafficmanager.net/reports/DisplayReport?callerIdentity=ddd5443d-e6f4-441c-b52b-5278d2f21dfa&reportCreateDateTime=2020-05-04T09%3a23%3a00&reportName=MSTI-TS-EICAR-File.pdf&tenantId=b11492db-77a6-4ec0-9ff7-17b6ba420e1e&urlCreateDateTime=2020-05-04T09%3a23%3a00&token=XhSuWhrbEKAk2sXS1TcK0SVTLOehFDirzLCUSUoWPL4=\\\"}}\",\r\n \"resourceType\": \"Virtual Machine\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2020-05-04T12:58:46.4927078Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/mainws/providers/microsoft.operationalinsights/workspaces/securityuserws\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": [\r\n {\r\n \"$id\": \"westeurope_36\",\r\n \"dnsDomain\": \"\",\r\n \"ntDomain\": \"\",\r\n \"hostName\": \"ALERTSTEST\",\r\n \"netBiosName\": \"ALERTSTEST\",\r\n \"azureID\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"omsAgentID\": \"6bc4f1df-17e1-40f0-8227-f1635aea54dd\",\r\n \"osFamily\": \"Windows\",\r\n \"osVersion\": \"Windows\",\r\n \"isDomainJoined\": false,\r\n \"type\": \"host\"\r\n },\r\n {\r\n \"$id\": \"westeurope_37\",\r\n \"directory\": \"c:\\\\windows\\\\system32\",\r\n \"name\": \"svchost.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_38\",\r\n \"processId\": \"0x6ec\",\r\n \"commandLine\": \"\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_37\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_36\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_39\",\r\n \"name\": \"alertsTest$\",\r\n \"ntDomain\": \"WORKGROUP\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_36\"\r\n },\r\n \"sid\": \"S-1-5-18\",\r\n \"isDomainJoined\": true,\r\n \"type\": \"account\",\r\n \"LogonId\": \"0x3e7\"\r\n },\r\n {\r\n \"$id\": \"westeurope_40\",\r\n \"directory\": \"c:\\\\scripts\",\r\n \"name\": \"asc_alerttest_662jfi039n.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_41\",\r\n \"processId\": \"0xfac\",\r\n \"commandLine\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"elevationToken\": \"Default\",\r\n \"creationTimeUtc\": \"2020-05-04T12:58:28.5855194Z\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_40\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_39\"\r\n },\r\n \"parentProcess\": {\r\n \"$ref\": \"westeurope_38\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_36\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_42\",\r\n \"sessionId\": \"0x3e7\",\r\n \"startTimeUtc\": \"2020-05-04T12:58:28.5855194Z\",\r\n \"endTimeUtc\": \"2020-05-04T12:58:28.5855194Z\",\r\n \"type\": \"host-logon-session\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_36\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_39\"\r\n }\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Security/locations/westeurope/alerts/2518137037321194617_adafe5f0-ade9-47b4-86f3-3155038827f6\",\r\n \"name\": \"2518137037321194617_adafe5f0-ade9-47b4-86f3-3155038827f6\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft\",\r\n \"alertDisplayName\": \"Azure Security Center test alert (not a threat)\",\r\n \"alertName\": \"VM_EICAR\",\r\n \"detectedTimeUtc\": \"2020-05-04T12:57:47.8805382Z\",\r\n \"description\": \"This is a test alert generated by Azure Security Center. No further action is needed.\",\r\n \"remediationSteps\": \"No further action is needed.\",\r\n \"actionTaken\": \"Undefined\",\r\n \"reportedSeverity\": \"High\",\r\n \"compromisedEntity\": \"ALERTSTEST\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"adafe5f0-ade9-47b4-86f3-3155038827f6\",\r\n \"extendedProperties\": {\r\n \"compromised Host\": \"ALERTSTEST\",\r\n \"user Name\": \"WORKGROUP\\\\alertsTest$\",\r\n \"account Session Id\": \"0x3e7\",\r\n \"suspicious Process\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe\",\r\n \"suspicious Command Line\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"parent Process\": \"c:\\\\windows\\\\system32\\\\svchost.exe\",\r\n \"suspicious Process Id\": \"0x1d50\",\r\n \"arguments Auditing Enabled\": \"true\",\r\n \"enrichment_tas_threat__reports\": \"{\\\"Kind\\\":\\\"MultiLink\\\",\\\"DisplayValueToUrlDictionary\\\":{\\\"Report: EICAR File\\\":\\\"https://interflowwebportalext.trafficmanager.net/reports/DisplayReport?callerIdentity=ddd5443d-e6f4-441c-b52b-5278d2f21dfa&reportCreateDateTime=2020-05-04T08%3a32%3a57&reportName=MSTI-TS-EICAR-File.pdf&tenantId=1c68e967-70a6-4cda-a34b-6d281cffe06e&urlCreateDateTime=2020-05-04T08%3a32%3a57&token=s7wyF62JLdEde8/SccnrGqIJxUOajFUpTETdhi3lCyY=\\\"}}\",\r\n \"resourceType\": \"Virtual Machine\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2020-05-04T12:57:53.7990186Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/mainws/providers/microsoft.operationalinsights/workspaces/securityuserws\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": [\r\n {\r\n \"$id\": \"westeurope_43\",\r\n \"dnsDomain\": \"\",\r\n \"ntDomain\": \"\",\r\n \"hostName\": \"ALERTSTEST\",\r\n \"netBiosName\": \"ALERTSTEST\",\r\n \"azureID\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"omsAgentID\": \"6bc4f1df-17e1-40f0-8227-f1635aea54dd\",\r\n \"osFamily\": \"Windows\",\r\n \"osVersion\": \"Windows\",\r\n \"isDomainJoined\": false,\r\n \"type\": \"host\"\r\n },\r\n {\r\n \"$id\": \"westeurope_44\",\r\n \"directory\": \"c:\\\\windows\\\\system32\",\r\n \"name\": \"svchost.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_45\",\r\n \"processId\": \"0x6ec\",\r\n \"commandLine\": \"\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_44\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_43\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_46\",\r\n \"name\": \"alertsTest$\",\r\n \"ntDomain\": \"WORKGROUP\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_43\"\r\n },\r\n \"sid\": \"S-1-5-18\",\r\n \"isDomainJoined\": true,\r\n \"type\": \"account\",\r\n \"LogonId\": \"0x3e7\"\r\n },\r\n {\r\n \"$id\": \"westeurope_47\",\r\n \"directory\": \"c:\\\\scripts\",\r\n \"name\": \"asc_alerttest_662jfi039n.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_48\",\r\n \"processId\": \"0x1d50\",\r\n \"commandLine\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"elevationToken\": \"Default\",\r\n \"creationTimeUtc\": \"2020-05-04T12:57:47.8805382Z\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_47\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_46\"\r\n },\r\n \"parentProcess\": {\r\n \"$ref\": \"westeurope_45\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_43\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_49\",\r\n \"sessionId\": \"0x3e7\",\r\n \"startTimeUtc\": \"2020-05-04T12:57:47.8805382Z\",\r\n \"endTimeUtc\": \"2020-05-04T12:57:47.8805382Z\",\r\n \"type\": \"host-logon-session\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_43\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_46\"\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n}",
"StatusCode": 200
},
{
- "RequestUri": "/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/providers/Microsoft.Security/locations/centralus/alerts/2518532788749999999_66276b36-db2a-4b2c-84ad-9676fe753a02?api-version=2019-01-01",
- "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvNDg3YmI0ODUtYjViMC00NzFlLTljMGQtMTA3MTc2MTJmODY5L3Byb3ZpZGVycy9NaWNyb3NvZnQuU2VjdXJpdHkvbG9jYXRpb25zL2NlbnRyYWx1cy9hbGVydHMvMjUxODUzMjc4ODc0OTk5OTk5OV82NjI3NmIzNi1kYjJhLTRiMmMtODRhZC05Njc2ZmU3NTNhMDI/YXBpLXZlcnNpb249MjAxOS0wMS0wMQ==",
+ "RequestUri": "/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/providers/Microsoft.Security/locations/westeurope/alerts/2518136982923187680_ef6aa4e6-9c60-4405-8f08-f465e8e50cd2?api-version=2019-01-01",
+ "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvNDg3YmI0ODUtYjViMC00NzFlLTljMGQtMTA3MTc2MTJmODY5L3Byb3ZpZGVycy9NaWNyb3NvZnQuU2VjdXJpdHkvbG9jYXRpb25zL3dlc3RldXJvcGUvYWxlcnRzLzI1MTgxMzY5ODI5MjMxODc2ODBfZWY2YWE0ZTYtOWM2MC00NDA1LThmMDgtZjQ2NWU4ZTUwY2QyP2FwaS12ZXJzaW9uPTIwMTktMDEtMDE=",
"RequestMethod": "GET",
"RequestBody": "",
"RequestHeaders": {
"x-ms-client-request-id": [
- "d1949949-34a6-45cf-bb18-019b22f78ac4"
+ "cf97c5ab-6028-4a02-bb30-7142f3eaecd7"
],
"accept-language": [
"en-US"
@@ -79,8 +79,8 @@
"User-Agent": [
"FxVersion/4.6.26614.01",
"OSName/Windows",
- "OSVersion/Microsoft.Windows.10.0.17763.",
- "Microsoft.Azure.Management.Security.SecurityCenterClient/0.11.0.0"
+ "OSVersion/Microsoft.Windows.10.0.18363.",
+ "Microsoft.Azure.Management.Security.SecurityCenterClient/1.1.3.0"
]
},
"ResponseHeaders": {
@@ -88,7 +88,7 @@
"no-cache"
],
"Date": [
- "Mon, 04 Mar 2019 16:01:58 GMT"
+ "Mon, 04 May 2020 14:42:59 GMT"
],
"Pragma": [
"no-cache"
@@ -100,22 +100,22 @@
"max-age=31536000; includeSubDomains"
],
"x-ms-request-id": [
- "4fca73db-5e01-4b14-b799-c2182c53c4ea"
+ "cb9a446d-4134-4077-85fb-1cdea2d40f64"
],
"x-ms-ratelimit-remaining-subscription-resource-requests": [
"749"
],
"x-ms-correlation-request-id": [
- "7612a6da-f89e-4352-8238-a58107d3aac5"
+ "13de30f1-2961-452a-bd96-64bf059a5fb7"
],
"x-ms-routing-request-id": [
- "UKWEST:20190304T160158Z:7612a6da-f89e-4352-8238-a58107d3aac5"
+ "GERMANYWESTCENTRAL:20200504T144300Z:13de30f1-2961-452a-bd96-64bf059a5fb7"
],
"X-Content-Type-Options": [
"nosniff"
],
"Content-Length": [
- "1864"
+ "3651"
],
"Content-Type": [
"application/json; charset=utf-8"
@@ -124,12 +124,10 @@
"-1"
]
},
- "ResponseBody": "{\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/providers/Microsoft.Security/locations/centralus/alerts/2518532788749999999_66276b36-db2a-4b2c-84ad-9676fe753a02\",\r\n \"name\": \"2518532788749999999_66276b36-db2a-4b2c-84ad-9676fe753a02\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft\",\r\n \"alertDisplayName\": \"Web fingerprinting detected\",\r\n \"alertName\": \"APPS_Nmap\",\r\n \"detectedTimeUtc\": \"2019-03-03T17:40:43Z\",\r\n \"description\": \"Azure App Service activity log indicates a possible web fingerprinting activity on your App Service resource.The suspicious activity detected is associated with NMAP. Attackers often use this tool for probing the web application to find vulnerabilities.\",\r\n \"remediationSteps\": \"If only specific IP addresses should be allowed to access the web app, set IP restrictions (https://docs.microsoft.com/azure/app-service/app-service-ip-restrictions) for it.\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"High\",\r\n \"compromisedEntity\": \"sitename\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/providers/Microsoft.Web/sites/sitename\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"b3d77198-6f95-40ed-9675-10001c2e93cd\",\r\n \"extendedProperties\": {\r\n \"last Event Time\": \"2/11/2019 5:40:46 PM\",\r\n \"sample URIs\": \"/sdk, /, /.git/HEAD, /favicon.ico, /evox/about, /robots.txt, /nmaplowercheck1549906843, /HNAP1\",\r\n \"sample User Agents\": \"Mozilla/5.0+(compatible;+Nmap+Scripting+Engine;+https://nmap.org/book/nse.html)\",\r\n \"sample Referer\": \"-\",\r\n \"resourceType\": \"App Service\"\r\n },\r\n \"state\": \"Dismissed\",\r\n \"reportedTimeUtc\": \"2019-03-03T20:41:03.846Z\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": [\r\n {\r\n \"$id\": \"centralus_1\",\r\n \"hostName\": \"sitename\",\r\n \"azureID\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/providers/Microsoft.Web/sites/sitename\",\r\n \"type\": \"host\"\r\n }\r\n ]\r\n }\r\n}",
+ "ResponseBody": "{\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Security/locations/westeurope/alerts/2518136982923187680_ef6aa4e6-9c60-4405-8f08-f465e8e50cd2\",\r\n \"name\": \"2518136982923187680_ef6aa4e6-9c60-4405-8f08-f465e8e50cd2\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft\",\r\n \"alertDisplayName\": \"Azure Security Center test alert (not a threat)\",\r\n \"alertName\": \"VM_EICAR\",\r\n \"detectedTimeUtc\": \"2020-05-04T14:28:27.6812319Z\",\r\n \"description\": \"This is a test alert generated by Azure Security Center. No further action is needed.\",\r\n \"remediationSteps\": \"No further action is needed.\",\r\n \"actionTaken\": \"Undefined\",\r\n \"reportedSeverity\": \"High\",\r\n \"compromisedEntity\": \"ALERTSTEST\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"ef6aa4e6-9c60-4405-8f08-f465e8e50cd2\",\r\n \"extendedProperties\": {\r\n \"compromised Host\": \"ALERTSTEST\",\r\n \"user Name\": \"WORKGROUP\\\\alertsTest$\",\r\n \"account Session Id\": \"0x3e7\",\r\n \"suspicious Process\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe\",\r\n \"suspicious Command Line\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"parent Process\": \"c:\\\\windows\\\\system32\\\\svchost.exe\",\r\n \"suspicious Process Id\": \"0x688\",\r\n \"arguments Auditing Enabled\": \"true\",\r\n \"enrichment_tas_threat__reports\": \"{\\\"Kind\\\":\\\"MultiLink\\\",\\\"DisplayValueToUrlDictionary\\\":{\\\"Report: EICAR File\\\":\\\"https://interflowwebportalext.trafficmanager.net/reports/DisplayReport?callerIdentity=ddd5443d-e6f4-441c-b52b-5278d2f21dfa&reportCreateDateTime=2020-05-04T09%3a13%3a05&reportName=MSTI-TS-EICAR-File.pdf&tenantId=387eb67f-0039-43ad-81b9-b66c6c0b1951&urlCreateDateTime=2020-05-04T09%3a13%3a05&token=aRLLv1q8UI%20eVn54OVy%20WbqcH7H9dSGDUOuWywymCrQ=\\\"}}\",\r\n \"resourceType\": \"Virtual Machine\"\r\n },\r\n \"state\": \"Dismissed\",\r\n \"reportedTimeUtc\": \"2020-05-04T14:29:05.5983077Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/mainws/providers/microsoft.operationalinsights/workspaces/securityuserws\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": [\r\n {\r\n \"$id\": \"westeurope_1\",\r\n \"dnsDomain\": \"\",\r\n \"ntDomain\": \"\",\r\n \"hostName\": \"ALERTSTEST\",\r\n \"netBiosName\": \"ALERTSTEST\",\r\n \"azureID\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"omsAgentID\": \"6bc4f1df-17e1-40f0-8227-f1635aea54dd\",\r\n \"osFamily\": \"Windows\",\r\n \"osVersion\": \"Windows\",\r\n \"isDomainJoined\": false,\r\n \"type\": \"host\"\r\n },\r\n {\r\n \"$id\": \"westeurope_2\",\r\n \"directory\": \"c:\\\\windows\\\\system32\",\r\n \"name\": \"svchost.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_3\",\r\n \"processId\": \"0x6ec\",\r\n \"commandLine\": \"\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_2\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_1\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_4\",\r\n \"name\": \"alertsTest$\",\r\n \"ntDomain\": \"WORKGROUP\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_1\"\r\n },\r\n \"sid\": \"S-1-5-18\",\r\n \"isDomainJoined\": true,\r\n \"type\": \"account\",\r\n \"LogonId\": \"0x3e7\"\r\n },\r\n {\r\n \"$id\": \"westeurope_5\",\r\n \"directory\": \"c:\\\\scripts\",\r\n \"name\": \"asc_alerttest_662jfi039n.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_6\",\r\n \"processId\": \"0x688\",\r\n \"commandLine\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"elevationToken\": \"Default\",\r\n \"creationTimeUtc\": \"2020-05-04T14:28:27.6812319Z\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_5\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_4\"\r\n },\r\n \"parentProcess\": {\r\n \"$ref\": \"westeurope_3\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_1\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_7\",\r\n \"sessionId\": \"0x3e7\",\r\n \"startTimeUtc\": \"2020-05-04T14:28:27.6812319Z\",\r\n \"endTimeUtc\": \"2020-05-04T14:28:27.6812319Z\",\r\n \"type\": \"host-logon-session\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_1\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_4\"\r\n }\r\n }\r\n ]\r\n }\r\n}",
"StatusCode": 200
}
],
"Names": {},
- "Variables": {
- "SubscriptionId": "487bb485-b5b0-471e-9c0d-10717612f869"
- }
+ "Variables": {}
}
\ No newline at end of file
diff --git a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/SecurityAlertsTests/SecurityAlerts_List.json b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/SecurityAlertsTests/SecurityAlerts_List.json
index 730452606f82..293e9dfef3c6 100644
--- a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/SecurityAlertsTests/SecurityAlerts_List.json
+++ b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/SecurityAlertsTests/SecurityAlerts_List.json
@@ -7,7 +7,7 @@
"RequestBody": "",
"RequestHeaders": {
"x-ms-client-request-id": [
- "a4e1b280-e44a-4309-ab0f-bc3841a1feee"
+ "d114ba1c-03fb-43ea-bdb4-44d6095c51ff"
],
"accept-language": [
"en-US"
@@ -15,8 +15,8 @@
"User-Agent": [
"FxVersion/4.6.26614.01",
"OSName/Windows",
- "OSVersion/Microsoft.Windows.10.0.17763.",
- "Microsoft.Azure.Management.Security.SecurityCenterClient/0.11.0.0"
+ "OSVersion/Microsoft.Windows.10.0.18363.",
+ "Microsoft.Azure.Management.Security.SecurityCenterClient/1.1.3.0"
]
},
"ResponseHeaders": {
@@ -24,26 +24,26 @@
"no-cache"
],
"Date": [
- "Mon, 04 Mar 2019 16:02:00 GMT"
+ "Mon, 04 May 2020 14:43:02 GMT"
],
"Pragma": [
"no-cache"
],
"x-ms-original-request-ids": [
- "0918e6d7-73b9-4662-a5b2-bc3e467fbf8f",
- "ab447dd5-da9d-4799-a825-0c733aad532a"
+ "68b88cf9-732b-41bb-be24-1af98f39c150",
+ "1086abf5-91b7-43c1-9f7c-317fd7389435"
],
"x-ms-ratelimit-remaining-subscription-resource-requests": [
- "749"
+ "748"
],
"x-ms-request-id": [
- "e0f45ddf-d5e7-4e9f-a8ca-dae9aeaf904b"
+ "4eb78d92-536d-40a2-9b7b-ca3e2342abba"
],
"x-ms-correlation-request-id": [
- "e0f45ddf-d5e7-4e9f-a8ca-dae9aeaf904b"
+ "4eb78d92-536d-40a2-9b7b-ca3e2342abba"
],
"x-ms-routing-request-id": [
- "UKWEST:20190304T160201Z:e0f45ddf-d5e7-4e9f-a8ca-dae9aeaf904b"
+ "GERMANYWESTCENTRAL:20200504T144303Z:4eb78d92-536d-40a2-9b7b-ca3e2342abba"
],
"Strict-Transport-Security": [
"max-age=31536000; includeSubDomains"
@@ -52,7 +52,7 @@
"nosniff"
],
"Content-Length": [
- "169158"
+ "25641"
],
"Content-Type": [
"application/json; charset=utf-8"
@@ -61,12 +61,10 @@
"-1"
]
},
- "ResponseBody": "{\r\n \"value\": [\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/rg/providers/Microsoft.Security/locations/centralus/alerts/2518532788749999999_66276b36-db2a-4b2c-84ad-9676fe753a01\",\r\n \"name\": \"2518532788749999999_66276b36-db2a-4b2c-84ad-9676fe753a01\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft\",\r\n \"alertDisplayName\": \"Web fingerprinting detected\",\r\n \"alertName\": \"APPS_Nmap\",\r\n \"detectedTimeUtc\": \"2019-03-03T17:40:43Z\",\r\n \"description\": \"Azure App Service activity log indicates a possible web fingerprinting activity on your App Service resource.The suspicious activity detected is associated with NMAP. Attackers often use this tool for probing the web application to find vulnerabilities.\",\r\n \"remediationSteps\": \"If only specific IP addresses should be allowed to access the web app, set IP restrictions (https://docs.microsoft.com/azure/app-service/app-service-ip-restrictions) for it.\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"High\",\r\n \"compromisedEntity\": \"sitename\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/rg/providers/Microsoft.Web/sites/sitename\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"b3d77198-6f95-40ed-9675-10001c2e93cc\",\r\n \"extendedProperties\": {\r\n \"last Event Time\": \"2/11/2019 5:40:46 PM\",\r\n \"sample URIs\": \"/sdk, /, /.git/HEAD, /favicon.ico, /evox/about, /robots.txt, /nmaplowercheck1549906843, /HNAP1\",\r\n \"sample User Agents\": \"Mozilla/5.0+(compatible;+Nmap+Scripting+Engine;+https://nmap.org/book/nse.html)\",\r\n \"sample Referer\": \"-\",\r\n \"resourceType\": \"App Service\"\r\n },\r\n \"state\": \"Dismissed\",\r\n \"reportedTimeUtc\": \"2019-03-03T20:41:03.846Z\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": [\r\n {\r\n \"$id\": \"centralus_1\",\r\n \"hostName\": \"sitename\",\r\n \"azureID\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/rg/providers/Microsoft.Web/sites/sitename\",\r\n \"type\": \"host\"\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/providers/Microsoft.Security/locations/centralus/alerts/2518532788749999999_66276b36-db2a-4b2c-84ad-9676fe753a02\",\r\n \"name\": \"2518532788749999999_66276b36-db2a-4b2c-84ad-9676fe753a02\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft\",\r\n \"alertDisplayName\": \"Web fingerprinting detected\",\r\n \"alertName\": \"APPS_Nmap\",\r\n \"detectedTimeUtc\": \"2019-03-03T17:40:43Z\",\r\n \"description\": \"Azure App Service activity log indicates a possible web fingerprinting activity on your App Service resource.The suspicious activity detected is associated with NMAP. Attackers often use this tool for probing the web application to find vulnerabilities.\",\r\n \"remediationSteps\": \"If only specific IP addresses should be allowed to access the web app, set IP restrictions (https://docs.microsoft.com/azure/app-service/app-service-ip-restrictions) for it.\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"High\",\r\n \"compromisedEntity\": \"sitename\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/providers/Microsoft.Web/sites/sitename\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"b3d77198-6f95-40ed-9675-10001c2e93cd\",\r\n \"extendedProperties\": {\r\n \"last Event Time\": \"2/11/2019 5:40:46 PM\",\r\n \"sample URIs\": \"/sdk, /, /.git/HEAD, /favicon.ico, /evox/about, /robots.txt, /nmaplowercheck1549906843, /HNAP1\",\r\n \"sample User Agents\": \"Mozilla/5.0+(compatible;+Nmap+Scripting+Engine;+https://nmap.org/book/nse.html)\",\r\n \"sample Referer\": \"-\",\r\n \"resourceType\": \"App Service\"\r\n },\r\n \"state\": \"Dismissed\",\r\n \"reportedTimeUtc\": \"2019-03-03T20:41:03.846Z\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": [\r\n {\r\n \"$id\": \"centralus_2\",\r\n \"hostName\": \"sitename\",\r\n \"azureID\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/providers/Microsoft.Web/sites/sitename\",\r\n \"type\": \"host\"\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518505891999999999_c908c4ae-9a04-4d98-bb7e-18c82dfd9a81\",\r\n \"name\": \"2518505891999999999_c908c4ae-9a04-4d98-bb7e-18c82dfd9a81\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-04T15:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"c908c4ae-9a04-4d98-bb7e-18c82dfd9a81\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"159.192.218.25\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T16:00:11.489254Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518505927999999999_38e859b9-60eb-406d-aa42-a54dc5be9b17\",\r\n \"name\": \"2518505927999999999_38e859b9-60eb-406d-aa42-a54dc5be9b17\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-04T14:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"38e859b9-60eb-406d-aa42-a54dc5be9b17\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T15:00:56.8950851Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518505927999999999_3c3f8a61-1245-4e92-be38-ac054249f4a2\",\r\n \"name\": \"2518505927999999999_3c3f8a61-1245-4e92-be38-ac054249f4a2\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-04T14:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with scripting/generic HTTP client Matched Data: python-requests found within REQUEST_HEADERS:User-Agent: python-requests/2.6.0 CPython/2.7.5 Linux/3.10.0-957.1.3.el7.x86_64\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"3c3f8a61-1245-4e92-be38-ac054249f4a2\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T15:00:56.8950851Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518505927999999999_f646ad4c-8a5d-4355-9dfc-56a3f2521310\",\r\n \"name\": \"2518505927999999999_f646ad4c-8a5d-4355-9dfc-56a3f2521310\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-04T14:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 8)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"f646ad4c-8a5d-4355-9dfc-56a3f2521310\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T15:00:56.4081088Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518505963999999999_7e0b842e-b80f-4544-979d-952ed3b60db6\",\r\n \"name\": \"2518505963999999999_7e0b842e-b80f-4544-979d-952ed3b60db6\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-04T13:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"7e0b842e-b80f-4544-979d-952ed3b60db6\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"103.94.170.218,113.161.130.251\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T14:00:41.0033381Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506035999999999_4316a00c-7ac8-4b34-8b74-cf73e2a91b70\",\r\n \"name\": \"2518506035999999999_4316a00c-7ac8-4b34-8b74-cf73e2a91b70\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-04T11:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with scripting/generic HTTP client Matched Data: python-requests found within REQUEST_HEADERS:User-Agent: python-requests/2.6.0 CPython/2.7.5 Linux/3.10.0-957.1.3.el7.x86_64\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"4316a00c-7ac8-4b34-8b74-cf73e2a91b70\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T12:00:02.3651318Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506035999999999_553a1004-ff2f-4d39-9baf-cdb764aa6a1e\",\r\n \"name\": \"2518506035999999999_553a1004-ff2f-4d39-9baf-cdb764aa6a1e\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-04T11:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 8)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"553a1004-ff2f-4d39-9baf-cdb764aa6a1e\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T12:00:01.7153581Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506035999999999_d91570aa-65a5-46de-aee7-98b41a8027e4\",\r\n \"name\": \"2518506035999999999_d91570aa-65a5-46de-aee7-98b41a8027e4\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-04T11:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"d91570aa-65a5-46de-aee7-98b41a8027e4\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"176.32.33.80,103.212.90.36\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T12:00:02.3651318Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506071999999999_129ec79b-c7a6-4082-91af-c6733ce46447\",\r\n \"name\": \"2518506071999999999_129ec79b-c7a6-4082-91af-c6733ce46447\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-04T10:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"129ec79b-c7a6-4082-91af-c6733ce46447\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"51.83.15.87\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T11:00:48.0270644Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506071999999999_784f1ab8-ec53-4216-a522-52669e63bcde\",\r\n \"name\": \"2518506071999999999_784f1ab8-ec53-4216-a522-52669e63bcde\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-04T10:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"784f1ab8-ec53-4216-a522-52669e63bcde\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"45.115.6.194\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T11:00:48.4809846Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506179999999999_a4b834f3-2e4b-406c-bc49-1dc4339732e6\",\r\n \"name\": \"2518506179999999999_a4b834f3-2e4b-406c-bc49-1dc4339732e6\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-04T07:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 8)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"a4b834f3-2e4b-406c-bc49-1dc4339732e6\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T08:00:01.2466784Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506179999999999_e2dfaff2-872b-479b-8ead-f3473da44a88\",\r\n \"name\": \"2518506179999999999_e2dfaff2-872b-479b-8ead-f3473da44a88\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-04T07:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"e2dfaff2-872b-479b-8ead-f3473da44a88\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"179.110.123.218,176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T08:00:02.116777Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506179999999999_e67879f8-55f1-49a0-bfde-d8d076fae90e\",\r\n \"name\": \"2518506179999999999_e67879f8-55f1-49a0-bfde-d8d076fae90e\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-04T07:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with scripting/generic HTTP client Matched Data: python-requests found within REQUEST_HEADERS:User-Agent: python-requests/2.6.0 CPython/2.7.5 Linux/3.10.0-957.1.3.el7.x86_64\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"e67879f8-55f1-49a0-bfde-d8d076fae90e\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T08:00:02.116777Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506215999999999_137fc371-1c41-4da3-9f32-61dbf0c876b3\",\r\n \"name\": \"2518506215999999999_137fc371-1c41-4da3-9f32-61dbf0c876b3\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-04T06:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"137fc371-1c41-4da3-9f32-61dbf0c876b3\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"186.226.218.121,191.37.250.231\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T07:00:47.1096409Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506215999999999_d1922f41-45da-4c89-b3f0-ae2ee97ca464\",\r\n \"name\": \"2518506215999999999_d1922f41-45da-4c89-b3f0-ae2ee97ca464\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-04T06:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"d1922f41-45da-4c89-b3f0-ae2ee97ca464\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"109.73.182.157\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T07:00:46.5853915Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506251999999999_8ad58304-6c26-4379-89fc-b89fcfa1e747\",\r\n \"name\": \"2518506251999999999_8ad58304-6c26-4379-89fc-b89fcfa1e747\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-04T05:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"8ad58304-6c26-4379-89fc-b89fcfa1e747\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"185.123.233.160\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T06:00:33.4180269Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506287999999999_1ed08eec-64cc-4d93-9eea-ea73822c2320\",\r\n \"name\": \"2518506287999999999_1ed08eec-64cc-4d93-9eea-ea73822c2320\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-04T04:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"1ed08eec-64cc-4d93-9eea-ea73822c2320\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T05:00:20.5069656Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506287999999999_8f8d4f63-d98c-4e11-aa94-d1f3886b6afb\",\r\n \"name\": \"2518506287999999999_8f8d4f63-d98c-4e11-aa94-d1f3886b6afb\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-04T04:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with scripting/generic HTTP client Matched Data: python-requests found within REQUEST_HEADERS:User-Agent: python-requests/2.6.0 CPython/2.7.5 Linux/3.10.0-957.1.3.el7.x86_64\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"8f8d4f63-d98c-4e11-aa94-d1f3886b6afb\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T05:00:20.5069656Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506287999999999_e84d6d25-d3fd-4198-a9ea-8d1a695a8a0e\",\r\n \"name\": \"2518506287999999999_e84d6d25-d3fd-4198-a9ea-8d1a695a8a0e\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-04T04:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 8)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"e84d6d25-d3fd-4198-a9ea-8d1a695a8a0e\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T05:00:20.5069656Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506395999999999_025841f9-9581-450c-8349-b96da379d72c\",\r\n \"name\": \"2518506395999999999_025841f9-9581-450c-8349-b96da379d72c\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-04T01:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 8)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"025841f9-9581-450c-8349-b96da379d72c\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T02:00:39.9205038Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506395999999999_21099c91-d37e-4843-966e-55f53d3fe657\",\r\n \"name\": \"2518506395999999999_21099c91-d37e-4843-966e-55f53d3fe657\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-04T01:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with scripting/generic HTTP client Matched Data: python-requests found within REQUEST_HEADERS:User-Agent: python-requests/2.6.0 CPython/2.7.5 Linux/3.10.0-957.1.3.el7.x86_64\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"21099c91-d37e-4843-966e-55f53d3fe657\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T02:00:40.4337488Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506395999999999_997886ee-adcc-4233-b389-4f349a4e4f19\",\r\n \"name\": \"2518506395999999999_997886ee-adcc-4233-b389-4f349a4e4f19\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-04T01:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"997886ee-adcc-4233-b389-4f349a4e4f19\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T02:00:40.4337488Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506431999999999_3628cfac-0858-4075-873e-cb45feafc2d8\",\r\n \"name\": \"2518506431999999999_3628cfac-0858-4075-873e-cb45feafc2d8\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"METHOD-ENFORCEMENT\",\r\n \"alertName\": \"METHOD-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-04T00:00:00Z\",\r\n \"description\": \"Detail:Method is not allowed by policy PROPFIND\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"3628cfac-0858-4075-873e-cb45feafc2d8\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"123.206.22.203\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T01:00:24.1988577Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506431999999999_65048fd9-87b9-4d11-9570-f3ea77419866\",\r\n \"name\": \"2518506431999999999_65048fd9-87b9-4d11-9570-f3ea77419866\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-04T00:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"65048fd9-87b9-4d11-9570-f3ea77419866\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"108\",\r\n \"source IPs\": \"45.170.220.47,123.206.22.203,183.89.68.95\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T01:00:24.1988577Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506431999999999_a8a29940-e0bd-4742-95cc-c6d01e1afe48\",\r\n \"name\": \"2518506431999999999_a8a29940-e0bd-4742-95cc-c6d01e1afe48\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"APPLICATION-ATTACK-SQLI\",\r\n \"alertName\": \"APPLICATION-ATTACK-SQLI\",\r\n \"detectedTimeUtc\": \"2019-03-04T00:00:00Z\",\r\n \"description\": \"Detail:SQL Injection Attack Matched Data: md5 found within ARGS:h: die(@md5(M4rch));\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"a8a29940-e0bd-4742-95cc-c6d01e1afe48\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"16\",\r\n \"source IPs\": \"123.206.22.203\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T01:00:24.1988577Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506431999999999_b41572ea-083b-4743-ab2f-f653b504c3c3\",\r\n \"name\": \"2518506431999999999_b41572ea-083b-4743-ab2f-f653b504c3c3\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-04T00:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 5)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"b41572ea-083b-4743-ab2f-f653b504c3c3\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"41\",\r\n \"source IPs\": \"123.206.22.203\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T01:00:24.1988577Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506431999999999_b463a506-46aa-4a9d-8468-40e2ed74fae2\",\r\n \"name\": \"2518506431999999999_b463a506-46aa-4a9d-8468-40e2ed74fae2\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"APPLICATION-ATTACK-SQLI\",\r\n \"alertName\": \"APPLICATION-ATTACK-SQLI\",\r\n \"detectedTimeUtc\": \"2019-03-04T00:00:00Z\",\r\n \"description\": \"Detail:SQL Injection Attack Matched Data: md5 found within ARGS:h: die(@md5(M4rch));\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"b463a506-46aa-4a9d-8468-40e2ed74fae2\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"24\",\r\n \"source IPs\": \"123.206.22.203\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T01:00:23.6287102Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506431999999999_da18a55d-358d-499b-97e2-d4a9169d6d79\",\r\n \"name\": \"2518506431999999999_da18a55d-358d-499b-97e2-d4a9169d6d79\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-04T00:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 12)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"da18a55d-358d-499b-97e2-d4a9169d6d79\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"43\",\r\n \"source IPs\": \"123.206.22.203\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T01:00:24.1988577Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506431999999999_e188c598-6c5a-4b88-b062-53a84c8e5866\",\r\n \"name\": \"2518506431999999999_e188c598-6c5a-4b88-b062-53a84c8e5866\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-04T00:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"e188c598-6c5a-4b88-b062-53a84c8e5866\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"98\",\r\n \"source IPs\": \"123.206.22.203\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T01:00:24.1988577Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506431999999999_f3759b4d-98d9-4133-820f-c53404075381\",\r\n \"name\": \"2518506431999999999_f3759b4d-98d9-4133-820f-c53404075381\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"APPLICATION-ATTACK-LFI\",\r\n \"alertName\": \"APPLICATION-ATTACK-LFI\",\r\n \"detectedTimeUtc\": \"2019-03-04T00:00:00Z\",\r\n \"description\": \"Detail:Restricted File Access Attempt Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"f3759b4d-98d9-4133-820f-c53404075381\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"123.206.22.203\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T01:00:24.1988577Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506467999999999_e16ffb83-a733-495b-b767-56079cca194b\",\r\n \"name\": \"2518506467999999999_e16ffb83-a733-495b-b767-56079cca194b\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T23:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"e16ffb83-a733-495b-b767-56079cca194b\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"37.57.97.61\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T00:00:05.2118352Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506539999999999_96264969-2f25-4495-8e4a-26d705da8fa9\",\r\n \"name\": \"2518506539999999999_96264969-2f25-4495-8e4a-26d705da8fa9\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-03T21:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with scripting/generic HTTP client Matched Data: python-requests found within REQUEST_HEADERS:User-Agent: python-requests/2.6.0 CPython/2.7.5 Linux/3.10.0-957.1.3.el7.x86_64\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"96264969-2f25-4495-8e4a-26d705da8fa9\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T22:00:34.1747263Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506539999999999_dd92cb6e-f129-4405-9e18-11fa5c1252c2\",\r\n \"name\": \"2518506539999999999_dd92cb6e-f129-4405-9e18-11fa5c1252c2\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T21:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 8)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"dd92cb6e-f129-4405-9e18-11fa5c1252c2\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T22:00:33.6975993Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506539999999999_ecdf89d6-b2a2-4d32-9e16-f7cd67984891\",\r\n \"name\": \"2518506539999999999_ecdf89d6-b2a2-4d32-9e16-f7cd67984891\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T21:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"ecdf89d6-b2a2-4d32-9e16-f7cd67984891\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"41.50.83.103,176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T22:00:34.1747263Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506575999999999_5aee1028-31b6-4d35-93cc-569793a2d3a2\",\r\n \"name\": \"2518506575999999999_5aee1028-31b6-4d35-93cc-569793a2d3a2\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T20:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"5aee1028-31b6-4d35-93cc-569793a2d3a2\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"181.166.19.204\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T21:00:19.3291561Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506611999999999_3c7cfa09-e213-4490-ba8d-a11b72b6d000\",\r\n \"name\": \"2518506611999999999_3c7cfa09-e213-4490-ba8d-a11b72b6d000\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T19:00:00Z\",\r\n \"description\": \"Detail:Request Missing a Host Header\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"3c7cfa09-e213-4490-ba8d-a11b72b6d000\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"178.73.215.171\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T20:00:05.4039046Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506611999999999_af8a5586-7eae-4aba-bb14-5a0d9f18bb97\",\r\n \"name\": \"2518506611999999999_af8a5586-7eae-4aba-bb14-5a0d9f18bb97\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T19:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"af8a5586-7eae-4aba-bb14-5a0d9f18bb97\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"39.96.43.158,200.207.20.30\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T20:00:05.4039046Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506611999999999_ea4eb36f-4b5c-4b3d-a52e-b06a0a8634ac\",\r\n \"name\": \"2518506611999999999_ea4eb36f-4b5c-4b3d-a52e-b06a0a8634ac\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T19:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 5)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"ea4eb36f-4b5c-4b3d-a52e-b06a0a8634ac\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"178.73.215.171\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T20:00:04.9007841Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506647999999999_2049cf22-f78e-45c4-8c8d-620175ea9b67\",\r\n \"name\": \"2518506647999999999_2049cf22-f78e-45c4-8c8d-620175ea9b67\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"APPLICATION-ATTACK-SQLI\",\r\n \"alertName\": \"APPLICATION-ATTACK-SQLI\",\r\n \"detectedTimeUtc\": \"2019-03-03T18:00:00Z\",\r\n \"description\": \"Detail:SQL Injection Attack: SQL Tautology Detected. Matched Data: methodName>system found within ARGS_NAMES: system.listMethods : system.listMethods \",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"2049cf22-f78e-45c4-8c8d-620175ea9b67\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"52.183.58.122\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T19:00:51.2707099Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506647999999999_5dd2d179-737e-47de-a37d-c6b6731c149a\",\r\n \"name\": \"2518506647999999999_5dd2d179-737e-47de-a37d-c6b6731c149a\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-03T18:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with security scanner Matched Data: nmap scripting engine found within REQUEST_HEADERS:User-Agent: Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"5dd2d179-737e-47de-a37d-c6b6731c149a\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"16\",\r\n \"source IPs\": \"52.183.58.122\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T19:00:51.2707099Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506647999999999_7bc4f2d4-49d2-4e83-801e-18e5f7288546\",\r\n \"name\": \"2518506647999999999_7bc4f2d4-49d2-4e83-801e-18e5f7288546\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T18:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 5)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"7bc4f2d4-49d2-4e83-801e-18e5f7288546\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"17\",\r\n \"source IPs\": \"52.183.58.122\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T19:00:51.2707099Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506647999999999_7db374f1-b737-40f9-9801-427d6ded6631\",\r\n \"name\": \"2518506647999999999_7db374f1-b737-40f9-9801-427d6ded6631\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T18:00:00Z\",\r\n \"description\": \"Detail:Request Missing a Host Header\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"7db374f1-b737-40f9-9801-427d6ded6631\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"29\",\r\n \"source IPs\": \"52.183.58.122\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T19:00:51.2707099Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506647999999999_7fdd74ca-ecdc-47c7-8ede-237604683d32\",\r\n \"name\": \"2518506647999999999_7fdd74ca-ecdc-47c7-8ede-237604683d32\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T18:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 10)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"7fdd74ca-ecdc-47c7-8ede-237604683d32\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"18\",\r\n \"source IPs\": \"52.183.58.122\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T19:00:51.2707099Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506647999999999_8a49395c-6a4a-44c1-ada6-5d9e25ad2cb4\",\r\n \"name\": \"2518506647999999999_8a49395c-6a4a-44c1-ada6-5d9e25ad2cb4\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-03T18:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with security scanner Matched Data: nmap scripting engine found within REQUEST_HEADERS:User-Agent: Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"8a49395c-6a4a-44c1-ada6-5d9e25ad2cb4\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"16\",\r\n \"source IPs\": \"52.183.58.122\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T19:00:51.2707099Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506647999999999_9aa674cd-3d5a-44d0-ae78-26bb404bb9cd\",\r\n \"name\": \"2518506647999999999_9aa674cd-3d5a-44d0-ae78-26bb404bb9cd\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"APPLICATION-ATTACK-LFI\",\r\n \"alertName\": \"APPLICATION-ATTACK-LFI\",\r\n \"detectedTimeUtc\": \"2019-03-03T18:00:00Z\",\r\n \"description\": \"Detail:Restricted File Access Attempt Matched Data: /.git/ found within REQUEST_FILENAME: /.git/HEAD\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"9aa674cd-3d5a-44d0-ae78-26bb404bb9cd\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"52.183.58.122\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T19:00:50.6994998Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506647999999999_a1d6f3b7-f990-4f60-aa51-f9dedb286a93\",\r\n \"name\": \"2518506647999999999_a1d6f3b7-f990-4f60-aa51-f9dedb286a93\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"METHOD-ENFORCEMENT\",\r\n \"alertName\": \"METHOD-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T18:00:00Z\",\r\n \"description\": \"Detail:Method is not allowed by policy PROPFIND\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"a1d6f3b7-f990-4f60-aa51-f9dedb286a93\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"4\",\r\n \"source IPs\": \"52.183.58.122\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T19:00:51.2707099Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506647999999999_e88f0966-faba-4c11-806c-1dd3d0f02349\",\r\n \"name\": \"2518506647999999999_e88f0966-faba-4c11-806c-1dd3d0f02349\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T18:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"e88f0966-faba-4c11-806c-1dd3d0f02349\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"30\",\r\n \"source IPs\": \"52.183.58.122\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T19:00:51.2707099Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506683999999999_3ffd1f5a-8a43-42dd-950f-94a708c4eccf\",\r\n \"name\": \"2518506683999999999_3ffd1f5a-8a43-42dd-950f-94a708c4eccf\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-03T17:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with scripting/generic HTTP client Matched Data: Python-urllib found within REQUEST_HEADERS:User-Agent: Python-urllib/2.7\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"3ffd1f5a-8a43-42dd-950f-94a708c4eccf\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"5.189.188.237\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T18:00:33.544093Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506683999999999_45daf153-e9c2-4943-aa00-60a4d57dfe57\",\r\n \"name\": \"2518506683999999999_45daf153-e9c2-4943-aa00-60a4d57dfe57\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T17:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 5)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"45daf153-e9c2-4943-aa00-60a4d57dfe57\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"185\",\r\n \"source IPs\": \"153.37.197.94\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T18:00:34.0159991Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506683999999999_5f021722-537d-490c-bdfd-ac6fc510da5c\",\r\n \"name\": \"2518506683999999999_5f021722-537d-490c-bdfd-ac6fc510da5c\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T17:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"5f021722-537d-490c-bdfd-ac6fc510da5c\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"241\",\r\n \"source IPs\": \"153.37.197.94\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T18:00:34.0159991Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506683999999999_6a5df300-a1b4-4403-a419-eb6688efdf7b\",\r\n \"name\": \"2518506683999999999_6a5df300-a1b4-4403-a419-eb6688efdf7b\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"APPLICATION-ATTACK-SQLI\",\r\n \"alertName\": \"APPLICATION-ATTACK-SQLI\",\r\n \"detectedTimeUtc\": \"2019-03-03T17:00:00Z\",\r\n \"description\": \"Detail:SQL Injection Attack Matched Data: md5 found within ARGS:h: die(@md5(M4rch));\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"6a5df300-a1b4-4403-a419-eb6688efdf7b\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"258\",\r\n \"source IPs\": \"153.37.197.94\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T18:00:34.0159991Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506683999999999_874c6ebd-1e67-4774-a5ce-0d731c1c27db\",\r\n \"name\": \"2518506683999999999_874c6ebd-1e67-4774-a5ce-0d731c1c27db\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T17:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 12)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"874c6ebd-1e67-4774-a5ce-0d731c1c27db\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"187\",\r\n \"source IPs\": \"153.37.197.94,5.189.188.237\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T18:00:34.0159991Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506683999999999_96f96063-0f51-4b5a-8548-a58f55a126bb\",\r\n \"name\": \"2518506683999999999_96f96063-0f51-4b5a-8548-a58f55a126bb\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"APPLICATION-ATTACK-LFI\",\r\n \"alertName\": \"APPLICATION-ATTACK-LFI\",\r\n \"detectedTimeUtc\": \"2019-03-03T17:00:00Z\",\r\n \"description\": \"Detail:Restricted File Access Attempt Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"96f96063-0f51-4b5a-8548-a58f55a126bb\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"153.37.197.94\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T18:00:34.0159991Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506683999999999_a1fd9cb6-278c-4fa8-8378-b88d15b68e37\",\r\n \"name\": \"2518506683999999999_a1fd9cb6-278c-4fa8-8378-b88d15b68e37\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"APPLICATION-ATTACK-SQLI\",\r\n \"alertName\": \"APPLICATION-ATTACK-SQLI\",\r\n \"detectedTimeUtc\": \"2019-03-03T17:00:00Z\",\r\n \"description\": \"Detail:SQL Injection Attack Matched Data: md5 found within ARGS:h: die(@md5(M4rch));\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"a1fd9cb6-278c-4fa8-8378-b88d15b68e37\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"242\",\r\n \"source IPs\": \"153.37.197.94\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T18:00:34.0159991Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506683999999999_e4985ba6-3474-4f25-8d0e-0d29bb6b38c9\",\r\n \"name\": \"2518506683999999999_e4985ba6-3474-4f25-8d0e-0d29bb6b38c9\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T17:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"e4985ba6-3474-4f25-8d0e-0d29bb6b38c9\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"254\",\r\n \"source IPs\": \"143.255.242.186,153.37.197.94,5.189.188.237\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T18:00:34.0159991Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506683999999999_e6988005-220a-4136-82fd-14ef12b4ddf1\",\r\n \"name\": \"2518506683999999999_e6988005-220a-4136-82fd-14ef12b4ddf1\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"METHOD-ENFORCEMENT\",\r\n \"alertName\": \"METHOD-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T17:00:00Z\",\r\n \"description\": \"Detail:Method is not allowed by policy PROPFIND\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"e6988005-220a-4136-82fd-14ef12b4ddf1\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"153.37.197.94\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T18:00:34.0159991Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506719999999999_13a28970-6f30-4c49-8db1-bbeb8c53f358\",\r\n \"name\": \"2518506719999999999_13a28970-6f30-4c49-8db1-bbeb8c53f358\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-03T16:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with scripting/generic HTTP client Matched Data: python-requests found within REQUEST_HEADERS:User-Agent: python-requests/2.6.0 CPython/2.7.5 Linux/3.10.0-957.1.3.el7.x86_64\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"13a28970-6f30-4c49-8db1-bbeb8c53f358\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T17:00:20.7167821Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506719999999999_3dd7d880-0612-484b-9352-47cbe5e955c0\",\r\n \"name\": \"2518506719999999999_3dd7d880-0612-484b-9352-47cbe5e955c0\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T16:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"3dd7d880-0612-484b-9352-47cbe5e955c0\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"4\",\r\n \"source IPs\": \"151.14.49.82,106.12.205.48,176.32.33.80,27.112.69.69\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T17:00:20.7167821Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506719999999999_45ad41ef-a52a-4383-b5a0-cf77d0f52769\",\r\n \"name\": \"2518506719999999999_45ad41ef-a52a-4383-b5a0-cf77d0f52769\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T16:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 8)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"45ad41ef-a52a-4383-b5a0-cf77d0f52769\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T17:00:20.7167821Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506755999999999_08c7bb21-5ce6-4a29-8559-e0f681637727\",\r\n \"name\": \"2518506755999999999_08c7bb21-5ce6-4a29-8559-e0f681637727\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T15:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"08c7bb21-5ce6-4a29-8559-e0f681637727\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"112.109.90.7\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T16:00:13.9856128Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506791999999999_a4f72ed5-04a4-4396-a55f-6c1e53f5de88\",\r\n \"name\": \"2518506791999999999_a4f72ed5-04a4-4396-a55f-6c1e53f5de88\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T14:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"a4f72ed5-04a4-4396-a55f-6c1e53f5de88\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"191.19.156.211\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T15:00:53.1284306Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506791999999999_d7624e51-e813-4e82-9d24-b0c7d1ee54a2\",\r\n \"name\": \"2518506791999999999_d7624e51-e813-4e82-9d24-b0c7d1ee54a2\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T14:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"d7624e51-e813-4e82-9d24-b0c7d1ee54a2\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"191.19.156.211\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T15:00:53.5907512Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506827999999999_5d48c911-b79f-4a9c-adf7-b1f7b542e139\",\r\n \"name\": \"2518506827999999999_5d48c911-b79f-4a9c-adf7-b1f7b542e139\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T13:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"5d48c911-b79f-4a9c-adf7-b1f7b542e139\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"47.44.40.236\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T14:00:40.9369659Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506827999999999_6705b59f-aa53-4b22-a799-0ec168f16554\",\r\n \"name\": \"2518506827999999999_6705b59f-aa53-4b22-a799-0ec168f16554\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T13:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 5)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"6705b59f-aa53-4b22-a799-0ec168f16554\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"86.101.76.223\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T14:00:41.4313385Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506827999999999_8ef4d78a-8e10-42c2-809c-b06a1dbac6ff\",\r\n \"name\": \"2518506827999999999_8ef4d78a-8e10-42c2-809c-b06a1dbac6ff\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T13:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"8ef4d78a-8e10-42c2-809c-b06a1dbac6ff\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"3\",\r\n \"source IPs\": \"86.101.76.223,37.112.145.247\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T14:00:41.4313385Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506863999999999_0a57514d-bfbb-40de-945f-edab4061fa9f\",\r\n \"name\": \"2518506863999999999_0a57514d-bfbb-40de-945f-edab4061fa9f\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-03T12:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with scripting/generic HTTP client Matched Data: python-requests found within REQUEST_HEADERS:User-Agent: python-requests/2.6.0 CPython/2.7.5 Linux/3.10.0-957.1.3.el7.x86_64\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"0a57514d-bfbb-40de-945f-edab4061fa9f\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T13:00:27.4966084Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506863999999999_2aec0c06-933a-4981-bd34-59809b81bdcf\",\r\n \"name\": \"2518506863999999999_2aec0c06-933a-4981-bd34-59809b81bdcf\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T12:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"2aec0c06-933a-4981-bd34-59809b81bdcf\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"3\",\r\n \"source IPs\": \"139.162.106.181,176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T13:00:27.9629747Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506863999999999_3906c573-8bb4-47b5-922d-3a93dacb999a\",\r\n \"name\": \"2518506863999999999_3906c573-8bb4-47b5-922d-3a93dacb999a\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T12:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 5)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"3906c573-8bb4-47b5-922d-3a93dacb999a\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"139.162.106.181,176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T13:00:27.9629747Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506863999999999_ccc614e5-38e9-4794-a4a7-b084779313b2\",\r\n \"name\": \"2518506863999999999_ccc614e5-38e9-4794-a4a7-b084779313b2\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T12:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"ccc614e5-38e9-4794-a4a7-b084779313b2\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"189.79.106.13,175.106.10.226\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T13:00:27.9629747Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506899999999999_0628b610-6b29-45ec-a08c-2561f6201681\",\r\n \"name\": \"2518506899999999999_0628b610-6b29-45ec-a08c-2561f6201681\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T11:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"0628b610-6b29-45ec-a08c-2561f6201681\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"4\",\r\n \"source IPs\": \"170.233.47.249,149.71.160.254,125.64.94.200\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T12:00:05.3305889Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506899999999999_7008ba75-4cc8-4291-93bc-ea17eba8f37c\",\r\n \"name\": \"2518506899999999999_7008ba75-4cc8-4291-93bc-ea17eba8f37c\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T11:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 5)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"7008ba75-4cc8-4291-93bc-ea17eba8f37c\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"125.64.94.200\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T12:00:04.8798965Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506935999999999_6f663a4f-982b-4818-8ef1-f87730e40dcc\",\r\n \"name\": \"2518506935999999999_6f663a4f-982b-4818-8ef1-f87730e40dcc\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T10:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"6f663a4f-982b-4818-8ef1-f87730e40dcc\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"177.190.65.151\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T11:00:50.1566901Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506971999999999_205da57b-4636-44f8-894e-3a78c60e78be\",\r\n \"name\": \"2518506971999999999_205da57b-4636-44f8-894e-3a78c60e78be\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-03T09:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with security scanner Matched Data: zmeu found within REQUEST_HEADERS:User-Agent: ZmEu\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"205da57b-4636-44f8-894e-3a78c60e78be\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"5\",\r\n \"source IPs\": \"202.111.175.134\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T10:00:37.6036112Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506971999999999_36d74c57-219a-48dd-9d85-8edf5dad9605\",\r\n \"name\": \"2518506971999999999_36d74c57-219a-48dd-9d85-8edf5dad9605\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T09:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 8)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"36d74c57-219a-48dd-9d85-8edf5dad9605\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"3\",\r\n \"source IPs\": \"176.32.33.80,202.111.175.134\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T10:00:37.6036112Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506971999999999_51794aa7-6274-4156-b321-a8404ec2c8a1\",\r\n \"name\": \"2518506971999999999_51794aa7-6274-4156-b321-a8404ec2c8a1\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T09:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 13)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"51794aa7-6274-4156-b321-a8404ec2c8a1\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"4\",\r\n \"source IPs\": \"202.111.175.134\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T10:00:36.6754928Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506971999999999_8fd280c9-d229-4ab0-b7c2-a1e6ed13d475\",\r\n \"name\": \"2518506971999999999_8fd280c9-d229-4ab0-b7c2-a1e6ed13d475\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T09:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"8fd280c9-d229-4ab0-b7c2-a1e6ed13d475\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"4\",\r\n \"source IPs\": \"202.111.175.134\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T10:00:37.6036112Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506971999999999_c5f9f5ef-e626-494f-af62-296e9a3aae90\",\r\n \"name\": \"2518506971999999999_c5f9f5ef-e626-494f-af62-296e9a3aae90\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T09:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"c5f9f5ef-e626-494f-af62-296e9a3aae90\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"3\",\r\n \"source IPs\": \"176.32.33.80,202.111.175.134\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T10:00:37.6036112Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506971999999999_f2c8d1c4-1673-484b-a6dd-83ba0f631030\",\r\n \"name\": \"2518506971999999999_f2c8d1c4-1673-484b-a6dd-83ba0f631030\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-03T09:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with scripting/generic HTTP client Matched Data: python-requests found within REQUEST_HEADERS:User-Agent: python-requests/2.6.0 CPython/2.7.5 Linux/3.10.0-957.1.3.el7.x86_64\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"f2c8d1c4-1673-484b-a6dd-83ba0f631030\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"3\",\r\n \"source IPs\": \"176.32.33.80,202.111.175.134\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T10:00:37.6036112Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507007999999999_d08f4e21-7e7a-4f55-8d05-c262b6ea7296\",\r\n \"name\": \"2518507007999999999_d08f4e21-7e7a-4f55-8d05-c262b6ea7296\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T08:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"d08f4e21-7e7a-4f55-8d05-c262b6ea7296\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"200.170.107.213\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T09:00:23.6177593Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507043999999999_4113b94b-e345-435c-9860-319263f7dd62\",\r\n \"name\": \"2518507043999999999_4113b94b-e345-435c-9860-319263f7dd62\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T07:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"4113b94b-e345-435c-9860-319263f7dd62\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"3\",\r\n \"source IPs\": \"185.53.88.120,177.95.121.11\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T08:00:08.812839Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507043999999999_61e42d8a-87ae-4aad-909c-c68cf39040d4\",\r\n \"name\": \"2518507043999999999_61e42d8a-87ae-4aad-909c-c68cf39040d4\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T07:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 5)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"61e42d8a-87ae-4aad-909c-c68cf39040d4\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"185.53.88.120\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T08:00:08.812839Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507043999999999_61fd9c97-c980-48c2-b39a-defed87af2a2\",\r\n \"name\": \"2518507043999999999_61fd9c97-c980-48c2-b39a-defed87af2a2\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T07:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"61fd9c97-c980-48c2-b39a-defed87af2a2\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"189.211.124.220\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T08:00:08.812839Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507079999999999_1b89d7cb-b586-4a38-ad61-75bbaebf2170\",\r\n \"name\": \"2518507079999999999_1b89d7cb-b586-4a38-ad61-75bbaebf2170\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-03T06:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with security scanner Matched Data: masscan found within REQUEST_HEADERS:User-Agent: masscan/1.0 (https://github.com/robertdavidgraham/masscan)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"1b89d7cb-b586-4a38-ad61-75bbaebf2170\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"185.165.169.28\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T07:00:54.0188006Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507079999999999_c2c1230a-f1d5-4fe1-9aa3-0a77e7299186\",\r\n \"name\": \"2518507079999999999_c2c1230a-f1d5-4fe1-9aa3-0a77e7299186\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T06:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 8)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"c2c1230a-f1d5-4fe1-9aa3-0a77e7299186\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"185.165.169.28\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T07:00:53.5777047Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507079999999999_eac52c76-659b-498e-91f5-525511b48ded\",\r\n \"name\": \"2518507079999999999_eac52c76-659b-498e-91f5-525511b48ded\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T06:00:00Z\",\r\n \"description\": \"Detail:Request Missing a Host Header\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"eac52c76-659b-498e-91f5-525511b48ded\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"185.165.169.28\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T07:00:54.0188006Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507115999999999_3f4c572d-c6c7-440c-84e7-7a3f4cd866af\",\r\n \"name\": \"2518507115999999999_3f4c572d-c6c7-440c-84e7-7a3f4cd866af\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T05:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"3f4c572d-c6c7-440c-84e7-7a3f4cd866af\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"191.19.210.54\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T06:00:38.331985Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507115999999999_537e6f2f-d393-4cdf-a530-3255b9cc34c9\",\r\n \"name\": \"2518507115999999999_537e6f2f-d393-4cdf-a530-3255b9cc34c9\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T05:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 8)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"537e6f2f-d393-4cdf-a530-3255b9cc34c9\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"176.32.33.80,106.75.63.218\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T06:00:38.8618086Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507115999999999_b291073d-47ad-4563-b5be-d3cc4955e3db\",\r\n \"name\": \"2518507115999999999_b291073d-47ad-4563-b5be-d3cc4955e3db\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-03T05:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with scripting/generic HTTP client Matched Data: python-requests found within REQUEST_HEADERS:User-Agent: python-requests/2.6.0 CPython/2.7.5 Linux/3.10.0-957.1.3.el7.x86_64\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"b291073d-47ad-4563-b5be-d3cc4955e3db\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T06:00:38.8618086Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507115999999999_c9b1c4e8-589e-4c7e-945f-ef107e422d0e\",\r\n \"name\": \"2518507115999999999_c9b1c4e8-589e-4c7e-945f-ef107e422d0e\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T05:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"c9b1c4e8-589e-4c7e-945f-ef107e422d0e\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"3\",\r\n \"source IPs\": \"176.32.33.80,106.75.63.218\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T06:00:38.8618086Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507151999999999_395b050b-039c-42ac-84eb-93d3e7faea3e\",\r\n \"name\": \"2518507151999999999_395b050b-039c-42ac-84eb-93d3e7faea3e\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T04:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"395b050b-039c-42ac-84eb-93d3e7faea3e\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"82.227.32.4\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T05:00:24.7267003Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507151999999999_6db5bd58-9d70-42c8-b0c1-723f6cd5b8e7\",\r\n \"name\": \"2518507151999999999_6db5bd58-9d70-42c8-b0c1-723f6cd5b8e7\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T04:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 5)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"6db5bd58-9d70-42c8-b0c1-723f6cd5b8e7\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"82.227.32.4\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T05:00:24.2392146Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507223999999999_ee9ccd4a-9ffe-4674-93a3-8dce991f38ab\",\r\n \"name\": \"2518507223999999999_ee9ccd4a-9ffe-4674-93a3-8dce991f38ab\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T02:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"ee9ccd4a-9ffe-4674-93a3-8dce991f38ab\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"3\",\r\n \"source IPs\": \"46.201.249.7,91.192.33.145,95.133.40.164\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T03:00:56.5825657Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507295999999999_4fe4d5bf-6672-490d-b840-051c7f68b697\",\r\n \"name\": \"2518507295999999999_4fe4d5bf-6672-490d-b840-051c7f68b697\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T00:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 5)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"4fe4d5bf-6672-490d-b840-051c7f68b697\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"61.62.156.174\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T01:00:28.5948373Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507295999999999_863f36fb-20ad-45d2-9063-2a07be7f4d5f\",\r\n \"name\": \"2518507295999999999_863f36fb-20ad-45d2-9063-2a07be7f4d5f\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T00:00:00Z\",\r\n \"description\": \"Detail:Request Missing a Host Header\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"863f36fb-20ad-45d2-9063-2a07be7f4d5f\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"61.62.156.174\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T01:00:29.0871558Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507331999999999_3462bbf4-9200-4fdc-871c-01f2eb234c84\",\r\n \"name\": \"2518507331999999999_3462bbf4-9200-4fdc-871c-01f2eb234c84\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-02T23:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"3462bbf4-9200-4fdc-871c-01f2eb234c84\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"3\",\r\n \"source IPs\": \"179.110.96.144,95.85.11.140,185.219.135.195\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T00:00:16.354891Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507331999999999_99ba6c6b-501a-41df-a80a-d3c5fddff4e1\",\r\n \"name\": \"2518507331999999999_99ba6c6b-501a-41df-a80a-d3c5fddff4e1\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-02T23:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"99ba6c6b-501a-41df-a80a-d3c5fddff4e1\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"185.219.135.195\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T00:00:15.8819814Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507403999999999_7f0e0ee0-50f0-4f6d-87f6-3a386629e3ee\",\r\n \"name\": \"2518507403999999999_7f0e0ee0-50f0-4f6d-87f6-3a386629e3ee\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-02T21:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"7f0e0ee0-50f0-4f6d-87f6-3a386629e3ee\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"1.245.46.34,200.207.141.250\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-02T22:00:38.1461713Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507403999999999_b8d1e867-333f-4776-bfb1-23dc9d0f3883\",\r\n \"name\": \"2518507403999999999_b8d1e867-333f-4776-bfb1-23dc9d0f3883\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-02T21:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"b8d1e867-333f-4776-bfb1-23dc9d0f3883\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"42.51.32.9,200.207.141.250\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-02T22:00:38.6594318Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507439999999999_1b54ab81-5ca3-4ea0-a706-38112361afaa\",\r\n \"name\": \"2518507439999999999_1b54ab81-5ca3-4ea0-a706-38112361afaa\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-02T20:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with security scanner Matched Data: nmap scripting engine found within REQUEST_HEADERS:User-Agent: Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"bc09060f-3280-4734-a595-310679b63b8f.cloudapp.net\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"1b54ab81-5ca3-4ea0-a706-38112361afaa\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"16\",\r\n \"source IPs\": \"52.183.32.182\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-02T21:00:26.0576367Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507439999999999_3e947bdc-233d-4de1-8031-2038a4d74620\",\r\n \"name\": \"2518507439999999999_3e947bdc-233d-4de1-8031-2038a4d74620\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-02T20:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with security scanner Matched Data: nmap scripting engine found within REQUEST_HEADERS:User-Agent: Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"bc09060f-3280-4734-a595-310679b63b8f.cloudapp.net\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"3e947bdc-233d-4de1-8031-2038a4d74620\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"17\",\r\n \"source IPs\": \"52.183.32.182\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-02T21:00:26.0576367Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n }\r\n ],\r\n \"nextLink\": \"https://management.azure.com/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/providers/Microsoft.Security/alerts?api-version=2019-01-01&%24skiptoken=TY%2fLbqMwAEX%2fhcXsCDYBEkeqRmpqmKQFUmMbys482jjhNdhpIFX%2ffTLSLEa6u3N1ru6X0dWTfpHdWRmbLyPFCcWMxAdsbIyj1oPaWFYrOvFRt3WnF%2bJ2GetF2bcbx1la6lKocpSDln2nLGe9Kgpn7ZqFWwDTWcHaRCWoTAhWcOVB%2b33tIWsY%2b09Z1aOyQlmOverf9SKpy8so9WyJph61%2bikGaX7eK3frgw0gMgG854c6y4H257p7qOd9nGdHwAJ%2froIGiBRdEpu7u1MvwwSDeOvHJChvaQr3IUaYZyQXTT5QFl5D7HqknUIeTL8pq0iFIXulUcSDcKacPBcM4ZQy%2bbL9t9Gi5X%2fuZST9SDTcoYDwCrgey4YDDxSkkIwRQ0zc%2bIGfPmaaDWfxl9N9%2fHrze9pUzwJPjLUwFo0PUk6U4MNT%2bPQYccxA2pB9yNAv1uqI%2b0zv5FXSljuVT45v7dTQ1td5svOKjqtie5X8%2fj23OaABOr1lZChsR8anR2R8f%2f8B\"\r\n}",
+ "ResponseBody": "{\r\n \"value\": [\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Security/locations/westeurope/alerts/2518136982923187680_ef6aa4e6-9c60-4405-8f08-f465e8e50cd2\",\r\n \"name\": \"2518136982923187680_ef6aa4e6-9c60-4405-8f08-f465e8e50cd2\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft\",\r\n \"alertDisplayName\": \"Azure Security Center test alert (not a threat)\",\r\n \"alertName\": \"VM_EICAR\",\r\n \"detectedTimeUtc\": \"2020-05-04T14:28:27.6812319Z\",\r\n \"description\": \"This is a test alert generated by Azure Security Center. No further action is needed.\",\r\n \"remediationSteps\": \"No further action is needed.\",\r\n \"actionTaken\": \"Undefined\",\r\n \"reportedSeverity\": \"High\",\r\n \"compromisedEntity\": \"ALERTSTEST\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"ef6aa4e6-9c60-4405-8f08-f465e8e50cd2\",\r\n \"extendedProperties\": {\r\n \"compromised Host\": \"ALERTSTEST\",\r\n \"user Name\": \"WORKGROUP\\\\alertsTest$\",\r\n \"account Session Id\": \"0x3e7\",\r\n \"suspicious Process\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe\",\r\n \"suspicious Command Line\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"parent Process\": \"c:\\\\windows\\\\system32\\\\svchost.exe\",\r\n \"suspicious Process Id\": \"0x688\",\r\n \"arguments Auditing Enabled\": \"true\",\r\n \"enrichment_tas_threat__reports\": \"{\\\"Kind\\\":\\\"MultiLink\\\",\\\"DisplayValueToUrlDictionary\\\":{\\\"Report: EICAR File\\\":\\\"https://interflowwebportalext.trafficmanager.net/reports/DisplayReport?callerIdentity=ddd5443d-e6f4-441c-b52b-5278d2f21dfa&reportCreateDateTime=2020-05-04T09%3a13%3a05&reportName=MSTI-TS-EICAR-File.pdf&tenantId=387eb67f-0039-43ad-81b9-b66c6c0b1951&urlCreateDateTime=2020-05-04T09%3a13%3a05&token=aRLLv1q8UI%20eVn54OVy%20WbqcH7H9dSGDUOuWywymCrQ=\\\"}}\",\r\n \"resourceType\": \"Virtual Machine\"\r\n },\r\n \"state\": \"Dismissed\",\r\n \"reportedTimeUtc\": \"2020-05-04T14:29:05.5983077Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/mainws/providers/microsoft.operationalinsights/workspaces/securityuserws\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": [\r\n {\r\n \"$id\": \"westeurope_1\",\r\n \"dnsDomain\": \"\",\r\n \"ntDomain\": \"\",\r\n \"hostName\": \"ALERTSTEST\",\r\n \"netBiosName\": \"ALERTSTEST\",\r\n \"azureID\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"omsAgentID\": \"6bc4f1df-17e1-40f0-8227-f1635aea54dd\",\r\n \"osFamily\": \"Windows\",\r\n \"osVersion\": \"Windows\",\r\n \"isDomainJoined\": false,\r\n \"type\": \"host\"\r\n },\r\n {\r\n \"$id\": \"westeurope_2\",\r\n \"directory\": \"c:\\\\windows\\\\system32\",\r\n \"name\": \"svchost.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_3\",\r\n \"processId\": \"0x6ec\",\r\n \"commandLine\": \"\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_2\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_1\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_4\",\r\n \"name\": \"alertsTest$\",\r\n \"ntDomain\": \"WORKGROUP\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_1\"\r\n },\r\n \"sid\": \"S-1-5-18\",\r\n \"isDomainJoined\": true,\r\n \"type\": \"account\",\r\n \"LogonId\": \"0x3e7\"\r\n },\r\n {\r\n \"$id\": \"westeurope_5\",\r\n \"directory\": \"c:\\\\scripts\",\r\n \"name\": \"asc_alerttest_662jfi039n.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_6\",\r\n \"processId\": \"0x688\",\r\n \"commandLine\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"elevationToken\": \"Default\",\r\n \"creationTimeUtc\": \"2020-05-04T14:28:27.6812319Z\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_5\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_4\"\r\n },\r\n \"parentProcess\": {\r\n \"$ref\": \"westeurope_3\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_1\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_7\",\r\n \"sessionId\": \"0x3e7\",\r\n \"startTimeUtc\": \"2020-05-04T14:28:27.6812319Z\",\r\n \"endTimeUtc\": \"2020-05-04T14:28:27.6812319Z\",\r\n \"type\": \"host-logon-session\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_1\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_4\"\r\n }\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Security/locations/westeurope/alerts/2518137000923212703_d25bac04-7492-4ece-9d75-7a377d74d833\",\r\n \"name\": \"2518137000923212703_d25bac04-7492-4ece-9d75-7a377d74d833\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft\",\r\n \"alertDisplayName\": \"Azure Security Center test alert (not a threat)\",\r\n \"alertName\": \"VM_EICAR\",\r\n \"detectedTimeUtc\": \"2020-05-04T13:58:27.6787296Z\",\r\n \"description\": \"This is a test alert generated by Azure Security Center. No further action is needed.\",\r\n \"remediationSteps\": \"No further action is needed.\",\r\n \"actionTaken\": \"Undefined\",\r\n \"reportedSeverity\": \"High\",\r\n \"compromisedEntity\": \"ALERTSTEST\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"d25bac04-7492-4ece-9d75-7a377d74d833\",\r\n \"extendedProperties\": {\r\n \"compromised Host\": \"ALERTSTEST\",\r\n \"user Name\": \"WORKGROUP\\\\alertsTest$\",\r\n \"account Session Id\": \"0x3e7\",\r\n \"suspicious Process\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe\",\r\n \"suspicious Command Line\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"parent Process\": \"c:\\\\windows\\\\system32\\\\svchost.exe\",\r\n \"suspicious Process Id\": \"0x1c7c\",\r\n \"arguments Auditing Enabled\": \"true\",\r\n \"enrichment_tas_threat__reports\": \"{\\\"Kind\\\":\\\"MultiLink\\\",\\\"DisplayValueToUrlDictionary\\\":{\\\"Report: EICAR File\\\":\\\"https://interflowwebportalext.trafficmanager.net/reports/DisplayReport?callerIdentity=ddd5443d-e6f4-441c-b52b-5278d2f21dfa&reportCreateDateTime=2020-05-04T09%3a13%3a05&reportName=MSTI-TS-EICAR-File.pdf&tenantId=387eb67f-0039-43ad-81b9-b66c6c0b1951&urlCreateDateTime=2020-05-04T09%3a13%3a05&token=aRLLv1q8UI%20eVn54OVy%20WbqcH7H9dSGDUOuWywymCrQ=\\\"}}\",\r\n \"resourceType\": \"Virtual Machine\"\r\n },\r\n \"state\": \"Dismissed\",\r\n \"reportedTimeUtc\": \"2020-05-04T13:58:34.2198556Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/mainws/providers/microsoft.operationalinsights/workspaces/securityuserws\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": [\r\n {\r\n \"$id\": \"westeurope_8\",\r\n \"dnsDomain\": \"\",\r\n \"ntDomain\": \"\",\r\n \"hostName\": \"ALERTSTEST\",\r\n \"netBiosName\": \"ALERTSTEST\",\r\n \"azureID\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"omsAgentID\": \"6bc4f1df-17e1-40f0-8227-f1635aea54dd\",\r\n \"osFamily\": \"Windows\",\r\n \"osVersion\": \"Windows\",\r\n \"isDomainJoined\": false,\r\n \"type\": \"host\"\r\n },\r\n {\r\n \"$id\": \"westeurope_9\",\r\n \"directory\": \"c:\\\\windows\\\\system32\",\r\n \"name\": \"svchost.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_10\",\r\n \"processId\": \"0x6ec\",\r\n \"commandLine\": \"\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_9\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_8\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_11\",\r\n \"name\": \"alertsTest$\",\r\n \"ntDomain\": \"WORKGROUP\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_8\"\r\n },\r\n \"sid\": \"S-1-5-18\",\r\n \"isDomainJoined\": true,\r\n \"type\": \"account\",\r\n \"LogonId\": \"0x3e7\"\r\n },\r\n {\r\n \"$id\": \"westeurope_12\",\r\n \"directory\": \"c:\\\\scripts\",\r\n \"name\": \"asc_alerttest_662jfi039n.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_13\",\r\n \"processId\": \"0x1c7c\",\r\n \"commandLine\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"elevationToken\": \"Default\",\r\n \"creationTimeUtc\": \"2020-05-04T13:58:27.6787296Z\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_12\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_11\"\r\n },\r\n \"parentProcess\": {\r\n \"$ref\": \"westeurope_10\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_8\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_14\",\r\n \"sessionId\": \"0x3e7\",\r\n \"startTimeUtc\": \"2020-05-04T13:58:27.6787296Z\",\r\n \"endTimeUtc\": \"2020-05-04T13:58:27.6787296Z\",\r\n \"type\": \"host-logon-session\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_8\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_11\"\r\n }\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Security/locations/westeurope/alerts/2518137018913138372_93d99441-2eff-436e-ab25-0307b3484bb4\",\r\n \"name\": \"2518137018913138372_93d99441-2eff-436e-ab25-0307b3484bb4\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft\",\r\n \"alertDisplayName\": \"Azure Security Center test alert (not a threat)\",\r\n \"alertName\": \"VM_EICAR\",\r\n \"detectedTimeUtc\": \"2020-05-04T13:28:28.6861627Z\",\r\n \"description\": \"This is a test alert generated by Azure Security Center. No further action is needed.\",\r\n \"remediationSteps\": \"No further action is needed.\",\r\n \"actionTaken\": \"Undefined\",\r\n \"reportedSeverity\": \"High\",\r\n \"compromisedEntity\": \"ALERTSTEST\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"93d99441-2eff-436e-ab25-0307b3484bb4\",\r\n \"extendedProperties\": {\r\n \"compromised Host\": \"ALERTSTEST\",\r\n \"user Name\": \"WORKGROUP\\\\alertsTest$\",\r\n \"account Session Id\": \"0x3e7\",\r\n \"suspicious Process\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe\",\r\n \"suspicious Command Line\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"parent Process\": \"c:\\\\windows\\\\system32\\\\svchost.exe\",\r\n \"suspicious Process Id\": \"0x122c\",\r\n \"arguments Auditing Enabled\": \"true\",\r\n \"enrichment_tas_threat__reports\": \"{\\\"Kind\\\":\\\"MultiLink\\\",\\\"DisplayValueToUrlDictionary\\\":{\\\"Report: EICAR File\\\":\\\"https://interflowwebportalext.trafficmanager.net/reports/DisplayReport?callerIdentity=ddd5443d-e6f4-441c-b52b-5278d2f21dfa&reportCreateDateTime=2020-05-04T08%3a32%3a57&reportName=MSTI-TS-EICAR-File.pdf&tenantId=1c68e967-70a6-4cda-a34b-6d281cffe06e&urlCreateDateTime=2020-05-04T08%3a32%3a57&token=s7wyF62JLdEde8/SccnrGqIJxUOajFUpTETdhi3lCyY=\\\"}}\",\r\n \"resourceType\": \"Virtual Machine\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2020-05-04T13:28:59.9528247Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/mainws/providers/microsoft.operationalinsights/workspaces/securityuserws\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": [\r\n {\r\n \"$id\": \"westeurope_15\",\r\n \"dnsDomain\": \"\",\r\n \"ntDomain\": \"\",\r\n \"hostName\": \"ALERTSTEST\",\r\n \"netBiosName\": \"ALERTSTEST\",\r\n \"azureID\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"omsAgentID\": \"6bc4f1df-17e1-40f0-8227-f1635aea54dd\",\r\n \"osFamily\": \"Windows\",\r\n \"osVersion\": \"Windows\",\r\n \"isDomainJoined\": false,\r\n \"type\": \"host\"\r\n },\r\n {\r\n \"$id\": \"westeurope_16\",\r\n \"directory\": \"c:\\\\windows\\\\system32\",\r\n \"name\": \"svchost.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_17\",\r\n \"processId\": \"0x6ec\",\r\n \"commandLine\": \"\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_16\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_15\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_18\",\r\n \"name\": \"alertsTest$\",\r\n \"ntDomain\": \"WORKGROUP\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_15\"\r\n },\r\n \"sid\": \"S-1-5-18\",\r\n \"isDomainJoined\": true,\r\n \"type\": \"account\",\r\n \"LogonId\": \"0x3e7\"\r\n },\r\n {\r\n \"$id\": \"westeurope_19\",\r\n \"directory\": \"c:\\\\scripts\",\r\n \"name\": \"asc_alerttest_662jfi039n.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_20\",\r\n \"processId\": \"0x122c\",\r\n \"commandLine\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"elevationToken\": \"Default\",\r\n \"creationTimeUtc\": \"2020-05-04T13:28:28.6861627Z\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_19\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_18\"\r\n },\r\n \"parentProcess\": {\r\n \"$ref\": \"westeurope_17\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_15\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_21\",\r\n \"sessionId\": \"0x3e7\",\r\n \"startTimeUtc\": \"2020-05-04T13:28:28.6861627Z\",\r\n \"endTimeUtc\": \"2020-05-04T13:28:28.6861627Z\",\r\n \"type\": \"host-logon-session\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_15\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_18\"\r\n }\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Security/locations/westeurope/alerts/2518137035665338254_a345cb85-18aa-4d14-9293-e4d2ba15cb9d\",\r\n \"name\": \"2518137035665338254_a345cb85-18aa-4d14-9293-e4d2ba15cb9d\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft\",\r\n \"alertDisplayName\": \"Azure Security Center test alert (not a threat)\",\r\n \"alertName\": \"VM_EICAR\",\r\n \"detectedTimeUtc\": \"2020-05-04T13:00:33.4661745Z\",\r\n \"description\": \"This is a test alert generated by Azure Security Center. No further action is needed.\",\r\n \"remediationSteps\": \"No further action is needed.\",\r\n \"actionTaken\": \"Undefined\",\r\n \"reportedSeverity\": \"High\",\r\n \"compromisedEntity\": \"ALERTSTEST\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"a345cb85-18aa-4d14-9293-e4d2ba15cb9d\",\r\n \"extendedProperties\": {\r\n \"compromised Host\": \"ALERTSTEST\",\r\n \"user Name\": \"WORKGROUP\\\\alertsTest$\",\r\n \"account Session Id\": \"0x3e7\",\r\n \"suspicious Process\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe\",\r\n \"suspicious Command Line\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"parent Process\": \"c:\\\\windows\\\\system32\\\\svchost.exe\",\r\n \"suspicious Process Id\": \"0xe38\",\r\n \"arguments Auditing Enabled\": \"true\",\r\n \"enrichment_tas_threat__reports\": \"{\\\"Kind\\\":\\\"MultiLink\\\",\\\"DisplayValueToUrlDictionary\\\":{\\\"Report: EICAR File\\\":\\\"https://interflowwebportalext.trafficmanager.net/reports/DisplayReport?callerIdentity=ddd5443d-e6f4-441c-b52b-5278d2f21dfa&reportCreateDateTime=2020-05-04T09%3a13%3a05&reportName=MSTI-TS-EICAR-File.pdf&tenantId=387eb67f-0039-43ad-81b9-b66c6c0b1951&urlCreateDateTime=2020-05-04T09%3a13%3a05&token=aRLLv1q8UI%20eVn54OVy%20WbqcH7H9dSGDUOuWywymCrQ=\\\"}}\",\r\n \"resourceType\": \"Virtual Machine\"\r\n },\r\n \"state\": \"Dismissed\",\r\n \"reportedTimeUtc\": \"2020-05-04T13:00:37.889087Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/mainws/providers/microsoft.operationalinsights/workspaces/securityuserws\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": [\r\n {\r\n \"$id\": \"westeurope_22\",\r\n \"dnsDomain\": \"\",\r\n \"ntDomain\": \"\",\r\n \"hostName\": \"ALERTSTEST\",\r\n \"netBiosName\": \"ALERTSTEST\",\r\n \"azureID\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"omsAgentID\": \"6bc4f1df-17e1-40f0-8227-f1635aea54dd\",\r\n \"osFamily\": \"Windows\",\r\n \"osVersion\": \"Windows\",\r\n \"isDomainJoined\": false,\r\n \"type\": \"host\"\r\n },\r\n {\r\n \"$id\": \"westeurope_23\",\r\n \"directory\": \"c:\\\\windows\\\\system32\",\r\n \"name\": \"svchost.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_24\",\r\n \"processId\": \"0x6ec\",\r\n \"commandLine\": \"\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_23\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_22\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_25\",\r\n \"name\": \"alertsTest$\",\r\n \"ntDomain\": \"WORKGROUP\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_22\"\r\n },\r\n \"sid\": \"S-1-5-18\",\r\n \"isDomainJoined\": true,\r\n \"type\": \"account\",\r\n \"LogonId\": \"0x3e7\"\r\n },\r\n {\r\n \"$id\": \"westeurope_26\",\r\n \"directory\": \"c:\\\\scripts\",\r\n \"name\": \"asc_alerttest_662jfi039n.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_27\",\r\n \"processId\": \"0xe38\",\r\n \"commandLine\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"elevationToken\": \"Default\",\r\n \"creationTimeUtc\": \"2020-05-04T13:00:33.4661745Z\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_26\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_25\"\r\n },\r\n \"parentProcess\": {\r\n \"$ref\": \"westeurope_24\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_22\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_28\",\r\n \"sessionId\": \"0x3e7\",\r\n \"startTimeUtc\": \"2020-05-04T13:00:33.4661745Z\",\r\n \"endTimeUtc\": \"2020-05-04T13:00:33.4661745Z\",\r\n \"type\": \"host-logon-session\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_22\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_25\"\r\n }\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Security/locations/westeurope/alerts/2518137036458453383_d763b77f-129c-4e95-af39-5c4b4c411b5b\",\r\n \"name\": \"2518137036458453383_d763b77f-129c-4e95-af39-5c4b4c411b5b\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft\",\r\n \"alertDisplayName\": \"Azure Security Center test alert (not a threat)\",\r\n \"alertName\": \"VM_EICAR\",\r\n \"detectedTimeUtc\": \"2020-05-04T12:59:14.1546616Z\",\r\n \"description\": \"This is a test alert generated by Azure Security Center. No further action is needed.\",\r\n \"remediationSteps\": \"No further action is needed.\",\r\n \"actionTaken\": \"Undefined\",\r\n \"reportedSeverity\": \"High\",\r\n \"compromisedEntity\": \"ALERTSTEST\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"d763b77f-129c-4e95-af39-5c4b4c411b5b\",\r\n \"extendedProperties\": {\r\n \"compromised Host\": \"ALERTSTEST\",\r\n \"user Name\": \"WORKGROUP\\\\alertsTest$\",\r\n \"account Session Id\": \"0x3e7\",\r\n \"suspicious Process\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe\",\r\n \"suspicious Command Line\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"parent Process\": \"c:\\\\windows\\\\system32\\\\svchost.exe\",\r\n \"suspicious Process Id\": \"0xe7c\",\r\n \"arguments Auditing Enabled\": \"true\",\r\n \"enrichment_tas_threat__reports\": \"{\\\"Kind\\\":\\\"MultiLink\\\",\\\"DisplayValueToUrlDictionary\\\":{\\\"Report: EICAR File\\\":\\\"https://interflowwebportalext.trafficmanager.net/reports/DisplayReport?callerIdentity=ddd5443d-e6f4-441c-b52b-5278d2f21dfa&reportCreateDateTime=2020-05-04T08%3a32%3a57&reportName=MSTI-TS-EICAR-File.pdf&tenantId=1c68e967-70a6-4cda-a34b-6d281cffe06e&urlCreateDateTime=2020-05-04T08%3a32%3a57&token=s7wyF62JLdEde8/SccnrGqIJxUOajFUpTETdhi3lCyY=\\\"}}\",\r\n \"resourceType\": \"Virtual Machine\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2020-05-04T12:59:35.6273663Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/mainws/providers/microsoft.operationalinsights/workspaces/securityuserws\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": [\r\n {\r\n \"$id\": \"westeurope_29\",\r\n \"dnsDomain\": \"\",\r\n \"ntDomain\": \"\",\r\n \"hostName\": \"ALERTSTEST\",\r\n \"netBiosName\": \"ALERTSTEST\",\r\n \"azureID\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"omsAgentID\": \"6bc4f1df-17e1-40f0-8227-f1635aea54dd\",\r\n \"osFamily\": \"Windows\",\r\n \"osVersion\": \"Windows\",\r\n \"isDomainJoined\": false,\r\n \"type\": \"host\"\r\n },\r\n {\r\n \"$id\": \"westeurope_30\",\r\n \"directory\": \"c:\\\\windows\\\\system32\",\r\n \"name\": \"svchost.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_31\",\r\n \"processId\": \"0x6ec\",\r\n \"commandLine\": \"\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_30\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_29\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_32\",\r\n \"name\": \"alertsTest$\",\r\n \"ntDomain\": \"WORKGROUP\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_29\"\r\n },\r\n \"sid\": \"S-1-5-18\",\r\n \"isDomainJoined\": true,\r\n \"type\": \"account\",\r\n \"LogonId\": \"0x3e7\"\r\n },\r\n {\r\n \"$id\": \"westeurope_33\",\r\n \"directory\": \"c:\\\\scripts\",\r\n \"name\": \"asc_alerttest_662jfi039n.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_34\",\r\n \"processId\": \"0xe7c\",\r\n \"commandLine\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"elevationToken\": \"Default\",\r\n \"creationTimeUtc\": \"2020-05-04T12:59:14.1546616Z\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_33\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_32\"\r\n },\r\n \"parentProcess\": {\r\n \"$ref\": \"westeurope_31\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_29\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_35\",\r\n \"sessionId\": \"0x3e7\",\r\n \"startTimeUtc\": \"2020-05-04T12:59:14.1546616Z\",\r\n \"endTimeUtc\": \"2020-05-04T12:59:14.1546616Z\",\r\n \"type\": \"host-logon-session\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_29\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_32\"\r\n }\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Security/locations/westeurope/alerts/2518137036914144805_a3d0999b-cdfc-41d9-9d28-ee1335f03081\",\r\n \"name\": \"2518137036914144805_a3d0999b-cdfc-41d9-9d28-ee1335f03081\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft\",\r\n \"alertDisplayName\": \"Azure Security Center test alert (not a threat)\",\r\n \"alertName\": \"VM_EICAR\",\r\n \"detectedTimeUtc\": \"2020-05-04T12:58:28.5855194Z\",\r\n \"description\": \"This is a test alert generated by Azure Security Center. No further action is needed.\",\r\n \"remediationSteps\": \"No further action is needed.\",\r\n \"actionTaken\": \"Undefined\",\r\n \"reportedSeverity\": \"High\",\r\n \"compromisedEntity\": \"ALERTSTEST\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"a3d0999b-cdfc-41d9-9d28-ee1335f03081\",\r\n \"extendedProperties\": {\r\n \"compromised Host\": \"ALERTSTEST\",\r\n \"user Name\": \"WORKGROUP\\\\alertsTest$\",\r\n \"account Session Id\": \"0x3e7\",\r\n \"suspicious Process\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe\",\r\n \"suspicious Command Line\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"parent Process\": \"c:\\\\windows\\\\system32\\\\svchost.exe\",\r\n \"suspicious Process Id\": \"0xfac\",\r\n \"arguments Auditing Enabled\": \"true\",\r\n \"enrichment_tas_threat__reports\": \"{\\\"Kind\\\":\\\"MultiLink\\\",\\\"DisplayValueToUrlDictionary\\\":{\\\"Report: EICAR File\\\":\\\"https://interflowwebportalext.trafficmanager.net/reports/DisplayReport?callerIdentity=ddd5443d-e6f4-441c-b52b-5278d2f21dfa&reportCreateDateTime=2020-05-04T09%3a23%3a00&reportName=MSTI-TS-EICAR-File.pdf&tenantId=b11492db-77a6-4ec0-9ff7-17b6ba420e1e&urlCreateDateTime=2020-05-04T09%3a23%3a00&token=XhSuWhrbEKAk2sXS1TcK0SVTLOehFDirzLCUSUoWPL4=\\\"}}\",\r\n \"resourceType\": \"Virtual Machine\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2020-05-04T12:58:46.4927078Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/mainws/providers/microsoft.operationalinsights/workspaces/securityuserws\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": [\r\n {\r\n \"$id\": \"westeurope_36\",\r\n \"dnsDomain\": \"\",\r\n \"ntDomain\": \"\",\r\n \"hostName\": \"ALERTSTEST\",\r\n \"netBiosName\": \"ALERTSTEST\",\r\n \"azureID\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"omsAgentID\": \"6bc4f1df-17e1-40f0-8227-f1635aea54dd\",\r\n \"osFamily\": \"Windows\",\r\n \"osVersion\": \"Windows\",\r\n \"isDomainJoined\": false,\r\n \"type\": \"host\"\r\n },\r\n {\r\n \"$id\": \"westeurope_37\",\r\n \"directory\": \"c:\\\\windows\\\\system32\",\r\n \"name\": \"svchost.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_38\",\r\n \"processId\": \"0x6ec\",\r\n \"commandLine\": \"\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_37\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_36\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_39\",\r\n \"name\": \"alertsTest$\",\r\n \"ntDomain\": \"WORKGROUP\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_36\"\r\n },\r\n \"sid\": \"S-1-5-18\",\r\n \"isDomainJoined\": true,\r\n \"type\": \"account\",\r\n \"LogonId\": \"0x3e7\"\r\n },\r\n {\r\n \"$id\": \"westeurope_40\",\r\n \"directory\": \"c:\\\\scripts\",\r\n \"name\": \"asc_alerttest_662jfi039n.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_41\",\r\n \"processId\": \"0xfac\",\r\n \"commandLine\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"elevationToken\": \"Default\",\r\n \"creationTimeUtc\": \"2020-05-04T12:58:28.5855194Z\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_40\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_39\"\r\n },\r\n \"parentProcess\": {\r\n \"$ref\": \"westeurope_38\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_36\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_42\",\r\n \"sessionId\": \"0x3e7\",\r\n \"startTimeUtc\": \"2020-05-04T12:58:28.5855194Z\",\r\n \"endTimeUtc\": \"2020-05-04T12:58:28.5855194Z\",\r\n \"type\": \"host-logon-session\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_36\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_39\"\r\n }\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Security/locations/westeurope/alerts/2518137037321194617_adafe5f0-ade9-47b4-86f3-3155038827f6\",\r\n \"name\": \"2518137037321194617_adafe5f0-ade9-47b4-86f3-3155038827f6\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft\",\r\n \"alertDisplayName\": \"Azure Security Center test alert (not a threat)\",\r\n \"alertName\": \"VM_EICAR\",\r\n \"detectedTimeUtc\": \"2020-05-04T12:57:47.8805382Z\",\r\n \"description\": \"This is a test alert generated by Azure Security Center. No further action is needed.\",\r\n \"remediationSteps\": \"No further action is needed.\",\r\n \"actionTaken\": \"Undefined\",\r\n \"reportedSeverity\": \"High\",\r\n \"compromisedEntity\": \"ALERTSTEST\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"adafe5f0-ade9-47b4-86f3-3155038827f6\",\r\n \"extendedProperties\": {\r\n \"compromised Host\": \"ALERTSTEST\",\r\n \"user Name\": \"WORKGROUP\\\\alertsTest$\",\r\n \"account Session Id\": \"0x3e7\",\r\n \"suspicious Process\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe\",\r\n \"suspicious Command Line\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"parent Process\": \"c:\\\\windows\\\\system32\\\\svchost.exe\",\r\n \"suspicious Process Id\": \"0x1d50\",\r\n \"arguments Auditing Enabled\": \"true\",\r\n \"enrichment_tas_threat__reports\": \"{\\\"Kind\\\":\\\"MultiLink\\\",\\\"DisplayValueToUrlDictionary\\\":{\\\"Report: EICAR File\\\":\\\"https://interflowwebportalext.trafficmanager.net/reports/DisplayReport?callerIdentity=ddd5443d-e6f4-441c-b52b-5278d2f21dfa&reportCreateDateTime=2020-05-04T08%3a32%3a57&reportName=MSTI-TS-EICAR-File.pdf&tenantId=1c68e967-70a6-4cda-a34b-6d281cffe06e&urlCreateDateTime=2020-05-04T08%3a32%3a57&token=s7wyF62JLdEde8/SccnrGqIJxUOajFUpTETdhi3lCyY=\\\"}}\",\r\n \"resourceType\": \"Virtual Machine\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2020-05-04T12:57:53.7990186Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/mainws/providers/microsoft.operationalinsights/workspaces/securityuserws\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": [\r\n {\r\n \"$id\": \"westeurope_43\",\r\n \"dnsDomain\": \"\",\r\n \"ntDomain\": \"\",\r\n \"hostName\": \"ALERTSTEST\",\r\n \"netBiosName\": \"ALERTSTEST\",\r\n \"azureID\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"omsAgentID\": \"6bc4f1df-17e1-40f0-8227-f1635aea54dd\",\r\n \"osFamily\": \"Windows\",\r\n \"osVersion\": \"Windows\",\r\n \"isDomainJoined\": false,\r\n \"type\": \"host\"\r\n },\r\n {\r\n \"$id\": \"westeurope_44\",\r\n \"directory\": \"c:\\\\windows\\\\system32\",\r\n \"name\": \"svchost.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_45\",\r\n \"processId\": \"0x6ec\",\r\n \"commandLine\": \"\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_44\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_43\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_46\",\r\n \"name\": \"alertsTest$\",\r\n \"ntDomain\": \"WORKGROUP\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_43\"\r\n },\r\n \"sid\": \"S-1-5-18\",\r\n \"isDomainJoined\": true,\r\n \"type\": \"account\",\r\n \"LogonId\": \"0x3e7\"\r\n },\r\n {\r\n \"$id\": \"westeurope_47\",\r\n \"directory\": \"c:\\\\scripts\",\r\n \"name\": \"asc_alerttest_662jfi039n.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_48\",\r\n \"processId\": \"0x1d50\",\r\n \"commandLine\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"elevationToken\": \"Default\",\r\n \"creationTimeUtc\": \"2020-05-04T12:57:47.8805382Z\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_47\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_46\"\r\n },\r\n \"parentProcess\": {\r\n \"$ref\": \"westeurope_45\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_43\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_49\",\r\n \"sessionId\": \"0x3e7\",\r\n \"startTimeUtc\": \"2020-05-04T12:57:47.8805382Z\",\r\n \"endTimeUtc\": \"2020-05-04T12:57:47.8805382Z\",\r\n \"type\": \"host-logon-session\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_43\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_46\"\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n}",
"StatusCode": 200
}
],
"Names": {},
- "Variables": {
- "SubscriptionId": "487bb485-b5b0-471e-9c0d-10717612f869"
- }
+ "Variables": {}
}
\ No newline at end of file
diff --git a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/SecurityAlertsTests/SecurityAlerts_ListByResourceGroup.json b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/SecurityAlertsTests/SecurityAlerts_ListByResourceGroup.json
index fb47e87b65cf..ac1392adec56 100644
--- a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/SecurityAlertsTests/SecurityAlerts_ListByResourceGroup.json
+++ b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/SecurityAlertsTests/SecurityAlerts_ListByResourceGroup.json
@@ -7,7 +7,7 @@
"RequestBody": "",
"RequestHeaders": {
"x-ms-client-request-id": [
- "42be717e-788f-4f2e-af0e-e0bd752639d8"
+ "374a277a-db2e-4f43-aa48-070cf9a01a5f"
],
"accept-language": [
"en-US"
@@ -15,8 +15,8 @@
"User-Agent": [
"FxVersion/4.6.26614.01",
"OSName/Windows",
- "OSVersion/Microsoft.Windows.10.0.17763.",
- "Microsoft.Azure.Management.Security.SecurityCenterClient/0.11.0.0"
+ "OSVersion/Microsoft.Windows.10.0.18363.",
+ "Microsoft.Azure.Management.Security.SecurityCenterClient/1.1.3.0"
]
},
"ResponseHeaders": {
@@ -24,26 +24,26 @@
"no-cache"
],
"Date": [
- "Mon, 04 Mar 2019 16:02:03 GMT"
+ "Mon, 04 May 2020 14:43:06 GMT"
],
"Pragma": [
"no-cache"
],
"x-ms-original-request-ids": [
- "c3893e4d-cb5c-4fc4-89a9-eedfc06aecc0",
- "95259c0c-0c51-4b05-909c-afc2130d5732"
+ "fe38d25b-c6d3-43bc-8042-048ff95d6759",
+ "f36840d1-1a34-4544-9d37-39d56dcecdf2"
],
"x-ms-ratelimit-remaining-subscription-resource-requests": [
- "748"
+ "749"
],
"x-ms-request-id": [
- "0aeb7f37-51c2-4b16-b9d0-6954fc4ba611"
+ "31d22339-70dc-49f6-910a-01d692362a56"
],
"x-ms-correlation-request-id": [
- "0aeb7f37-51c2-4b16-b9d0-6954fc4ba611"
+ "31d22339-70dc-49f6-910a-01d692362a56"
],
"x-ms-routing-request-id": [
- "UKWEST:20190304T160204Z:0aeb7f37-51c2-4b16-b9d0-6954fc4ba611"
+ "GERMANYWESTCENTRAL:20200504T144306Z:31d22339-70dc-49f6-910a-01d692362a56"
],
"Strict-Transport-Security": [
"max-age=31536000; includeSubDomains"
@@ -52,7 +52,7 @@
"nosniff"
],
"Content-Length": [
- "169158"
+ "25641"
],
"Content-Type": [
"application/json; charset=utf-8"
@@ -61,17 +61,17 @@
"-1"
]
},
- "ResponseBody": "{\r\n \"value\": [\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/rg/providers/Microsoft.Security/locations/centralus/alerts/2518532788749999999_66276b36-db2a-4b2c-84ad-9676fe753a01\",\r\n \"name\": \"2518532788749999999_66276b36-db2a-4b2c-84ad-9676fe753a01\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft\",\r\n \"alertDisplayName\": \"Web fingerprinting detected\",\r\n \"alertName\": \"APPS_Nmap\",\r\n \"detectedTimeUtc\": \"2019-03-03T17:40:43Z\",\r\n \"description\": \"Azure App Service activity log indicates a possible web fingerprinting activity on your App Service resource.The suspicious activity detected is associated with NMAP. Attackers often use this tool for probing the web application to find vulnerabilities.\",\r\n \"remediationSteps\": \"If only specific IP addresses should be allowed to access the web app, set IP restrictions (https://docs.microsoft.com/azure/app-service/app-service-ip-restrictions) for it.\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"High\",\r\n \"compromisedEntity\": \"sitename\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/rg/providers/Microsoft.Web/sites/sitename\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"b3d77198-6f95-40ed-9675-10001c2e93cc\",\r\n \"extendedProperties\": {\r\n \"last Event Time\": \"2/11/2019 5:40:46 PM\",\r\n \"sample URIs\": \"/sdk, /, /.git/HEAD, /favicon.ico, /evox/about, /robots.txt, /nmaplowercheck1549906843, /HNAP1\",\r\n \"sample User Agents\": \"Mozilla/5.0+(compatible;+Nmap+Scripting+Engine;+https://nmap.org/book/nse.html)\",\r\n \"sample Referer\": \"-\",\r\n \"resourceType\": \"App Service\"\r\n },\r\n \"state\": \"Dismissed\",\r\n \"reportedTimeUtc\": \"2019-03-03T20:41:03.846Z\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": [\r\n {\r\n \"$id\": \"centralus_1\",\r\n \"hostName\": \"sitename\",\r\n \"azureID\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/rg/providers/Microsoft.Web/sites/sitename\",\r\n \"type\": \"host\"\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/providers/Microsoft.Security/locations/centralus/alerts/2518532788749999999_66276b36-db2a-4b2c-84ad-9676fe753a02\",\r\n \"name\": \"2518532788749999999_66276b36-db2a-4b2c-84ad-9676fe753a02\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft\",\r\n \"alertDisplayName\": \"Web fingerprinting detected\",\r\n \"alertName\": \"APPS_Nmap\",\r\n \"detectedTimeUtc\": \"2019-03-03T17:40:43Z\",\r\n \"description\": \"Azure App Service activity log indicates a possible web fingerprinting activity on your App Service resource.The suspicious activity detected is associated with NMAP. Attackers often use this tool for probing the web application to find vulnerabilities.\",\r\n \"remediationSteps\": \"If only specific IP addresses should be allowed to access the web app, set IP restrictions (https://docs.microsoft.com/azure/app-service/app-service-ip-restrictions) for it.\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"High\",\r\n \"compromisedEntity\": \"sitename\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/providers/Microsoft.Web/sites/sitename\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"b3d77198-6f95-40ed-9675-10001c2e93cd\",\r\n \"extendedProperties\": {\r\n \"last Event Time\": \"2/11/2019 5:40:46 PM\",\r\n \"sample URIs\": \"/sdk, /, /.git/HEAD, /favicon.ico, /evox/about, /robots.txt, /nmaplowercheck1549906843, /HNAP1\",\r\n \"sample User Agents\": \"Mozilla/5.0+(compatible;+Nmap+Scripting+Engine;+https://nmap.org/book/nse.html)\",\r\n \"sample Referer\": \"-\",\r\n \"resourceType\": \"App Service\"\r\n },\r\n \"state\": \"Dismissed\",\r\n \"reportedTimeUtc\": \"2019-03-03T20:41:03.846Z\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": [\r\n {\r\n \"$id\": \"centralus_2\",\r\n \"hostName\": \"sitename\",\r\n \"azureID\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/providers/Microsoft.Web/sites/sitename\",\r\n \"type\": \"host\"\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518505891999999999_c908c4ae-9a04-4d98-bb7e-18c82dfd9a81\",\r\n \"name\": \"2518505891999999999_c908c4ae-9a04-4d98-bb7e-18c82dfd9a81\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-04T15:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"c908c4ae-9a04-4d98-bb7e-18c82dfd9a81\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"159.192.218.25\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T16:00:11.489254Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518505927999999999_38e859b9-60eb-406d-aa42-a54dc5be9b17\",\r\n \"name\": \"2518505927999999999_38e859b9-60eb-406d-aa42-a54dc5be9b17\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-04T14:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"38e859b9-60eb-406d-aa42-a54dc5be9b17\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T15:00:56.8950851Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518505927999999999_3c3f8a61-1245-4e92-be38-ac054249f4a2\",\r\n \"name\": \"2518505927999999999_3c3f8a61-1245-4e92-be38-ac054249f4a2\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-04T14:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with scripting/generic HTTP client Matched Data: python-requests found within REQUEST_HEADERS:User-Agent: python-requests/2.6.0 CPython/2.7.5 Linux/3.10.0-957.1.3.el7.x86_64\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"3c3f8a61-1245-4e92-be38-ac054249f4a2\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T15:00:56.8950851Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518505927999999999_f646ad4c-8a5d-4355-9dfc-56a3f2521310\",\r\n \"name\": \"2518505927999999999_f646ad4c-8a5d-4355-9dfc-56a3f2521310\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-04T14:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 8)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"f646ad4c-8a5d-4355-9dfc-56a3f2521310\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T15:00:56.4081088Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518505963999999999_7e0b842e-b80f-4544-979d-952ed3b60db6\",\r\n \"name\": \"2518505963999999999_7e0b842e-b80f-4544-979d-952ed3b60db6\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-04T13:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"7e0b842e-b80f-4544-979d-952ed3b60db6\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"103.94.170.218,113.161.130.251\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T14:00:41.0033381Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506035999999999_4316a00c-7ac8-4b34-8b74-cf73e2a91b70\",\r\n \"name\": \"2518506035999999999_4316a00c-7ac8-4b34-8b74-cf73e2a91b70\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-04T11:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with scripting/generic HTTP client Matched Data: python-requests found within REQUEST_HEADERS:User-Agent: python-requests/2.6.0 CPython/2.7.5 Linux/3.10.0-957.1.3.el7.x86_64\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"4316a00c-7ac8-4b34-8b74-cf73e2a91b70\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T12:00:02.3651318Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506035999999999_553a1004-ff2f-4d39-9baf-cdb764aa6a1e\",\r\n \"name\": \"2518506035999999999_553a1004-ff2f-4d39-9baf-cdb764aa6a1e\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-04T11:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 8)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"553a1004-ff2f-4d39-9baf-cdb764aa6a1e\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T12:00:01.7153581Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506035999999999_d91570aa-65a5-46de-aee7-98b41a8027e4\",\r\n \"name\": \"2518506035999999999_d91570aa-65a5-46de-aee7-98b41a8027e4\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-04T11:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"d91570aa-65a5-46de-aee7-98b41a8027e4\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"176.32.33.80,103.212.90.36\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T12:00:02.3651318Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506071999999999_129ec79b-c7a6-4082-91af-c6733ce46447\",\r\n \"name\": \"2518506071999999999_129ec79b-c7a6-4082-91af-c6733ce46447\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-04T10:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"129ec79b-c7a6-4082-91af-c6733ce46447\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"51.83.15.87\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T11:00:48.0270644Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506071999999999_784f1ab8-ec53-4216-a522-52669e63bcde\",\r\n \"name\": \"2518506071999999999_784f1ab8-ec53-4216-a522-52669e63bcde\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-04T10:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"784f1ab8-ec53-4216-a522-52669e63bcde\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"45.115.6.194\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T11:00:48.4809846Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506179999999999_a4b834f3-2e4b-406c-bc49-1dc4339732e6\",\r\n \"name\": \"2518506179999999999_a4b834f3-2e4b-406c-bc49-1dc4339732e6\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-04T07:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 8)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"a4b834f3-2e4b-406c-bc49-1dc4339732e6\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T08:00:01.2466784Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506179999999999_e2dfaff2-872b-479b-8ead-f3473da44a88\",\r\n \"name\": \"2518506179999999999_e2dfaff2-872b-479b-8ead-f3473da44a88\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-04T07:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"e2dfaff2-872b-479b-8ead-f3473da44a88\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"179.110.123.218,176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T08:00:02.116777Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506179999999999_e67879f8-55f1-49a0-bfde-d8d076fae90e\",\r\n \"name\": \"2518506179999999999_e67879f8-55f1-49a0-bfde-d8d076fae90e\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-04T07:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with scripting/generic HTTP client Matched Data: python-requests found within REQUEST_HEADERS:User-Agent: python-requests/2.6.0 CPython/2.7.5 Linux/3.10.0-957.1.3.el7.x86_64\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"e67879f8-55f1-49a0-bfde-d8d076fae90e\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T08:00:02.116777Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506215999999999_137fc371-1c41-4da3-9f32-61dbf0c876b3\",\r\n \"name\": \"2518506215999999999_137fc371-1c41-4da3-9f32-61dbf0c876b3\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-04T06:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"137fc371-1c41-4da3-9f32-61dbf0c876b3\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"186.226.218.121,191.37.250.231\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T07:00:47.1096409Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506215999999999_d1922f41-45da-4c89-b3f0-ae2ee97ca464\",\r\n \"name\": \"2518506215999999999_d1922f41-45da-4c89-b3f0-ae2ee97ca464\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-04T06:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"d1922f41-45da-4c89-b3f0-ae2ee97ca464\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"109.73.182.157\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T07:00:46.5853915Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506251999999999_8ad58304-6c26-4379-89fc-b89fcfa1e747\",\r\n \"name\": \"2518506251999999999_8ad58304-6c26-4379-89fc-b89fcfa1e747\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-04T05:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"8ad58304-6c26-4379-89fc-b89fcfa1e747\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"185.123.233.160\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T06:00:33.4180269Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506287999999999_1ed08eec-64cc-4d93-9eea-ea73822c2320\",\r\n \"name\": \"2518506287999999999_1ed08eec-64cc-4d93-9eea-ea73822c2320\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-04T04:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"1ed08eec-64cc-4d93-9eea-ea73822c2320\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T05:00:20.5069656Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506287999999999_8f8d4f63-d98c-4e11-aa94-d1f3886b6afb\",\r\n \"name\": \"2518506287999999999_8f8d4f63-d98c-4e11-aa94-d1f3886b6afb\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-04T04:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with scripting/generic HTTP client Matched Data: python-requests found within REQUEST_HEADERS:User-Agent: python-requests/2.6.0 CPython/2.7.5 Linux/3.10.0-957.1.3.el7.x86_64\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"8f8d4f63-d98c-4e11-aa94-d1f3886b6afb\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T05:00:20.5069656Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506287999999999_e84d6d25-d3fd-4198-a9ea-8d1a695a8a0e\",\r\n \"name\": \"2518506287999999999_e84d6d25-d3fd-4198-a9ea-8d1a695a8a0e\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-04T04:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 8)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"e84d6d25-d3fd-4198-a9ea-8d1a695a8a0e\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T05:00:20.5069656Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506395999999999_025841f9-9581-450c-8349-b96da379d72c\",\r\n \"name\": \"2518506395999999999_025841f9-9581-450c-8349-b96da379d72c\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-04T01:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 8)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"025841f9-9581-450c-8349-b96da379d72c\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T02:00:39.9205038Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506395999999999_21099c91-d37e-4843-966e-55f53d3fe657\",\r\n \"name\": \"2518506395999999999_21099c91-d37e-4843-966e-55f53d3fe657\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-04T01:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with scripting/generic HTTP client Matched Data: python-requests found within REQUEST_HEADERS:User-Agent: python-requests/2.6.0 CPython/2.7.5 Linux/3.10.0-957.1.3.el7.x86_64\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"21099c91-d37e-4843-966e-55f53d3fe657\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T02:00:40.4337488Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506395999999999_997886ee-adcc-4233-b389-4f349a4e4f19\",\r\n \"name\": \"2518506395999999999_997886ee-adcc-4233-b389-4f349a4e4f19\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-04T01:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"997886ee-adcc-4233-b389-4f349a4e4f19\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T02:00:40.4337488Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506431999999999_3628cfac-0858-4075-873e-cb45feafc2d8\",\r\n \"name\": \"2518506431999999999_3628cfac-0858-4075-873e-cb45feafc2d8\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"METHOD-ENFORCEMENT\",\r\n \"alertName\": \"METHOD-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-04T00:00:00Z\",\r\n \"description\": \"Detail:Method is not allowed by policy PROPFIND\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"3628cfac-0858-4075-873e-cb45feafc2d8\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"123.206.22.203\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T01:00:24.1988577Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506431999999999_65048fd9-87b9-4d11-9570-f3ea77419866\",\r\n \"name\": \"2518506431999999999_65048fd9-87b9-4d11-9570-f3ea77419866\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-04T00:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"65048fd9-87b9-4d11-9570-f3ea77419866\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"108\",\r\n \"source IPs\": \"45.170.220.47,123.206.22.203,183.89.68.95\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T01:00:24.1988577Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506431999999999_a8a29940-e0bd-4742-95cc-c6d01e1afe48\",\r\n \"name\": \"2518506431999999999_a8a29940-e0bd-4742-95cc-c6d01e1afe48\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"APPLICATION-ATTACK-SQLI\",\r\n \"alertName\": \"APPLICATION-ATTACK-SQLI\",\r\n \"detectedTimeUtc\": \"2019-03-04T00:00:00Z\",\r\n \"description\": \"Detail:SQL Injection Attack Matched Data: md5 found within ARGS:h: die(@md5(M4rch));\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"a8a29940-e0bd-4742-95cc-c6d01e1afe48\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"16\",\r\n \"source IPs\": \"123.206.22.203\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T01:00:24.1988577Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506431999999999_b41572ea-083b-4743-ab2f-f653b504c3c3\",\r\n \"name\": \"2518506431999999999_b41572ea-083b-4743-ab2f-f653b504c3c3\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-04T00:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 5)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"b41572ea-083b-4743-ab2f-f653b504c3c3\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"41\",\r\n \"source IPs\": \"123.206.22.203\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T01:00:24.1988577Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506431999999999_b463a506-46aa-4a9d-8468-40e2ed74fae2\",\r\n \"name\": \"2518506431999999999_b463a506-46aa-4a9d-8468-40e2ed74fae2\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"APPLICATION-ATTACK-SQLI\",\r\n \"alertName\": \"APPLICATION-ATTACK-SQLI\",\r\n \"detectedTimeUtc\": \"2019-03-04T00:00:00Z\",\r\n \"description\": \"Detail:SQL Injection Attack Matched Data: md5 found within ARGS:h: die(@md5(M4rch));\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"b463a506-46aa-4a9d-8468-40e2ed74fae2\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"24\",\r\n \"source IPs\": \"123.206.22.203\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T01:00:23.6287102Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506431999999999_da18a55d-358d-499b-97e2-d4a9169d6d79\",\r\n \"name\": \"2518506431999999999_da18a55d-358d-499b-97e2-d4a9169d6d79\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-04T00:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 12)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"da18a55d-358d-499b-97e2-d4a9169d6d79\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"43\",\r\n \"source IPs\": \"123.206.22.203\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T01:00:24.1988577Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506431999999999_e188c598-6c5a-4b88-b062-53a84c8e5866\",\r\n \"name\": \"2518506431999999999_e188c598-6c5a-4b88-b062-53a84c8e5866\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-04T00:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"e188c598-6c5a-4b88-b062-53a84c8e5866\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"98\",\r\n \"source IPs\": \"123.206.22.203\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T01:00:24.1988577Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506431999999999_f3759b4d-98d9-4133-820f-c53404075381\",\r\n \"name\": \"2518506431999999999_f3759b4d-98d9-4133-820f-c53404075381\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"APPLICATION-ATTACK-LFI\",\r\n \"alertName\": \"APPLICATION-ATTACK-LFI\",\r\n \"detectedTimeUtc\": \"2019-03-04T00:00:00Z\",\r\n \"description\": \"Detail:Restricted File Access Attempt Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"f3759b4d-98d9-4133-820f-c53404075381\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"123.206.22.203\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T01:00:24.1988577Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506467999999999_e16ffb83-a733-495b-b767-56079cca194b\",\r\n \"name\": \"2518506467999999999_e16ffb83-a733-495b-b767-56079cca194b\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T23:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"e16ffb83-a733-495b-b767-56079cca194b\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"37.57.97.61\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T00:00:05.2118352Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506539999999999_96264969-2f25-4495-8e4a-26d705da8fa9\",\r\n \"name\": \"2518506539999999999_96264969-2f25-4495-8e4a-26d705da8fa9\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-03T21:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with scripting/generic HTTP client Matched Data: python-requests found within REQUEST_HEADERS:User-Agent: python-requests/2.6.0 CPython/2.7.5 Linux/3.10.0-957.1.3.el7.x86_64\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"96264969-2f25-4495-8e4a-26d705da8fa9\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T22:00:34.1747263Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506539999999999_dd92cb6e-f129-4405-9e18-11fa5c1252c2\",\r\n \"name\": \"2518506539999999999_dd92cb6e-f129-4405-9e18-11fa5c1252c2\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T21:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 8)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"dd92cb6e-f129-4405-9e18-11fa5c1252c2\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T22:00:33.6975993Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506539999999999_ecdf89d6-b2a2-4d32-9e16-f7cd67984891\",\r\n \"name\": \"2518506539999999999_ecdf89d6-b2a2-4d32-9e16-f7cd67984891\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T21:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"ecdf89d6-b2a2-4d32-9e16-f7cd67984891\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"41.50.83.103,176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T22:00:34.1747263Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506575999999999_5aee1028-31b6-4d35-93cc-569793a2d3a2\",\r\n \"name\": \"2518506575999999999_5aee1028-31b6-4d35-93cc-569793a2d3a2\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T20:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"5aee1028-31b6-4d35-93cc-569793a2d3a2\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"181.166.19.204\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T21:00:19.3291561Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506611999999999_3c7cfa09-e213-4490-ba8d-a11b72b6d000\",\r\n \"name\": \"2518506611999999999_3c7cfa09-e213-4490-ba8d-a11b72b6d000\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T19:00:00Z\",\r\n \"description\": \"Detail:Request Missing a Host Header\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"3c7cfa09-e213-4490-ba8d-a11b72b6d000\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"178.73.215.171\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T20:00:05.4039046Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506611999999999_af8a5586-7eae-4aba-bb14-5a0d9f18bb97\",\r\n \"name\": \"2518506611999999999_af8a5586-7eae-4aba-bb14-5a0d9f18bb97\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T19:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"af8a5586-7eae-4aba-bb14-5a0d9f18bb97\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"39.96.43.158,200.207.20.30\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T20:00:05.4039046Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506611999999999_ea4eb36f-4b5c-4b3d-a52e-b06a0a8634ac\",\r\n \"name\": \"2518506611999999999_ea4eb36f-4b5c-4b3d-a52e-b06a0a8634ac\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T19:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 5)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"ea4eb36f-4b5c-4b3d-a52e-b06a0a8634ac\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"178.73.215.171\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T20:00:04.9007841Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506647999999999_2049cf22-f78e-45c4-8c8d-620175ea9b67\",\r\n \"name\": \"2518506647999999999_2049cf22-f78e-45c4-8c8d-620175ea9b67\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"APPLICATION-ATTACK-SQLI\",\r\n \"alertName\": \"APPLICATION-ATTACK-SQLI\",\r\n \"detectedTimeUtc\": \"2019-03-03T18:00:00Z\",\r\n \"description\": \"Detail:SQL Injection Attack: SQL Tautology Detected. Matched Data: methodName>system found within ARGS_NAMES: system.listMethods : system.listMethods \",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"2049cf22-f78e-45c4-8c8d-620175ea9b67\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"52.183.58.122\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T19:00:51.2707099Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506647999999999_5dd2d179-737e-47de-a37d-c6b6731c149a\",\r\n \"name\": \"2518506647999999999_5dd2d179-737e-47de-a37d-c6b6731c149a\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-03T18:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with security scanner Matched Data: nmap scripting engine found within REQUEST_HEADERS:User-Agent: Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"5dd2d179-737e-47de-a37d-c6b6731c149a\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"16\",\r\n \"source IPs\": \"52.183.58.122\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T19:00:51.2707099Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506647999999999_7bc4f2d4-49d2-4e83-801e-18e5f7288546\",\r\n \"name\": \"2518506647999999999_7bc4f2d4-49d2-4e83-801e-18e5f7288546\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T18:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 5)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"7bc4f2d4-49d2-4e83-801e-18e5f7288546\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"17\",\r\n \"source IPs\": \"52.183.58.122\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T19:00:51.2707099Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506647999999999_7db374f1-b737-40f9-9801-427d6ded6631\",\r\n \"name\": \"2518506647999999999_7db374f1-b737-40f9-9801-427d6ded6631\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T18:00:00Z\",\r\n \"description\": \"Detail:Request Missing a Host Header\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"7db374f1-b737-40f9-9801-427d6ded6631\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"29\",\r\n \"source IPs\": \"52.183.58.122\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T19:00:51.2707099Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506647999999999_7fdd74ca-ecdc-47c7-8ede-237604683d32\",\r\n \"name\": \"2518506647999999999_7fdd74ca-ecdc-47c7-8ede-237604683d32\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T18:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 10)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"7fdd74ca-ecdc-47c7-8ede-237604683d32\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"18\",\r\n \"source IPs\": \"52.183.58.122\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T19:00:51.2707099Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506647999999999_8a49395c-6a4a-44c1-ada6-5d9e25ad2cb4\",\r\n \"name\": \"2518506647999999999_8a49395c-6a4a-44c1-ada6-5d9e25ad2cb4\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-03T18:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with security scanner Matched Data: nmap scripting engine found within REQUEST_HEADERS:User-Agent: Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"8a49395c-6a4a-44c1-ada6-5d9e25ad2cb4\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"16\",\r\n \"source IPs\": \"52.183.58.122\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T19:00:51.2707099Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506647999999999_9aa674cd-3d5a-44d0-ae78-26bb404bb9cd\",\r\n \"name\": \"2518506647999999999_9aa674cd-3d5a-44d0-ae78-26bb404bb9cd\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"APPLICATION-ATTACK-LFI\",\r\n \"alertName\": \"APPLICATION-ATTACK-LFI\",\r\n \"detectedTimeUtc\": \"2019-03-03T18:00:00Z\",\r\n \"description\": \"Detail:Restricted File Access Attempt Matched Data: /.git/ found within REQUEST_FILENAME: /.git/HEAD\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"9aa674cd-3d5a-44d0-ae78-26bb404bb9cd\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"52.183.58.122\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T19:00:50.6994998Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506647999999999_a1d6f3b7-f990-4f60-aa51-f9dedb286a93\",\r\n \"name\": \"2518506647999999999_a1d6f3b7-f990-4f60-aa51-f9dedb286a93\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"METHOD-ENFORCEMENT\",\r\n \"alertName\": \"METHOD-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T18:00:00Z\",\r\n \"description\": \"Detail:Method is not allowed by policy PROPFIND\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"a1d6f3b7-f990-4f60-aa51-f9dedb286a93\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"4\",\r\n \"source IPs\": \"52.183.58.122\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T19:00:51.2707099Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506647999999999_e88f0966-faba-4c11-806c-1dd3d0f02349\",\r\n \"name\": \"2518506647999999999_e88f0966-faba-4c11-806c-1dd3d0f02349\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T18:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"e88f0966-faba-4c11-806c-1dd3d0f02349\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"30\",\r\n \"source IPs\": \"52.183.58.122\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T19:00:51.2707099Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506683999999999_3ffd1f5a-8a43-42dd-950f-94a708c4eccf\",\r\n \"name\": \"2518506683999999999_3ffd1f5a-8a43-42dd-950f-94a708c4eccf\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-03T17:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with scripting/generic HTTP client Matched Data: Python-urllib found within REQUEST_HEADERS:User-Agent: Python-urllib/2.7\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"3ffd1f5a-8a43-42dd-950f-94a708c4eccf\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"5.189.188.237\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T18:00:33.544093Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506683999999999_45daf153-e9c2-4943-aa00-60a4d57dfe57\",\r\n \"name\": \"2518506683999999999_45daf153-e9c2-4943-aa00-60a4d57dfe57\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T17:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 5)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"45daf153-e9c2-4943-aa00-60a4d57dfe57\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"185\",\r\n \"source IPs\": \"153.37.197.94\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T18:00:34.0159991Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506683999999999_5f021722-537d-490c-bdfd-ac6fc510da5c\",\r\n \"name\": \"2518506683999999999_5f021722-537d-490c-bdfd-ac6fc510da5c\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T17:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"5f021722-537d-490c-bdfd-ac6fc510da5c\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"241\",\r\n \"source IPs\": \"153.37.197.94\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T18:00:34.0159991Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506683999999999_6a5df300-a1b4-4403-a419-eb6688efdf7b\",\r\n \"name\": \"2518506683999999999_6a5df300-a1b4-4403-a419-eb6688efdf7b\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"APPLICATION-ATTACK-SQLI\",\r\n \"alertName\": \"APPLICATION-ATTACK-SQLI\",\r\n \"detectedTimeUtc\": \"2019-03-03T17:00:00Z\",\r\n \"description\": \"Detail:SQL Injection Attack Matched Data: md5 found within ARGS:h: die(@md5(M4rch));\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"6a5df300-a1b4-4403-a419-eb6688efdf7b\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"258\",\r\n \"source IPs\": \"153.37.197.94\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T18:00:34.0159991Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506683999999999_874c6ebd-1e67-4774-a5ce-0d731c1c27db\",\r\n \"name\": \"2518506683999999999_874c6ebd-1e67-4774-a5ce-0d731c1c27db\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T17:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 12)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"874c6ebd-1e67-4774-a5ce-0d731c1c27db\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"187\",\r\n \"source IPs\": \"153.37.197.94,5.189.188.237\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T18:00:34.0159991Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506683999999999_96f96063-0f51-4b5a-8548-a58f55a126bb\",\r\n \"name\": \"2518506683999999999_96f96063-0f51-4b5a-8548-a58f55a126bb\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"APPLICATION-ATTACK-LFI\",\r\n \"alertName\": \"APPLICATION-ATTACK-LFI\",\r\n \"detectedTimeUtc\": \"2019-03-03T17:00:00Z\",\r\n \"description\": \"Detail:Restricted File Access Attempt Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"96f96063-0f51-4b5a-8548-a58f55a126bb\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"153.37.197.94\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T18:00:34.0159991Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506683999999999_a1fd9cb6-278c-4fa8-8378-b88d15b68e37\",\r\n \"name\": \"2518506683999999999_a1fd9cb6-278c-4fa8-8378-b88d15b68e37\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"APPLICATION-ATTACK-SQLI\",\r\n \"alertName\": \"APPLICATION-ATTACK-SQLI\",\r\n \"detectedTimeUtc\": \"2019-03-03T17:00:00Z\",\r\n \"description\": \"Detail:SQL Injection Attack Matched Data: md5 found within ARGS:h: die(@md5(M4rch));\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"a1fd9cb6-278c-4fa8-8378-b88d15b68e37\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"242\",\r\n \"source IPs\": \"153.37.197.94\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T18:00:34.0159991Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506683999999999_e4985ba6-3474-4f25-8d0e-0d29bb6b38c9\",\r\n \"name\": \"2518506683999999999_e4985ba6-3474-4f25-8d0e-0d29bb6b38c9\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T17:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"e4985ba6-3474-4f25-8d0e-0d29bb6b38c9\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"254\",\r\n \"source IPs\": \"143.255.242.186,153.37.197.94,5.189.188.237\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T18:00:34.0159991Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506683999999999_e6988005-220a-4136-82fd-14ef12b4ddf1\",\r\n \"name\": \"2518506683999999999_e6988005-220a-4136-82fd-14ef12b4ddf1\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"METHOD-ENFORCEMENT\",\r\n \"alertName\": \"METHOD-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T17:00:00Z\",\r\n \"description\": \"Detail:Method is not allowed by policy PROPFIND\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"e6988005-220a-4136-82fd-14ef12b4ddf1\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"153.37.197.94\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T18:00:34.0159991Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506719999999999_13a28970-6f30-4c49-8db1-bbeb8c53f358\",\r\n \"name\": \"2518506719999999999_13a28970-6f30-4c49-8db1-bbeb8c53f358\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-03T16:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with scripting/generic HTTP client Matched Data: python-requests found within REQUEST_HEADERS:User-Agent: python-requests/2.6.0 CPython/2.7.5 Linux/3.10.0-957.1.3.el7.x86_64\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"13a28970-6f30-4c49-8db1-bbeb8c53f358\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T17:00:20.7167821Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506719999999999_3dd7d880-0612-484b-9352-47cbe5e955c0\",\r\n \"name\": \"2518506719999999999_3dd7d880-0612-484b-9352-47cbe5e955c0\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T16:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"3dd7d880-0612-484b-9352-47cbe5e955c0\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"4\",\r\n \"source IPs\": \"151.14.49.82,106.12.205.48,176.32.33.80,27.112.69.69\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T17:00:20.7167821Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506719999999999_45ad41ef-a52a-4383-b5a0-cf77d0f52769\",\r\n \"name\": \"2518506719999999999_45ad41ef-a52a-4383-b5a0-cf77d0f52769\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T16:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 8)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"45ad41ef-a52a-4383-b5a0-cf77d0f52769\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T17:00:20.7167821Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506755999999999_08c7bb21-5ce6-4a29-8559-e0f681637727\",\r\n \"name\": \"2518506755999999999_08c7bb21-5ce6-4a29-8559-e0f681637727\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T15:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"08c7bb21-5ce6-4a29-8559-e0f681637727\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"112.109.90.7\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T16:00:13.9856128Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506791999999999_a4f72ed5-04a4-4396-a55f-6c1e53f5de88\",\r\n \"name\": \"2518506791999999999_a4f72ed5-04a4-4396-a55f-6c1e53f5de88\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T14:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"a4f72ed5-04a4-4396-a55f-6c1e53f5de88\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"191.19.156.211\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T15:00:53.1284306Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506791999999999_d7624e51-e813-4e82-9d24-b0c7d1ee54a2\",\r\n \"name\": \"2518506791999999999_d7624e51-e813-4e82-9d24-b0c7d1ee54a2\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T14:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"d7624e51-e813-4e82-9d24-b0c7d1ee54a2\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"191.19.156.211\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T15:00:53.5907512Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506827999999999_5d48c911-b79f-4a9c-adf7-b1f7b542e139\",\r\n \"name\": \"2518506827999999999_5d48c911-b79f-4a9c-adf7-b1f7b542e139\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T13:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"5d48c911-b79f-4a9c-adf7-b1f7b542e139\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"47.44.40.236\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T14:00:40.9369659Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506827999999999_6705b59f-aa53-4b22-a799-0ec168f16554\",\r\n \"name\": \"2518506827999999999_6705b59f-aa53-4b22-a799-0ec168f16554\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T13:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 5)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"6705b59f-aa53-4b22-a799-0ec168f16554\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"86.101.76.223\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T14:00:41.4313385Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506827999999999_8ef4d78a-8e10-42c2-809c-b06a1dbac6ff\",\r\n \"name\": \"2518506827999999999_8ef4d78a-8e10-42c2-809c-b06a1dbac6ff\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T13:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"8ef4d78a-8e10-42c2-809c-b06a1dbac6ff\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"3\",\r\n \"source IPs\": \"86.101.76.223,37.112.145.247\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T14:00:41.4313385Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506863999999999_0a57514d-bfbb-40de-945f-edab4061fa9f\",\r\n \"name\": \"2518506863999999999_0a57514d-bfbb-40de-945f-edab4061fa9f\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-03T12:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with scripting/generic HTTP client Matched Data: python-requests found within REQUEST_HEADERS:User-Agent: python-requests/2.6.0 CPython/2.7.5 Linux/3.10.0-957.1.3.el7.x86_64\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"0a57514d-bfbb-40de-945f-edab4061fa9f\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T13:00:27.4966084Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506863999999999_2aec0c06-933a-4981-bd34-59809b81bdcf\",\r\n \"name\": \"2518506863999999999_2aec0c06-933a-4981-bd34-59809b81bdcf\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T12:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"2aec0c06-933a-4981-bd34-59809b81bdcf\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"3\",\r\n \"source IPs\": \"139.162.106.181,176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T13:00:27.9629747Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506863999999999_3906c573-8bb4-47b5-922d-3a93dacb999a\",\r\n \"name\": \"2518506863999999999_3906c573-8bb4-47b5-922d-3a93dacb999a\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T12:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 5)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"3906c573-8bb4-47b5-922d-3a93dacb999a\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"139.162.106.181,176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T13:00:27.9629747Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506863999999999_ccc614e5-38e9-4794-a4a7-b084779313b2\",\r\n \"name\": \"2518506863999999999_ccc614e5-38e9-4794-a4a7-b084779313b2\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T12:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"ccc614e5-38e9-4794-a4a7-b084779313b2\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"189.79.106.13,175.106.10.226\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T13:00:27.9629747Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506899999999999_0628b610-6b29-45ec-a08c-2561f6201681\",\r\n \"name\": \"2518506899999999999_0628b610-6b29-45ec-a08c-2561f6201681\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T11:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"0628b610-6b29-45ec-a08c-2561f6201681\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"4\",\r\n \"source IPs\": \"170.233.47.249,149.71.160.254,125.64.94.200\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T12:00:05.3305889Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506899999999999_7008ba75-4cc8-4291-93bc-ea17eba8f37c\",\r\n \"name\": \"2518506899999999999_7008ba75-4cc8-4291-93bc-ea17eba8f37c\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T11:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 5)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"7008ba75-4cc8-4291-93bc-ea17eba8f37c\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"125.64.94.200\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T12:00:04.8798965Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506935999999999_6f663a4f-982b-4818-8ef1-f87730e40dcc\",\r\n \"name\": \"2518506935999999999_6f663a4f-982b-4818-8ef1-f87730e40dcc\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T10:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"6f663a4f-982b-4818-8ef1-f87730e40dcc\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"177.190.65.151\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T11:00:50.1566901Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506971999999999_205da57b-4636-44f8-894e-3a78c60e78be\",\r\n \"name\": \"2518506971999999999_205da57b-4636-44f8-894e-3a78c60e78be\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-03T09:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with security scanner Matched Data: zmeu found within REQUEST_HEADERS:User-Agent: ZmEu\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"205da57b-4636-44f8-894e-3a78c60e78be\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"5\",\r\n \"source IPs\": \"202.111.175.134\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T10:00:37.6036112Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506971999999999_36d74c57-219a-48dd-9d85-8edf5dad9605\",\r\n \"name\": \"2518506971999999999_36d74c57-219a-48dd-9d85-8edf5dad9605\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T09:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 8)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"36d74c57-219a-48dd-9d85-8edf5dad9605\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"3\",\r\n \"source IPs\": \"176.32.33.80,202.111.175.134\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T10:00:37.6036112Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506971999999999_51794aa7-6274-4156-b321-a8404ec2c8a1\",\r\n \"name\": \"2518506971999999999_51794aa7-6274-4156-b321-a8404ec2c8a1\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T09:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 13)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"51794aa7-6274-4156-b321-a8404ec2c8a1\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"4\",\r\n \"source IPs\": \"202.111.175.134\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T10:00:36.6754928Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506971999999999_8fd280c9-d229-4ab0-b7c2-a1e6ed13d475\",\r\n \"name\": \"2518506971999999999_8fd280c9-d229-4ab0-b7c2-a1e6ed13d475\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T09:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"8fd280c9-d229-4ab0-b7c2-a1e6ed13d475\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"4\",\r\n \"source IPs\": \"202.111.175.134\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T10:00:37.6036112Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506971999999999_c5f9f5ef-e626-494f-af62-296e9a3aae90\",\r\n \"name\": \"2518506971999999999_c5f9f5ef-e626-494f-af62-296e9a3aae90\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T09:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"c5f9f5ef-e626-494f-af62-296e9a3aae90\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"3\",\r\n \"source IPs\": \"176.32.33.80,202.111.175.134\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T10:00:37.6036112Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506971999999999_f2c8d1c4-1673-484b-a6dd-83ba0f631030\",\r\n \"name\": \"2518506971999999999_f2c8d1c4-1673-484b-a6dd-83ba0f631030\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-03T09:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with scripting/generic HTTP client Matched Data: python-requests found within REQUEST_HEADERS:User-Agent: python-requests/2.6.0 CPython/2.7.5 Linux/3.10.0-957.1.3.el7.x86_64\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"f2c8d1c4-1673-484b-a6dd-83ba0f631030\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"3\",\r\n \"source IPs\": \"176.32.33.80,202.111.175.134\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T10:00:37.6036112Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507007999999999_d08f4e21-7e7a-4f55-8d05-c262b6ea7296\",\r\n \"name\": \"2518507007999999999_d08f4e21-7e7a-4f55-8d05-c262b6ea7296\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T08:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"d08f4e21-7e7a-4f55-8d05-c262b6ea7296\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"200.170.107.213\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T09:00:23.6177593Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507043999999999_4113b94b-e345-435c-9860-319263f7dd62\",\r\n \"name\": \"2518507043999999999_4113b94b-e345-435c-9860-319263f7dd62\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T07:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"4113b94b-e345-435c-9860-319263f7dd62\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"3\",\r\n \"source IPs\": \"185.53.88.120,177.95.121.11\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T08:00:08.812839Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507043999999999_61e42d8a-87ae-4aad-909c-c68cf39040d4\",\r\n \"name\": \"2518507043999999999_61e42d8a-87ae-4aad-909c-c68cf39040d4\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T07:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 5)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"61e42d8a-87ae-4aad-909c-c68cf39040d4\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"185.53.88.120\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T08:00:08.812839Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507043999999999_61fd9c97-c980-48c2-b39a-defed87af2a2\",\r\n \"name\": \"2518507043999999999_61fd9c97-c980-48c2-b39a-defed87af2a2\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T07:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"61fd9c97-c980-48c2-b39a-defed87af2a2\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"189.211.124.220\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T08:00:08.812839Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507079999999999_1b89d7cb-b586-4a38-ad61-75bbaebf2170\",\r\n \"name\": \"2518507079999999999_1b89d7cb-b586-4a38-ad61-75bbaebf2170\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-03T06:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with security scanner Matched Data: masscan found within REQUEST_HEADERS:User-Agent: masscan/1.0 (https://github.com/robertdavidgraham/masscan)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"1b89d7cb-b586-4a38-ad61-75bbaebf2170\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"185.165.169.28\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T07:00:54.0188006Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507079999999999_c2c1230a-f1d5-4fe1-9aa3-0a77e7299186\",\r\n \"name\": \"2518507079999999999_c2c1230a-f1d5-4fe1-9aa3-0a77e7299186\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T06:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 8)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"c2c1230a-f1d5-4fe1-9aa3-0a77e7299186\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"185.165.169.28\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T07:00:53.5777047Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507079999999999_eac52c76-659b-498e-91f5-525511b48ded\",\r\n \"name\": \"2518507079999999999_eac52c76-659b-498e-91f5-525511b48ded\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T06:00:00Z\",\r\n \"description\": \"Detail:Request Missing a Host Header\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"eac52c76-659b-498e-91f5-525511b48ded\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"185.165.169.28\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T07:00:54.0188006Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507115999999999_3f4c572d-c6c7-440c-84e7-7a3f4cd866af\",\r\n \"name\": \"2518507115999999999_3f4c572d-c6c7-440c-84e7-7a3f4cd866af\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T05:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"3f4c572d-c6c7-440c-84e7-7a3f4cd866af\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"191.19.210.54\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T06:00:38.331985Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507115999999999_537e6f2f-d393-4cdf-a530-3255b9cc34c9\",\r\n \"name\": \"2518507115999999999_537e6f2f-d393-4cdf-a530-3255b9cc34c9\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T05:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 8)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"537e6f2f-d393-4cdf-a530-3255b9cc34c9\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"176.32.33.80,106.75.63.218\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T06:00:38.8618086Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507115999999999_b291073d-47ad-4563-b5be-d3cc4955e3db\",\r\n \"name\": \"2518507115999999999_b291073d-47ad-4563-b5be-d3cc4955e3db\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-03T05:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with scripting/generic HTTP client Matched Data: python-requests found within REQUEST_HEADERS:User-Agent: python-requests/2.6.0 CPython/2.7.5 Linux/3.10.0-957.1.3.el7.x86_64\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"b291073d-47ad-4563-b5be-d3cc4955e3db\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T06:00:38.8618086Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507115999999999_c9b1c4e8-589e-4c7e-945f-ef107e422d0e\",\r\n \"name\": \"2518507115999999999_c9b1c4e8-589e-4c7e-945f-ef107e422d0e\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T05:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"c9b1c4e8-589e-4c7e-945f-ef107e422d0e\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"3\",\r\n \"source IPs\": \"176.32.33.80,106.75.63.218\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T06:00:38.8618086Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507151999999999_395b050b-039c-42ac-84eb-93d3e7faea3e\",\r\n \"name\": \"2518507151999999999_395b050b-039c-42ac-84eb-93d3e7faea3e\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T04:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"395b050b-039c-42ac-84eb-93d3e7faea3e\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"82.227.32.4\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T05:00:24.7267003Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507151999999999_6db5bd58-9d70-42c8-b0c1-723f6cd5b8e7\",\r\n \"name\": \"2518507151999999999_6db5bd58-9d70-42c8-b0c1-723f6cd5b8e7\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T04:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 5)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"6db5bd58-9d70-42c8-b0c1-723f6cd5b8e7\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"82.227.32.4\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T05:00:24.2392146Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507223999999999_ee9ccd4a-9ffe-4674-93a3-8dce991f38ab\",\r\n \"name\": \"2518507223999999999_ee9ccd4a-9ffe-4674-93a3-8dce991f38ab\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T02:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"ee9ccd4a-9ffe-4674-93a3-8dce991f38ab\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"3\",\r\n \"source IPs\": \"46.201.249.7,91.192.33.145,95.133.40.164\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T03:00:56.5825657Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507295999999999_4fe4d5bf-6672-490d-b840-051c7f68b697\",\r\n \"name\": \"2518507295999999999_4fe4d5bf-6672-490d-b840-051c7f68b697\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T00:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 5)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"4fe4d5bf-6672-490d-b840-051c7f68b697\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"61.62.156.174\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T01:00:28.5948373Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507295999999999_863f36fb-20ad-45d2-9063-2a07be7f4d5f\",\r\n \"name\": \"2518507295999999999_863f36fb-20ad-45d2-9063-2a07be7f4d5f\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T00:00:00Z\",\r\n \"description\": \"Detail:Request Missing a Host Header\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"863f36fb-20ad-45d2-9063-2a07be7f4d5f\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"61.62.156.174\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T01:00:29.0871558Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507331999999999_3462bbf4-9200-4fdc-871c-01f2eb234c84\",\r\n \"name\": \"2518507331999999999_3462bbf4-9200-4fdc-871c-01f2eb234c84\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-02T23:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"3462bbf4-9200-4fdc-871c-01f2eb234c84\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"3\",\r\n \"source IPs\": \"179.110.96.144,95.85.11.140,185.219.135.195\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T00:00:16.354891Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507331999999999_99ba6c6b-501a-41df-a80a-d3c5fddff4e1\",\r\n \"name\": \"2518507331999999999_99ba6c6b-501a-41df-a80a-d3c5fddff4e1\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-02T23:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"99ba6c6b-501a-41df-a80a-d3c5fddff4e1\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"185.219.135.195\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T00:00:15.8819814Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507403999999999_7f0e0ee0-50f0-4f6d-87f6-3a386629e3ee\",\r\n \"name\": \"2518507403999999999_7f0e0ee0-50f0-4f6d-87f6-3a386629e3ee\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-02T21:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"7f0e0ee0-50f0-4f6d-87f6-3a386629e3ee\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"1.245.46.34,200.207.141.250\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-02T22:00:38.1461713Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507403999999999_b8d1e867-333f-4776-bfb1-23dc9d0f3883\",\r\n \"name\": \"2518507403999999999_b8d1e867-333f-4776-bfb1-23dc9d0f3883\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-02T21:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"b8d1e867-333f-4776-bfb1-23dc9d0f3883\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"42.51.32.9,200.207.141.250\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-02T22:00:38.6594318Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507439999999999_1b54ab81-5ca3-4ea0-a706-38112361afaa\",\r\n \"name\": \"2518507439999999999_1b54ab81-5ca3-4ea0-a706-38112361afaa\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-02T20:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with security scanner Matched Data: nmap scripting engine found within REQUEST_HEADERS:User-Agent: Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"bc09060f-3280-4734-a595-310679b63b8f.cloudapp.net\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"1b54ab81-5ca3-4ea0-a706-38112361afaa\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"16\",\r\n \"source IPs\": \"52.183.32.182\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-02T21:00:26.0576367Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507439999999999_3e947bdc-233d-4de1-8031-2038a4d74620\",\r\n \"name\": \"2518507439999999999_3e947bdc-233d-4de1-8031-2038a4d74620\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-02T20:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with security scanner Matched Data: nmap scripting engine found within REQUEST_HEADERS:User-Agent: Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"bc09060f-3280-4734-a595-310679b63b8f.cloudapp.net\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"3e947bdc-233d-4de1-8031-2038a4d74620\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"17\",\r\n \"source IPs\": \"52.183.32.182\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-02T21:00:26.0576367Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n }\r\n ],\r\n \"nextLink\": \"https://management.azure.com/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/providers/Microsoft.Security/alerts?api-version=2019-01-01&%24skiptoken=TY%2fLbqMwAEX%2fhcXsCDYBEkeqRmpqmKQFUmMbys482jjhNdhpIFX%2ffTLSLEa6u3N1ru6X0dWTfpHdWRmbLyPFCcWMxAdsbIyj1oPaWFYrOvFRt3WnF%2bJ2GetF2bcbx1la6lKocpSDln2nLGe9Kgpn7ZqFWwDTWcHaRCWoTAhWcOVB%2b33tIWsY%2b09Z1aOyQlmOverf9SKpy8so9WyJph61%2bikGaX7eK3frgw0gMgG854c6y4H257p7qOd9nGdHwAJ%2froIGiBRdEpu7u1MvwwSDeOvHJChvaQr3IUaYZyQXTT5QFl5D7HqknUIeTL8pq0iFIXulUcSDcKacPBcM4ZQy%2bbL9t9Gi5X%2fuZST9SDTcoYDwCrgey4YDDxSkkIwRQ0zc%2bIGfPmaaDWfxl9N9%2fHrze9pUzwJPjLUwFo0PUk6U4MNT%2bPQYccxA2pB9yNAv1uqI%2b0zv5FXSljuVT45v7dTQ1td5svOKjqtie5X8%2fj23OaABOr1lZChsR8anR2R8f%2f8B\"\r\n}",
+ "ResponseBody": "{\r\n \"value\": [\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Security/locations/westeurope/alerts/2518136982923187680_ef6aa4e6-9c60-4405-8f08-f465e8e50cd2\",\r\n \"name\": \"2518136982923187680_ef6aa4e6-9c60-4405-8f08-f465e8e50cd2\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft\",\r\n \"alertDisplayName\": \"Azure Security Center test alert (not a threat)\",\r\n \"alertName\": \"VM_EICAR\",\r\n \"detectedTimeUtc\": \"2020-05-04T14:28:27.6812319Z\",\r\n \"description\": \"This is a test alert generated by Azure Security Center. No further action is needed.\",\r\n \"remediationSteps\": \"No further action is needed.\",\r\n \"actionTaken\": \"Undefined\",\r\n \"reportedSeverity\": \"High\",\r\n \"compromisedEntity\": \"ALERTSTEST\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"ef6aa4e6-9c60-4405-8f08-f465e8e50cd2\",\r\n \"extendedProperties\": {\r\n \"compromised Host\": \"ALERTSTEST\",\r\n \"user Name\": \"WORKGROUP\\\\alertsTest$\",\r\n \"account Session Id\": \"0x3e7\",\r\n \"suspicious Process\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe\",\r\n \"suspicious Command Line\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"parent Process\": \"c:\\\\windows\\\\system32\\\\svchost.exe\",\r\n \"suspicious Process Id\": \"0x688\",\r\n \"arguments Auditing Enabled\": \"true\",\r\n \"enrichment_tas_threat__reports\": \"{\\\"Kind\\\":\\\"MultiLink\\\",\\\"DisplayValueToUrlDictionary\\\":{\\\"Report: EICAR File\\\":\\\"https://interflowwebportalext.trafficmanager.net/reports/DisplayReport?callerIdentity=ddd5443d-e6f4-441c-b52b-5278d2f21dfa&reportCreateDateTime=2020-05-04T09%3a13%3a05&reportName=MSTI-TS-EICAR-File.pdf&tenantId=387eb67f-0039-43ad-81b9-b66c6c0b1951&urlCreateDateTime=2020-05-04T09%3a13%3a05&token=aRLLv1q8UI%20eVn54OVy%20WbqcH7H9dSGDUOuWywymCrQ=\\\"}}\",\r\n \"resourceType\": \"Virtual Machine\"\r\n },\r\n \"state\": \"Dismissed\",\r\n \"reportedTimeUtc\": \"2020-05-04T14:29:05.5983077Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/mainws/providers/microsoft.operationalinsights/workspaces/securityuserws\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": [\r\n {\r\n \"$id\": \"westeurope_1\",\r\n \"dnsDomain\": \"\",\r\n \"ntDomain\": \"\",\r\n \"hostName\": \"ALERTSTEST\",\r\n \"netBiosName\": \"ALERTSTEST\",\r\n \"azureID\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"omsAgentID\": \"6bc4f1df-17e1-40f0-8227-f1635aea54dd\",\r\n \"osFamily\": \"Windows\",\r\n \"osVersion\": \"Windows\",\r\n \"isDomainJoined\": false,\r\n \"type\": \"host\"\r\n },\r\n {\r\n \"$id\": \"westeurope_2\",\r\n \"directory\": \"c:\\\\windows\\\\system32\",\r\n \"name\": \"svchost.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_3\",\r\n \"processId\": \"0x6ec\",\r\n \"commandLine\": \"\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_2\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_1\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_4\",\r\n \"name\": \"alertsTest$\",\r\n \"ntDomain\": \"WORKGROUP\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_1\"\r\n },\r\n \"sid\": \"S-1-5-18\",\r\n \"isDomainJoined\": true,\r\n \"type\": \"account\",\r\n \"LogonId\": \"0x3e7\"\r\n },\r\n {\r\n \"$id\": \"westeurope_5\",\r\n \"directory\": \"c:\\\\scripts\",\r\n \"name\": \"asc_alerttest_662jfi039n.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_6\",\r\n \"processId\": \"0x688\",\r\n \"commandLine\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"elevationToken\": \"Default\",\r\n \"creationTimeUtc\": \"2020-05-04T14:28:27.6812319Z\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_5\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_4\"\r\n },\r\n \"parentProcess\": {\r\n \"$ref\": \"westeurope_3\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_1\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_7\",\r\n \"sessionId\": \"0x3e7\",\r\n \"startTimeUtc\": \"2020-05-04T14:28:27.6812319Z\",\r\n \"endTimeUtc\": \"2020-05-04T14:28:27.6812319Z\",\r\n \"type\": \"host-logon-session\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_1\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_4\"\r\n }\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Security/locations/westeurope/alerts/2518137000923212703_d25bac04-7492-4ece-9d75-7a377d74d833\",\r\n \"name\": \"2518137000923212703_d25bac04-7492-4ece-9d75-7a377d74d833\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft\",\r\n \"alertDisplayName\": \"Azure Security Center test alert (not a threat)\",\r\n \"alertName\": \"VM_EICAR\",\r\n \"detectedTimeUtc\": \"2020-05-04T13:58:27.6787296Z\",\r\n \"description\": \"This is a test alert generated by Azure Security Center. No further action is needed.\",\r\n \"remediationSteps\": \"No further action is needed.\",\r\n \"actionTaken\": \"Undefined\",\r\n \"reportedSeverity\": \"High\",\r\n \"compromisedEntity\": \"ALERTSTEST\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"d25bac04-7492-4ece-9d75-7a377d74d833\",\r\n \"extendedProperties\": {\r\n \"compromised Host\": \"ALERTSTEST\",\r\n \"user Name\": \"WORKGROUP\\\\alertsTest$\",\r\n \"account Session Id\": \"0x3e7\",\r\n \"suspicious Process\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe\",\r\n \"suspicious Command Line\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"parent Process\": \"c:\\\\windows\\\\system32\\\\svchost.exe\",\r\n \"suspicious Process Id\": \"0x1c7c\",\r\n \"arguments Auditing Enabled\": \"true\",\r\n \"enrichment_tas_threat__reports\": \"{\\\"Kind\\\":\\\"MultiLink\\\",\\\"DisplayValueToUrlDictionary\\\":{\\\"Report: EICAR File\\\":\\\"https://interflowwebportalext.trafficmanager.net/reports/DisplayReport?callerIdentity=ddd5443d-e6f4-441c-b52b-5278d2f21dfa&reportCreateDateTime=2020-05-04T09%3a13%3a05&reportName=MSTI-TS-EICAR-File.pdf&tenantId=387eb67f-0039-43ad-81b9-b66c6c0b1951&urlCreateDateTime=2020-05-04T09%3a13%3a05&token=aRLLv1q8UI%20eVn54OVy%20WbqcH7H9dSGDUOuWywymCrQ=\\\"}}\",\r\n \"resourceType\": \"Virtual Machine\"\r\n },\r\n \"state\": \"Dismissed\",\r\n \"reportedTimeUtc\": \"2020-05-04T13:58:34.2198556Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/mainws/providers/microsoft.operationalinsights/workspaces/securityuserws\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": [\r\n {\r\n \"$id\": \"westeurope_8\",\r\n \"dnsDomain\": \"\",\r\n \"ntDomain\": \"\",\r\n \"hostName\": \"ALERTSTEST\",\r\n \"netBiosName\": \"ALERTSTEST\",\r\n \"azureID\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"omsAgentID\": \"6bc4f1df-17e1-40f0-8227-f1635aea54dd\",\r\n \"osFamily\": \"Windows\",\r\n \"osVersion\": \"Windows\",\r\n \"isDomainJoined\": false,\r\n \"type\": \"host\"\r\n },\r\n {\r\n \"$id\": \"westeurope_9\",\r\n \"directory\": \"c:\\\\windows\\\\system32\",\r\n \"name\": \"svchost.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_10\",\r\n \"processId\": \"0x6ec\",\r\n \"commandLine\": \"\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_9\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_8\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_11\",\r\n \"name\": \"alertsTest$\",\r\n \"ntDomain\": \"WORKGROUP\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_8\"\r\n },\r\n \"sid\": \"S-1-5-18\",\r\n \"isDomainJoined\": true,\r\n \"type\": \"account\",\r\n \"LogonId\": \"0x3e7\"\r\n },\r\n {\r\n \"$id\": \"westeurope_12\",\r\n \"directory\": \"c:\\\\scripts\",\r\n \"name\": \"asc_alerttest_662jfi039n.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_13\",\r\n \"processId\": \"0x1c7c\",\r\n \"commandLine\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"elevationToken\": \"Default\",\r\n \"creationTimeUtc\": \"2020-05-04T13:58:27.6787296Z\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_12\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_11\"\r\n },\r\n \"parentProcess\": {\r\n \"$ref\": \"westeurope_10\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_8\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_14\",\r\n \"sessionId\": \"0x3e7\",\r\n \"startTimeUtc\": \"2020-05-04T13:58:27.6787296Z\",\r\n \"endTimeUtc\": \"2020-05-04T13:58:27.6787296Z\",\r\n \"type\": \"host-logon-session\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_8\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_11\"\r\n }\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Security/locations/westeurope/alerts/2518137018913138372_93d99441-2eff-436e-ab25-0307b3484bb4\",\r\n \"name\": \"2518137018913138372_93d99441-2eff-436e-ab25-0307b3484bb4\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft\",\r\n \"alertDisplayName\": \"Azure Security Center test alert (not a threat)\",\r\n \"alertName\": \"VM_EICAR\",\r\n \"detectedTimeUtc\": \"2020-05-04T13:28:28.6861627Z\",\r\n \"description\": \"This is a test alert generated by Azure Security Center. No further action is needed.\",\r\n \"remediationSteps\": \"No further action is needed.\",\r\n \"actionTaken\": \"Undefined\",\r\n \"reportedSeverity\": \"High\",\r\n \"compromisedEntity\": \"ALERTSTEST\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"93d99441-2eff-436e-ab25-0307b3484bb4\",\r\n \"extendedProperties\": {\r\n \"compromised Host\": \"ALERTSTEST\",\r\n \"user Name\": \"WORKGROUP\\\\alertsTest$\",\r\n \"account Session Id\": \"0x3e7\",\r\n \"suspicious Process\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe\",\r\n \"suspicious Command Line\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"parent Process\": \"c:\\\\windows\\\\system32\\\\svchost.exe\",\r\n \"suspicious Process Id\": \"0x122c\",\r\n \"arguments Auditing Enabled\": \"true\",\r\n \"enrichment_tas_threat__reports\": \"{\\\"Kind\\\":\\\"MultiLink\\\",\\\"DisplayValueToUrlDictionary\\\":{\\\"Report: EICAR File\\\":\\\"https://interflowwebportalext.trafficmanager.net/reports/DisplayReport?callerIdentity=ddd5443d-e6f4-441c-b52b-5278d2f21dfa&reportCreateDateTime=2020-05-04T08%3a32%3a57&reportName=MSTI-TS-EICAR-File.pdf&tenantId=1c68e967-70a6-4cda-a34b-6d281cffe06e&urlCreateDateTime=2020-05-04T08%3a32%3a57&token=s7wyF62JLdEde8/SccnrGqIJxUOajFUpTETdhi3lCyY=\\\"}}\",\r\n \"resourceType\": \"Virtual Machine\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2020-05-04T13:28:59.9528247Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/mainws/providers/microsoft.operationalinsights/workspaces/securityuserws\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": [\r\n {\r\n \"$id\": \"westeurope_15\",\r\n \"dnsDomain\": \"\",\r\n \"ntDomain\": \"\",\r\n \"hostName\": \"ALERTSTEST\",\r\n \"netBiosName\": \"ALERTSTEST\",\r\n \"azureID\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"omsAgentID\": \"6bc4f1df-17e1-40f0-8227-f1635aea54dd\",\r\n \"osFamily\": \"Windows\",\r\n \"osVersion\": \"Windows\",\r\n \"isDomainJoined\": false,\r\n \"type\": \"host\"\r\n },\r\n {\r\n \"$id\": \"westeurope_16\",\r\n \"directory\": \"c:\\\\windows\\\\system32\",\r\n \"name\": \"svchost.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_17\",\r\n \"processId\": \"0x6ec\",\r\n \"commandLine\": \"\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_16\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_15\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_18\",\r\n \"name\": \"alertsTest$\",\r\n \"ntDomain\": \"WORKGROUP\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_15\"\r\n },\r\n \"sid\": \"S-1-5-18\",\r\n \"isDomainJoined\": true,\r\n \"type\": \"account\",\r\n \"LogonId\": \"0x3e7\"\r\n },\r\n {\r\n \"$id\": \"westeurope_19\",\r\n \"directory\": \"c:\\\\scripts\",\r\n \"name\": \"asc_alerttest_662jfi039n.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_20\",\r\n \"processId\": \"0x122c\",\r\n \"commandLine\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"elevationToken\": \"Default\",\r\n \"creationTimeUtc\": \"2020-05-04T13:28:28.6861627Z\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_19\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_18\"\r\n },\r\n \"parentProcess\": {\r\n \"$ref\": \"westeurope_17\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_15\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_21\",\r\n \"sessionId\": \"0x3e7\",\r\n \"startTimeUtc\": \"2020-05-04T13:28:28.6861627Z\",\r\n \"endTimeUtc\": \"2020-05-04T13:28:28.6861627Z\",\r\n \"type\": \"host-logon-session\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_15\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_18\"\r\n }\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Security/locations/westeurope/alerts/2518137035665338254_a345cb85-18aa-4d14-9293-e4d2ba15cb9d\",\r\n \"name\": \"2518137035665338254_a345cb85-18aa-4d14-9293-e4d2ba15cb9d\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft\",\r\n \"alertDisplayName\": \"Azure Security Center test alert (not a threat)\",\r\n \"alertName\": \"VM_EICAR\",\r\n \"detectedTimeUtc\": \"2020-05-04T13:00:33.4661745Z\",\r\n \"description\": \"This is a test alert generated by Azure Security Center. No further action is needed.\",\r\n \"remediationSteps\": \"No further action is needed.\",\r\n \"actionTaken\": \"Undefined\",\r\n \"reportedSeverity\": \"High\",\r\n \"compromisedEntity\": \"ALERTSTEST\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"a345cb85-18aa-4d14-9293-e4d2ba15cb9d\",\r\n \"extendedProperties\": {\r\n \"compromised Host\": \"ALERTSTEST\",\r\n \"user Name\": \"WORKGROUP\\\\alertsTest$\",\r\n \"account Session Id\": \"0x3e7\",\r\n \"suspicious Process\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe\",\r\n \"suspicious Command Line\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"parent Process\": \"c:\\\\windows\\\\system32\\\\svchost.exe\",\r\n \"suspicious Process Id\": \"0xe38\",\r\n \"arguments Auditing Enabled\": \"true\",\r\n \"enrichment_tas_threat__reports\": \"{\\\"Kind\\\":\\\"MultiLink\\\",\\\"DisplayValueToUrlDictionary\\\":{\\\"Report: EICAR File\\\":\\\"https://interflowwebportalext.trafficmanager.net/reports/DisplayReport?callerIdentity=ddd5443d-e6f4-441c-b52b-5278d2f21dfa&reportCreateDateTime=2020-05-04T09%3a13%3a05&reportName=MSTI-TS-EICAR-File.pdf&tenantId=387eb67f-0039-43ad-81b9-b66c6c0b1951&urlCreateDateTime=2020-05-04T09%3a13%3a05&token=aRLLv1q8UI%20eVn54OVy%20WbqcH7H9dSGDUOuWywymCrQ=\\\"}}\",\r\n \"resourceType\": \"Virtual Machine\"\r\n },\r\n \"state\": \"Dismissed\",\r\n \"reportedTimeUtc\": \"2020-05-04T13:00:37.889087Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/mainws/providers/microsoft.operationalinsights/workspaces/securityuserws\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": [\r\n {\r\n \"$id\": \"westeurope_22\",\r\n \"dnsDomain\": \"\",\r\n \"ntDomain\": \"\",\r\n \"hostName\": \"ALERTSTEST\",\r\n \"netBiosName\": \"ALERTSTEST\",\r\n \"azureID\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"omsAgentID\": \"6bc4f1df-17e1-40f0-8227-f1635aea54dd\",\r\n \"osFamily\": \"Windows\",\r\n \"osVersion\": \"Windows\",\r\n \"isDomainJoined\": false,\r\n \"type\": \"host\"\r\n },\r\n {\r\n \"$id\": \"westeurope_23\",\r\n \"directory\": \"c:\\\\windows\\\\system32\",\r\n \"name\": \"svchost.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_24\",\r\n \"processId\": \"0x6ec\",\r\n \"commandLine\": \"\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_23\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_22\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_25\",\r\n \"name\": \"alertsTest$\",\r\n \"ntDomain\": \"WORKGROUP\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_22\"\r\n },\r\n \"sid\": \"S-1-5-18\",\r\n \"isDomainJoined\": true,\r\n \"type\": \"account\",\r\n \"LogonId\": \"0x3e7\"\r\n },\r\n {\r\n \"$id\": \"westeurope_26\",\r\n \"directory\": \"c:\\\\scripts\",\r\n \"name\": \"asc_alerttest_662jfi039n.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_27\",\r\n \"processId\": \"0xe38\",\r\n \"commandLine\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"elevationToken\": \"Default\",\r\n \"creationTimeUtc\": \"2020-05-04T13:00:33.4661745Z\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_26\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_25\"\r\n },\r\n \"parentProcess\": {\r\n \"$ref\": \"westeurope_24\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_22\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_28\",\r\n \"sessionId\": \"0x3e7\",\r\n \"startTimeUtc\": \"2020-05-04T13:00:33.4661745Z\",\r\n \"endTimeUtc\": \"2020-05-04T13:00:33.4661745Z\",\r\n \"type\": \"host-logon-session\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_22\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_25\"\r\n }\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Security/locations/westeurope/alerts/2518137036458453383_d763b77f-129c-4e95-af39-5c4b4c411b5b\",\r\n \"name\": \"2518137036458453383_d763b77f-129c-4e95-af39-5c4b4c411b5b\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft\",\r\n \"alertDisplayName\": \"Azure Security Center test alert (not a threat)\",\r\n \"alertName\": \"VM_EICAR\",\r\n \"detectedTimeUtc\": \"2020-05-04T12:59:14.1546616Z\",\r\n \"description\": \"This is a test alert generated by Azure Security Center. No further action is needed.\",\r\n \"remediationSteps\": \"No further action is needed.\",\r\n \"actionTaken\": \"Undefined\",\r\n \"reportedSeverity\": \"High\",\r\n \"compromisedEntity\": \"ALERTSTEST\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"d763b77f-129c-4e95-af39-5c4b4c411b5b\",\r\n \"extendedProperties\": {\r\n \"compromised Host\": \"ALERTSTEST\",\r\n \"user Name\": \"WORKGROUP\\\\alertsTest$\",\r\n \"account Session Id\": \"0x3e7\",\r\n \"suspicious Process\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe\",\r\n \"suspicious Command Line\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"parent Process\": \"c:\\\\windows\\\\system32\\\\svchost.exe\",\r\n \"suspicious Process Id\": \"0xe7c\",\r\n \"arguments Auditing Enabled\": \"true\",\r\n \"enrichment_tas_threat__reports\": \"{\\\"Kind\\\":\\\"MultiLink\\\",\\\"DisplayValueToUrlDictionary\\\":{\\\"Report: EICAR File\\\":\\\"https://interflowwebportalext.trafficmanager.net/reports/DisplayReport?callerIdentity=ddd5443d-e6f4-441c-b52b-5278d2f21dfa&reportCreateDateTime=2020-05-04T08%3a32%3a57&reportName=MSTI-TS-EICAR-File.pdf&tenantId=1c68e967-70a6-4cda-a34b-6d281cffe06e&urlCreateDateTime=2020-05-04T08%3a32%3a57&token=s7wyF62JLdEde8/SccnrGqIJxUOajFUpTETdhi3lCyY=\\\"}}\",\r\n \"resourceType\": \"Virtual Machine\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2020-05-04T12:59:35.6273663Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/mainws/providers/microsoft.operationalinsights/workspaces/securityuserws\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": [\r\n {\r\n \"$id\": \"westeurope_29\",\r\n \"dnsDomain\": \"\",\r\n \"ntDomain\": \"\",\r\n \"hostName\": \"ALERTSTEST\",\r\n \"netBiosName\": \"ALERTSTEST\",\r\n \"azureID\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"omsAgentID\": \"6bc4f1df-17e1-40f0-8227-f1635aea54dd\",\r\n \"osFamily\": \"Windows\",\r\n \"osVersion\": \"Windows\",\r\n \"isDomainJoined\": false,\r\n \"type\": \"host\"\r\n },\r\n {\r\n \"$id\": \"westeurope_30\",\r\n \"directory\": \"c:\\\\windows\\\\system32\",\r\n \"name\": \"svchost.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_31\",\r\n \"processId\": \"0x6ec\",\r\n \"commandLine\": \"\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_30\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_29\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_32\",\r\n \"name\": \"alertsTest$\",\r\n \"ntDomain\": \"WORKGROUP\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_29\"\r\n },\r\n \"sid\": \"S-1-5-18\",\r\n \"isDomainJoined\": true,\r\n \"type\": \"account\",\r\n \"LogonId\": \"0x3e7\"\r\n },\r\n {\r\n \"$id\": \"westeurope_33\",\r\n \"directory\": \"c:\\\\scripts\",\r\n \"name\": \"asc_alerttest_662jfi039n.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_34\",\r\n \"processId\": \"0xe7c\",\r\n \"commandLine\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"elevationToken\": \"Default\",\r\n \"creationTimeUtc\": \"2020-05-04T12:59:14.1546616Z\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_33\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_32\"\r\n },\r\n \"parentProcess\": {\r\n \"$ref\": \"westeurope_31\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_29\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_35\",\r\n \"sessionId\": \"0x3e7\",\r\n \"startTimeUtc\": \"2020-05-04T12:59:14.1546616Z\",\r\n \"endTimeUtc\": \"2020-05-04T12:59:14.1546616Z\",\r\n \"type\": \"host-logon-session\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_29\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_32\"\r\n }\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Security/locations/westeurope/alerts/2518137036914144805_a3d0999b-cdfc-41d9-9d28-ee1335f03081\",\r\n \"name\": \"2518137036914144805_a3d0999b-cdfc-41d9-9d28-ee1335f03081\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft\",\r\n \"alertDisplayName\": \"Azure Security Center test alert (not a threat)\",\r\n \"alertName\": \"VM_EICAR\",\r\n \"detectedTimeUtc\": \"2020-05-04T12:58:28.5855194Z\",\r\n \"description\": \"This is a test alert generated by Azure Security Center. No further action is needed.\",\r\n \"remediationSteps\": \"No further action is needed.\",\r\n \"actionTaken\": \"Undefined\",\r\n \"reportedSeverity\": \"High\",\r\n \"compromisedEntity\": \"ALERTSTEST\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"a3d0999b-cdfc-41d9-9d28-ee1335f03081\",\r\n \"extendedProperties\": {\r\n \"compromised Host\": \"ALERTSTEST\",\r\n \"user Name\": \"WORKGROUP\\\\alertsTest$\",\r\n \"account Session Id\": \"0x3e7\",\r\n \"suspicious Process\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe\",\r\n \"suspicious Command Line\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"parent Process\": \"c:\\\\windows\\\\system32\\\\svchost.exe\",\r\n \"suspicious Process Id\": \"0xfac\",\r\n \"arguments Auditing Enabled\": \"true\",\r\n \"enrichment_tas_threat__reports\": \"{\\\"Kind\\\":\\\"MultiLink\\\",\\\"DisplayValueToUrlDictionary\\\":{\\\"Report: EICAR File\\\":\\\"https://interflowwebportalext.trafficmanager.net/reports/DisplayReport?callerIdentity=ddd5443d-e6f4-441c-b52b-5278d2f21dfa&reportCreateDateTime=2020-05-04T09%3a23%3a00&reportName=MSTI-TS-EICAR-File.pdf&tenantId=b11492db-77a6-4ec0-9ff7-17b6ba420e1e&urlCreateDateTime=2020-05-04T09%3a23%3a00&token=XhSuWhrbEKAk2sXS1TcK0SVTLOehFDirzLCUSUoWPL4=\\\"}}\",\r\n \"resourceType\": \"Virtual Machine\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2020-05-04T12:58:46.4927078Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/mainws/providers/microsoft.operationalinsights/workspaces/securityuserws\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": [\r\n {\r\n \"$id\": \"westeurope_36\",\r\n \"dnsDomain\": \"\",\r\n \"ntDomain\": \"\",\r\n \"hostName\": \"ALERTSTEST\",\r\n \"netBiosName\": \"ALERTSTEST\",\r\n \"azureID\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"omsAgentID\": \"6bc4f1df-17e1-40f0-8227-f1635aea54dd\",\r\n \"osFamily\": \"Windows\",\r\n \"osVersion\": \"Windows\",\r\n \"isDomainJoined\": false,\r\n \"type\": \"host\"\r\n },\r\n {\r\n \"$id\": \"westeurope_37\",\r\n \"directory\": \"c:\\\\windows\\\\system32\",\r\n \"name\": \"svchost.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_38\",\r\n \"processId\": \"0x6ec\",\r\n \"commandLine\": \"\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_37\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_36\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_39\",\r\n \"name\": \"alertsTest$\",\r\n \"ntDomain\": \"WORKGROUP\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_36\"\r\n },\r\n \"sid\": \"S-1-5-18\",\r\n \"isDomainJoined\": true,\r\n \"type\": \"account\",\r\n \"LogonId\": \"0x3e7\"\r\n },\r\n {\r\n \"$id\": \"westeurope_40\",\r\n \"directory\": \"c:\\\\scripts\",\r\n \"name\": \"asc_alerttest_662jfi039n.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_41\",\r\n \"processId\": \"0xfac\",\r\n \"commandLine\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"elevationToken\": \"Default\",\r\n \"creationTimeUtc\": \"2020-05-04T12:58:28.5855194Z\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_40\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_39\"\r\n },\r\n \"parentProcess\": {\r\n \"$ref\": \"westeurope_38\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_36\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_42\",\r\n \"sessionId\": \"0x3e7\",\r\n \"startTimeUtc\": \"2020-05-04T12:58:28.5855194Z\",\r\n \"endTimeUtc\": \"2020-05-04T12:58:28.5855194Z\",\r\n \"type\": \"host-logon-session\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_36\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_39\"\r\n }\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Security/locations/westeurope/alerts/2518137037321194617_adafe5f0-ade9-47b4-86f3-3155038827f6\",\r\n \"name\": \"2518137037321194617_adafe5f0-ade9-47b4-86f3-3155038827f6\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft\",\r\n \"alertDisplayName\": \"Azure Security Center test alert (not a threat)\",\r\n \"alertName\": \"VM_EICAR\",\r\n \"detectedTimeUtc\": \"2020-05-04T12:57:47.8805382Z\",\r\n \"description\": \"This is a test alert generated by Azure Security Center. No further action is needed.\",\r\n \"remediationSteps\": \"No further action is needed.\",\r\n \"actionTaken\": \"Undefined\",\r\n \"reportedSeverity\": \"High\",\r\n \"compromisedEntity\": \"ALERTSTEST\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"adafe5f0-ade9-47b4-86f3-3155038827f6\",\r\n \"extendedProperties\": {\r\n \"compromised Host\": \"ALERTSTEST\",\r\n \"user Name\": \"WORKGROUP\\\\alertsTest$\",\r\n \"account Session Id\": \"0x3e7\",\r\n \"suspicious Process\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe\",\r\n \"suspicious Command Line\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"parent Process\": \"c:\\\\windows\\\\system32\\\\svchost.exe\",\r\n \"suspicious Process Id\": \"0x1d50\",\r\n \"arguments Auditing Enabled\": \"true\",\r\n \"enrichment_tas_threat__reports\": \"{\\\"Kind\\\":\\\"MultiLink\\\",\\\"DisplayValueToUrlDictionary\\\":{\\\"Report: EICAR File\\\":\\\"https://interflowwebportalext.trafficmanager.net/reports/DisplayReport?callerIdentity=ddd5443d-e6f4-441c-b52b-5278d2f21dfa&reportCreateDateTime=2020-05-04T08%3a32%3a57&reportName=MSTI-TS-EICAR-File.pdf&tenantId=1c68e967-70a6-4cda-a34b-6d281cffe06e&urlCreateDateTime=2020-05-04T08%3a32%3a57&token=s7wyF62JLdEde8/SccnrGqIJxUOajFUpTETdhi3lCyY=\\\"}}\",\r\n \"resourceType\": \"Virtual Machine\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2020-05-04T12:57:53.7990186Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/mainws/providers/microsoft.operationalinsights/workspaces/securityuserws\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": [\r\n {\r\n \"$id\": \"westeurope_43\",\r\n \"dnsDomain\": \"\",\r\n \"ntDomain\": \"\",\r\n \"hostName\": \"ALERTSTEST\",\r\n \"netBiosName\": \"ALERTSTEST\",\r\n \"azureID\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"omsAgentID\": \"6bc4f1df-17e1-40f0-8227-f1635aea54dd\",\r\n \"osFamily\": \"Windows\",\r\n \"osVersion\": \"Windows\",\r\n \"isDomainJoined\": false,\r\n \"type\": \"host\"\r\n },\r\n {\r\n \"$id\": \"westeurope_44\",\r\n \"directory\": \"c:\\\\windows\\\\system32\",\r\n \"name\": \"svchost.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_45\",\r\n \"processId\": \"0x6ec\",\r\n \"commandLine\": \"\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_44\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_43\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_46\",\r\n \"name\": \"alertsTest$\",\r\n \"ntDomain\": \"WORKGROUP\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_43\"\r\n },\r\n \"sid\": \"S-1-5-18\",\r\n \"isDomainJoined\": true,\r\n \"type\": \"account\",\r\n \"LogonId\": \"0x3e7\"\r\n },\r\n {\r\n \"$id\": \"westeurope_47\",\r\n \"directory\": \"c:\\\\scripts\",\r\n \"name\": \"asc_alerttest_662jfi039n.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_48\",\r\n \"processId\": \"0x1d50\",\r\n \"commandLine\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"elevationToken\": \"Default\",\r\n \"creationTimeUtc\": \"2020-05-04T12:57:47.8805382Z\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_47\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_46\"\r\n },\r\n \"parentProcess\": {\r\n \"$ref\": \"westeurope_45\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_43\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_49\",\r\n \"sessionId\": \"0x3e7\",\r\n \"startTimeUtc\": \"2020-05-04T12:57:47.8805382Z\",\r\n \"endTimeUtc\": \"2020-05-04T12:57:47.8805382Z\",\r\n \"type\": \"host-logon-session\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_43\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_46\"\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n}",
"StatusCode": 200
},
{
- "RequestUri": "/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/rg/providers/Microsoft.Security/alerts?api-version=2019-01-01",
- "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvNDg3YmI0ODUtYjViMC00NzFlLTljMGQtMTA3MTc2MTJmODY5L3Jlc291cmNlR3JvdXBzL3JnL3Byb3ZpZGVycy9NaWNyb3NvZnQuU2VjdXJpdHkvYWxlcnRzP2FwaS12ZXJzaW9uPTIwMTktMDEtMDE=",
+ "RequestUri": "/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Security/alerts?api-version=2019-01-01",
+ "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvNDg3YmI0ODUtYjViMC00NzFlLTljMGQtMTA3MTc2MTJmODY5L3Jlc291cmNlR3JvdXBzL3Rha2xlaS9wcm92aWRlcnMvTWljcm9zb2Z0LlNlY3VyaXR5L2FsZXJ0cz9hcGktdmVyc2lvbj0yMDE5LTAxLTAx",
"RequestMethod": "GET",
"RequestBody": "",
"RequestHeaders": {
"x-ms-client-request-id": [
- "712436c7-7a3d-4809-bcbf-c29f883c1887"
+ "292487df-4170-472a-a394-3c8af78b34ca"
],
"accept-language": [
"en-US"
@@ -79,8 +79,8 @@
"User-Agent": [
"FxVersion/4.6.26614.01",
"OSName/Windows",
- "OSVersion/Microsoft.Windows.10.0.17763.",
- "Microsoft.Azure.Management.Security.SecurityCenterClient/0.11.0.0"
+ "OSVersion/Microsoft.Windows.10.0.18363.",
+ "Microsoft.Azure.Management.Security.SecurityCenterClient/1.1.3.0"
]
},
"ResponseHeaders": {
@@ -88,26 +88,26 @@
"no-cache"
],
"Date": [
- "Mon, 04 Mar 2019 16:02:04 GMT"
+ "Mon, 04 May 2020 14:43:06 GMT"
],
"Pragma": [
"no-cache"
],
"x-ms-original-request-ids": [
- "1753e176-95e4-4e1c-95a2-024a49764619",
- "6f49b1a3-3a9c-4690-b564-1b535243d06f"
+ "a58a8c81-16b6-450e-943e-c58191c6b39a",
+ "6093d76a-6621-4d79-bd68-3c66a7e4e8d2"
],
"x-ms-ratelimit-remaining-subscription-resource-requests": [
- "747"
+ "748"
],
"x-ms-request-id": [
- "0d782b9e-b719-4c6a-8c8d-7153d21297df"
+ "13eefae7-ad14-4fe6-8aaa-fdc27fc3428c"
],
"x-ms-correlation-request-id": [
- "0d782b9e-b719-4c6a-8c8d-7153d21297df"
+ "13eefae7-ad14-4fe6-8aaa-fdc27fc3428c"
],
"x-ms-routing-request-id": [
- "UKWEST:20190304T160204Z:0d782b9e-b719-4c6a-8c8d-7153d21297df"
+ "GERMANYWESTCENTRAL:20200504T144306Z:13eefae7-ad14-4fe6-8aaa-fdc27fc3428c"
],
"Strict-Transport-Security": [
"max-age=31536000; includeSubDomains"
@@ -116,7 +116,7 @@
"nosniff"
],
"Content-Length": [
- "2684"
+ "25641"
],
"Content-Type": [
"application/json; charset=utf-8"
@@ -125,12 +125,10 @@
"-1"
]
},
- "ResponseBody": "{\r\n \"value\": [\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/rg/providers/Microsoft.Security/locations/centralus/alerts/2518532788749999999_66276b36-db2a-4b2c-84ad-9676fe753a01\",\r\n \"name\": \"2518532788749999999_66276b36-db2a-4b2c-84ad-9676fe753a01\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft\",\r\n \"alertDisplayName\": \"Web fingerprinting detected\",\r\n \"alertName\": \"APPS_Nmap\",\r\n \"detectedTimeUtc\": \"2019-03-03T17:40:43Z\",\r\n \"description\": \"Azure App Service activity log indicates a possible web fingerprinting activity on your App Service resource.The suspicious activity detected is associated with NMAP. Attackers often use this tool for probing the web application to find vulnerabilities.\",\r\n \"remediationSteps\": \"If only specific IP addresses should be allowed to access the web app, set IP restrictions (https://docs.microsoft.com/azure/app-service/app-service-ip-restrictions) for it.\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"High\",\r\n \"compromisedEntity\": \"sitename\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/rg/providers/Microsoft.Web/sites/sitename\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"b3d77198-6f95-40ed-9675-10001c2e93cc\",\r\n \"extendedProperties\": {\r\n \"last Event Time\": \"2/11/2019 5:40:46 PM\",\r\n \"sample URIs\": \"/sdk, /, /.git/HEAD, /favicon.ico, /evox/about, /robots.txt, /nmaplowercheck1549906843, /HNAP1\",\r\n \"sample User Agents\": \"Mozilla/5.0+(compatible;+Nmap+Scripting+Engine;+https://nmap.org/book/nse.html)\",\r\n \"sample Referer\": \"-\",\r\n \"resourceType\": \"App Service\"\r\n },\r\n \"state\": \"Dismissed\",\r\n \"reportedTimeUtc\": \"2019-03-03T20:41:03.846Z\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": [\r\n {\r\n \"$id\": \"centralus_1\",\r\n \"hostName\": \"sitename\",\r\n \"azureID\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/rg/providers/Microsoft.Web/sites/sitename\",\r\n \"type\": \"host\"\r\n }\r\n ]\r\n }\r\n }\r\n ],\r\n \"nextLink\": \"https://management.azure.com/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/rg/providers/Microsoft.Security/alerts?api-version=2019-01-01&%24skiptoken=TY%2fLbuIwAEX%2fJYvZhdgQHkaqRip1UmiTUGM7lJ2TuGDIw7Wd8qj678NIsxjp7u7VObrfXisv7lW1J%2bvNv70cbyhmJFtjb%2b4dnNN2HgSNaMVeNrJ1A3HrjRyUXTMPw1Fg%2b8KWRmmnutYG4WxaFOFs7BfjAvjhFEoflaDyIZjC6QQOP2YTFBhpu96UMjZdr21g9oE23ZeqpLFBokrT2e7DDTay7I1y10DU0jj7W2jlf90nd8%2fDEEDkA3jPL3tSmnYn2T7I6yrbbQ%2bAxdG1imsgctRvhny8PHYq2WCQLaKMxOUtz%2bEqwQjzLdmJeqcpS84JHk9Ic0l4fPmkrCIVhuyNpimPkyvl5KVgCOeUqdfFP0eDRv%2bxR6mKUlHzkALCKzCesK1e89hCColJGWLixtf8uL%2fSrT6Jvz1dZW%2b3qKN19SLwhbEGZqKOQM6JFVw%2fJU%2bPKccM5DVZJQw9s8alPGJuqc6KNjysInJ4by41bSK32ywnRcttsTgrfv%2b%2bG3JAY3R83xJdDEOVHR%2bR9%2fPzBw%3d%3d\"\r\n}",
+ "ResponseBody": "{\r\n \"value\": [\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Security/locations/westeurope/alerts/2518136982923187680_ef6aa4e6-9c60-4405-8f08-f465e8e50cd2\",\r\n \"name\": \"2518136982923187680_ef6aa4e6-9c60-4405-8f08-f465e8e50cd2\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft\",\r\n \"alertDisplayName\": \"Azure Security Center test alert (not a threat)\",\r\n \"alertName\": \"VM_EICAR\",\r\n \"detectedTimeUtc\": \"2020-05-04T14:28:27.6812319Z\",\r\n \"description\": \"This is a test alert generated by Azure Security Center. No further action is needed.\",\r\n \"remediationSteps\": \"No further action is needed.\",\r\n \"actionTaken\": \"Undefined\",\r\n \"reportedSeverity\": \"High\",\r\n \"compromisedEntity\": \"ALERTSTEST\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"ef6aa4e6-9c60-4405-8f08-f465e8e50cd2\",\r\n \"extendedProperties\": {\r\n \"compromised Host\": \"ALERTSTEST\",\r\n \"user Name\": \"WORKGROUP\\\\alertsTest$\",\r\n \"account Session Id\": \"0x3e7\",\r\n \"suspicious Process\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe\",\r\n \"suspicious Command Line\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"parent Process\": \"c:\\\\windows\\\\system32\\\\svchost.exe\",\r\n \"suspicious Process Id\": \"0x688\",\r\n \"arguments Auditing Enabled\": \"true\",\r\n \"enrichment_tas_threat__reports\": \"{\\\"Kind\\\":\\\"MultiLink\\\",\\\"DisplayValueToUrlDictionary\\\":{\\\"Report: EICAR File\\\":\\\"https://interflowwebportalext.trafficmanager.net/reports/DisplayReport?callerIdentity=ddd5443d-e6f4-441c-b52b-5278d2f21dfa&reportCreateDateTime=2020-05-04T09%3a13%3a05&reportName=MSTI-TS-EICAR-File.pdf&tenantId=387eb67f-0039-43ad-81b9-b66c6c0b1951&urlCreateDateTime=2020-05-04T09%3a13%3a05&token=aRLLv1q8UI%20eVn54OVy%20WbqcH7H9dSGDUOuWywymCrQ=\\\"}}\",\r\n \"resourceType\": \"Virtual Machine\"\r\n },\r\n \"state\": \"Dismissed\",\r\n \"reportedTimeUtc\": \"2020-05-04T14:29:05.5983077Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/mainws/providers/microsoft.operationalinsights/workspaces/securityuserws\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": [\r\n {\r\n \"$id\": \"westeurope_1\",\r\n \"dnsDomain\": \"\",\r\n \"ntDomain\": \"\",\r\n \"hostName\": \"ALERTSTEST\",\r\n \"netBiosName\": \"ALERTSTEST\",\r\n \"azureID\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"omsAgentID\": \"6bc4f1df-17e1-40f0-8227-f1635aea54dd\",\r\n \"osFamily\": \"Windows\",\r\n \"osVersion\": \"Windows\",\r\n \"isDomainJoined\": false,\r\n \"type\": \"host\"\r\n },\r\n {\r\n \"$id\": \"westeurope_2\",\r\n \"directory\": \"c:\\\\windows\\\\system32\",\r\n \"name\": \"svchost.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_3\",\r\n \"processId\": \"0x6ec\",\r\n \"commandLine\": \"\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_2\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_1\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_4\",\r\n \"name\": \"alertsTest$\",\r\n \"ntDomain\": \"WORKGROUP\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_1\"\r\n },\r\n \"sid\": \"S-1-5-18\",\r\n \"isDomainJoined\": true,\r\n \"type\": \"account\",\r\n \"LogonId\": \"0x3e7\"\r\n },\r\n {\r\n \"$id\": \"westeurope_5\",\r\n \"directory\": \"c:\\\\scripts\",\r\n \"name\": \"asc_alerttest_662jfi039n.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_6\",\r\n \"processId\": \"0x688\",\r\n \"commandLine\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"elevationToken\": \"Default\",\r\n \"creationTimeUtc\": \"2020-05-04T14:28:27.6812319Z\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_5\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_4\"\r\n },\r\n \"parentProcess\": {\r\n \"$ref\": \"westeurope_3\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_1\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_7\",\r\n \"sessionId\": \"0x3e7\",\r\n \"startTimeUtc\": \"2020-05-04T14:28:27.6812319Z\",\r\n \"endTimeUtc\": \"2020-05-04T14:28:27.6812319Z\",\r\n \"type\": \"host-logon-session\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_1\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_4\"\r\n }\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Security/locations/westeurope/alerts/2518137000923212703_d25bac04-7492-4ece-9d75-7a377d74d833\",\r\n \"name\": \"2518137000923212703_d25bac04-7492-4ece-9d75-7a377d74d833\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft\",\r\n \"alertDisplayName\": \"Azure Security Center test alert (not a threat)\",\r\n \"alertName\": \"VM_EICAR\",\r\n \"detectedTimeUtc\": \"2020-05-04T13:58:27.6787296Z\",\r\n \"description\": \"This is a test alert generated by Azure Security Center. No further action is needed.\",\r\n \"remediationSteps\": \"No further action is needed.\",\r\n \"actionTaken\": \"Undefined\",\r\n \"reportedSeverity\": \"High\",\r\n \"compromisedEntity\": \"ALERTSTEST\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"d25bac04-7492-4ece-9d75-7a377d74d833\",\r\n \"extendedProperties\": {\r\n \"compromised Host\": \"ALERTSTEST\",\r\n \"user Name\": \"WORKGROUP\\\\alertsTest$\",\r\n \"account Session Id\": \"0x3e7\",\r\n \"suspicious Process\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe\",\r\n \"suspicious Command Line\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"parent Process\": \"c:\\\\windows\\\\system32\\\\svchost.exe\",\r\n \"suspicious Process Id\": \"0x1c7c\",\r\n \"arguments Auditing Enabled\": \"true\",\r\n \"enrichment_tas_threat__reports\": \"{\\\"Kind\\\":\\\"MultiLink\\\",\\\"DisplayValueToUrlDictionary\\\":{\\\"Report: EICAR File\\\":\\\"https://interflowwebportalext.trafficmanager.net/reports/DisplayReport?callerIdentity=ddd5443d-e6f4-441c-b52b-5278d2f21dfa&reportCreateDateTime=2020-05-04T09%3a13%3a05&reportName=MSTI-TS-EICAR-File.pdf&tenantId=387eb67f-0039-43ad-81b9-b66c6c0b1951&urlCreateDateTime=2020-05-04T09%3a13%3a05&token=aRLLv1q8UI%20eVn54OVy%20WbqcH7H9dSGDUOuWywymCrQ=\\\"}}\",\r\n \"resourceType\": \"Virtual Machine\"\r\n },\r\n \"state\": \"Dismissed\",\r\n \"reportedTimeUtc\": \"2020-05-04T13:58:34.2198556Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/mainws/providers/microsoft.operationalinsights/workspaces/securityuserws\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": [\r\n {\r\n \"$id\": \"westeurope_8\",\r\n \"dnsDomain\": \"\",\r\n \"ntDomain\": \"\",\r\n \"hostName\": \"ALERTSTEST\",\r\n \"netBiosName\": \"ALERTSTEST\",\r\n \"azureID\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"omsAgentID\": \"6bc4f1df-17e1-40f0-8227-f1635aea54dd\",\r\n \"osFamily\": \"Windows\",\r\n \"osVersion\": \"Windows\",\r\n \"isDomainJoined\": false,\r\n \"type\": \"host\"\r\n },\r\n {\r\n \"$id\": \"westeurope_9\",\r\n \"directory\": \"c:\\\\windows\\\\system32\",\r\n \"name\": \"svchost.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_10\",\r\n \"processId\": \"0x6ec\",\r\n \"commandLine\": \"\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_9\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_8\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_11\",\r\n \"name\": \"alertsTest$\",\r\n \"ntDomain\": \"WORKGROUP\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_8\"\r\n },\r\n \"sid\": \"S-1-5-18\",\r\n \"isDomainJoined\": true,\r\n \"type\": \"account\",\r\n \"LogonId\": \"0x3e7\"\r\n },\r\n {\r\n \"$id\": \"westeurope_12\",\r\n \"directory\": \"c:\\\\scripts\",\r\n \"name\": \"asc_alerttest_662jfi039n.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_13\",\r\n \"processId\": \"0x1c7c\",\r\n \"commandLine\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"elevationToken\": \"Default\",\r\n \"creationTimeUtc\": \"2020-05-04T13:58:27.6787296Z\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_12\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_11\"\r\n },\r\n \"parentProcess\": {\r\n \"$ref\": \"westeurope_10\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_8\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_14\",\r\n \"sessionId\": \"0x3e7\",\r\n \"startTimeUtc\": \"2020-05-04T13:58:27.6787296Z\",\r\n \"endTimeUtc\": \"2020-05-04T13:58:27.6787296Z\",\r\n \"type\": \"host-logon-session\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_8\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_11\"\r\n }\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Security/locations/westeurope/alerts/2518137018913138372_93d99441-2eff-436e-ab25-0307b3484bb4\",\r\n \"name\": \"2518137018913138372_93d99441-2eff-436e-ab25-0307b3484bb4\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft\",\r\n \"alertDisplayName\": \"Azure Security Center test alert (not a threat)\",\r\n \"alertName\": \"VM_EICAR\",\r\n \"detectedTimeUtc\": \"2020-05-04T13:28:28.6861627Z\",\r\n \"description\": \"This is a test alert generated by Azure Security Center. No further action is needed.\",\r\n \"remediationSteps\": \"No further action is needed.\",\r\n \"actionTaken\": \"Undefined\",\r\n \"reportedSeverity\": \"High\",\r\n \"compromisedEntity\": \"ALERTSTEST\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"93d99441-2eff-436e-ab25-0307b3484bb4\",\r\n \"extendedProperties\": {\r\n \"compromised Host\": \"ALERTSTEST\",\r\n \"user Name\": \"WORKGROUP\\\\alertsTest$\",\r\n \"account Session Id\": \"0x3e7\",\r\n \"suspicious Process\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe\",\r\n \"suspicious Command Line\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"parent Process\": \"c:\\\\windows\\\\system32\\\\svchost.exe\",\r\n \"suspicious Process Id\": \"0x122c\",\r\n \"arguments Auditing Enabled\": \"true\",\r\n \"enrichment_tas_threat__reports\": \"{\\\"Kind\\\":\\\"MultiLink\\\",\\\"DisplayValueToUrlDictionary\\\":{\\\"Report: EICAR File\\\":\\\"https://interflowwebportalext.trafficmanager.net/reports/DisplayReport?callerIdentity=ddd5443d-e6f4-441c-b52b-5278d2f21dfa&reportCreateDateTime=2020-05-04T08%3a32%3a57&reportName=MSTI-TS-EICAR-File.pdf&tenantId=1c68e967-70a6-4cda-a34b-6d281cffe06e&urlCreateDateTime=2020-05-04T08%3a32%3a57&token=s7wyF62JLdEde8/SccnrGqIJxUOajFUpTETdhi3lCyY=\\\"}}\",\r\n \"resourceType\": \"Virtual Machine\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2020-05-04T13:28:59.9528247Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/mainws/providers/microsoft.operationalinsights/workspaces/securityuserws\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": [\r\n {\r\n \"$id\": \"westeurope_15\",\r\n \"dnsDomain\": \"\",\r\n \"ntDomain\": \"\",\r\n \"hostName\": \"ALERTSTEST\",\r\n \"netBiosName\": \"ALERTSTEST\",\r\n \"azureID\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"omsAgentID\": \"6bc4f1df-17e1-40f0-8227-f1635aea54dd\",\r\n \"osFamily\": \"Windows\",\r\n \"osVersion\": \"Windows\",\r\n \"isDomainJoined\": false,\r\n \"type\": \"host\"\r\n },\r\n {\r\n \"$id\": \"westeurope_16\",\r\n \"directory\": \"c:\\\\windows\\\\system32\",\r\n \"name\": \"svchost.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_17\",\r\n \"processId\": \"0x6ec\",\r\n \"commandLine\": \"\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_16\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_15\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_18\",\r\n \"name\": \"alertsTest$\",\r\n \"ntDomain\": \"WORKGROUP\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_15\"\r\n },\r\n \"sid\": \"S-1-5-18\",\r\n \"isDomainJoined\": true,\r\n \"type\": \"account\",\r\n \"LogonId\": \"0x3e7\"\r\n },\r\n {\r\n \"$id\": \"westeurope_19\",\r\n \"directory\": \"c:\\\\scripts\",\r\n \"name\": \"asc_alerttest_662jfi039n.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_20\",\r\n \"processId\": \"0x122c\",\r\n \"commandLine\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"elevationToken\": \"Default\",\r\n \"creationTimeUtc\": \"2020-05-04T13:28:28.6861627Z\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_19\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_18\"\r\n },\r\n \"parentProcess\": {\r\n \"$ref\": \"westeurope_17\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_15\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_21\",\r\n \"sessionId\": \"0x3e7\",\r\n \"startTimeUtc\": \"2020-05-04T13:28:28.6861627Z\",\r\n \"endTimeUtc\": \"2020-05-04T13:28:28.6861627Z\",\r\n \"type\": \"host-logon-session\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_15\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_18\"\r\n }\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Security/locations/westeurope/alerts/2518137035665338254_a345cb85-18aa-4d14-9293-e4d2ba15cb9d\",\r\n \"name\": \"2518137035665338254_a345cb85-18aa-4d14-9293-e4d2ba15cb9d\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft\",\r\n \"alertDisplayName\": \"Azure Security Center test alert (not a threat)\",\r\n \"alertName\": \"VM_EICAR\",\r\n \"detectedTimeUtc\": \"2020-05-04T13:00:33.4661745Z\",\r\n \"description\": \"This is a test alert generated by Azure Security Center. No further action is needed.\",\r\n \"remediationSteps\": \"No further action is needed.\",\r\n \"actionTaken\": \"Undefined\",\r\n \"reportedSeverity\": \"High\",\r\n \"compromisedEntity\": \"ALERTSTEST\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"a345cb85-18aa-4d14-9293-e4d2ba15cb9d\",\r\n \"extendedProperties\": {\r\n \"compromised Host\": \"ALERTSTEST\",\r\n \"user Name\": \"WORKGROUP\\\\alertsTest$\",\r\n \"account Session Id\": \"0x3e7\",\r\n \"suspicious Process\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe\",\r\n \"suspicious Command Line\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"parent Process\": \"c:\\\\windows\\\\system32\\\\svchost.exe\",\r\n \"suspicious Process Id\": \"0xe38\",\r\n \"arguments Auditing Enabled\": \"true\",\r\n \"enrichment_tas_threat__reports\": \"{\\\"Kind\\\":\\\"MultiLink\\\",\\\"DisplayValueToUrlDictionary\\\":{\\\"Report: EICAR File\\\":\\\"https://interflowwebportalext.trafficmanager.net/reports/DisplayReport?callerIdentity=ddd5443d-e6f4-441c-b52b-5278d2f21dfa&reportCreateDateTime=2020-05-04T09%3a13%3a05&reportName=MSTI-TS-EICAR-File.pdf&tenantId=387eb67f-0039-43ad-81b9-b66c6c0b1951&urlCreateDateTime=2020-05-04T09%3a13%3a05&token=aRLLv1q8UI%20eVn54OVy%20WbqcH7H9dSGDUOuWywymCrQ=\\\"}}\",\r\n \"resourceType\": \"Virtual Machine\"\r\n },\r\n \"state\": \"Dismissed\",\r\n \"reportedTimeUtc\": \"2020-05-04T13:00:37.889087Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/mainws/providers/microsoft.operationalinsights/workspaces/securityuserws\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": [\r\n {\r\n \"$id\": \"westeurope_22\",\r\n \"dnsDomain\": \"\",\r\n \"ntDomain\": \"\",\r\n \"hostName\": \"ALERTSTEST\",\r\n \"netBiosName\": \"ALERTSTEST\",\r\n \"azureID\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"omsAgentID\": \"6bc4f1df-17e1-40f0-8227-f1635aea54dd\",\r\n \"osFamily\": \"Windows\",\r\n \"osVersion\": \"Windows\",\r\n \"isDomainJoined\": false,\r\n \"type\": \"host\"\r\n },\r\n {\r\n \"$id\": \"westeurope_23\",\r\n \"directory\": \"c:\\\\windows\\\\system32\",\r\n \"name\": \"svchost.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_24\",\r\n \"processId\": \"0x6ec\",\r\n \"commandLine\": \"\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_23\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_22\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_25\",\r\n \"name\": \"alertsTest$\",\r\n \"ntDomain\": \"WORKGROUP\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_22\"\r\n },\r\n \"sid\": \"S-1-5-18\",\r\n \"isDomainJoined\": true,\r\n \"type\": \"account\",\r\n \"LogonId\": \"0x3e7\"\r\n },\r\n {\r\n \"$id\": \"westeurope_26\",\r\n \"directory\": \"c:\\\\scripts\",\r\n \"name\": \"asc_alerttest_662jfi039n.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_27\",\r\n \"processId\": \"0xe38\",\r\n \"commandLine\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"elevationToken\": \"Default\",\r\n \"creationTimeUtc\": \"2020-05-04T13:00:33.4661745Z\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_26\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_25\"\r\n },\r\n \"parentProcess\": {\r\n \"$ref\": \"westeurope_24\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_22\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_28\",\r\n \"sessionId\": \"0x3e7\",\r\n \"startTimeUtc\": \"2020-05-04T13:00:33.4661745Z\",\r\n \"endTimeUtc\": \"2020-05-04T13:00:33.4661745Z\",\r\n \"type\": \"host-logon-session\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_22\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_25\"\r\n }\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Security/locations/westeurope/alerts/2518137036458453383_d763b77f-129c-4e95-af39-5c4b4c411b5b\",\r\n \"name\": \"2518137036458453383_d763b77f-129c-4e95-af39-5c4b4c411b5b\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft\",\r\n \"alertDisplayName\": \"Azure Security Center test alert (not a threat)\",\r\n \"alertName\": \"VM_EICAR\",\r\n \"detectedTimeUtc\": \"2020-05-04T12:59:14.1546616Z\",\r\n \"description\": \"This is a test alert generated by Azure Security Center. No further action is needed.\",\r\n \"remediationSteps\": \"No further action is needed.\",\r\n \"actionTaken\": \"Undefined\",\r\n \"reportedSeverity\": \"High\",\r\n \"compromisedEntity\": \"ALERTSTEST\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"d763b77f-129c-4e95-af39-5c4b4c411b5b\",\r\n \"extendedProperties\": {\r\n \"compromised Host\": \"ALERTSTEST\",\r\n \"user Name\": \"WORKGROUP\\\\alertsTest$\",\r\n \"account Session Id\": \"0x3e7\",\r\n \"suspicious Process\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe\",\r\n \"suspicious Command Line\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"parent Process\": \"c:\\\\windows\\\\system32\\\\svchost.exe\",\r\n \"suspicious Process Id\": \"0xe7c\",\r\n \"arguments Auditing Enabled\": \"true\",\r\n \"enrichment_tas_threat__reports\": \"{\\\"Kind\\\":\\\"MultiLink\\\",\\\"DisplayValueToUrlDictionary\\\":{\\\"Report: EICAR File\\\":\\\"https://interflowwebportalext.trafficmanager.net/reports/DisplayReport?callerIdentity=ddd5443d-e6f4-441c-b52b-5278d2f21dfa&reportCreateDateTime=2020-05-04T08%3a32%3a57&reportName=MSTI-TS-EICAR-File.pdf&tenantId=1c68e967-70a6-4cda-a34b-6d281cffe06e&urlCreateDateTime=2020-05-04T08%3a32%3a57&token=s7wyF62JLdEde8/SccnrGqIJxUOajFUpTETdhi3lCyY=\\\"}}\",\r\n \"resourceType\": \"Virtual Machine\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2020-05-04T12:59:35.6273663Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/mainws/providers/microsoft.operationalinsights/workspaces/securityuserws\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": [\r\n {\r\n \"$id\": \"westeurope_29\",\r\n \"dnsDomain\": \"\",\r\n \"ntDomain\": \"\",\r\n \"hostName\": \"ALERTSTEST\",\r\n \"netBiosName\": \"ALERTSTEST\",\r\n \"azureID\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"omsAgentID\": \"6bc4f1df-17e1-40f0-8227-f1635aea54dd\",\r\n \"osFamily\": \"Windows\",\r\n \"osVersion\": \"Windows\",\r\n \"isDomainJoined\": false,\r\n \"type\": \"host\"\r\n },\r\n {\r\n \"$id\": \"westeurope_30\",\r\n \"directory\": \"c:\\\\windows\\\\system32\",\r\n \"name\": \"svchost.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_31\",\r\n \"processId\": \"0x6ec\",\r\n \"commandLine\": \"\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_30\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_29\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_32\",\r\n \"name\": \"alertsTest$\",\r\n \"ntDomain\": \"WORKGROUP\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_29\"\r\n },\r\n \"sid\": \"S-1-5-18\",\r\n \"isDomainJoined\": true,\r\n \"type\": \"account\",\r\n \"LogonId\": \"0x3e7\"\r\n },\r\n {\r\n \"$id\": \"westeurope_33\",\r\n \"directory\": \"c:\\\\scripts\",\r\n \"name\": \"asc_alerttest_662jfi039n.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_34\",\r\n \"processId\": \"0xe7c\",\r\n \"commandLine\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"elevationToken\": \"Default\",\r\n \"creationTimeUtc\": \"2020-05-04T12:59:14.1546616Z\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_33\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_32\"\r\n },\r\n \"parentProcess\": {\r\n \"$ref\": \"westeurope_31\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_29\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_35\",\r\n \"sessionId\": \"0x3e7\",\r\n \"startTimeUtc\": \"2020-05-04T12:59:14.1546616Z\",\r\n \"endTimeUtc\": \"2020-05-04T12:59:14.1546616Z\",\r\n \"type\": \"host-logon-session\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_29\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_32\"\r\n }\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Security/locations/westeurope/alerts/2518137036914144805_a3d0999b-cdfc-41d9-9d28-ee1335f03081\",\r\n \"name\": \"2518137036914144805_a3d0999b-cdfc-41d9-9d28-ee1335f03081\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft\",\r\n \"alertDisplayName\": \"Azure Security Center test alert (not a threat)\",\r\n \"alertName\": \"VM_EICAR\",\r\n \"detectedTimeUtc\": \"2020-05-04T12:58:28.5855194Z\",\r\n \"description\": \"This is a test alert generated by Azure Security Center. No further action is needed.\",\r\n \"remediationSteps\": \"No further action is needed.\",\r\n \"actionTaken\": \"Undefined\",\r\n \"reportedSeverity\": \"High\",\r\n \"compromisedEntity\": \"ALERTSTEST\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"a3d0999b-cdfc-41d9-9d28-ee1335f03081\",\r\n \"extendedProperties\": {\r\n \"compromised Host\": \"ALERTSTEST\",\r\n \"user Name\": \"WORKGROUP\\\\alertsTest$\",\r\n \"account Session Id\": \"0x3e7\",\r\n \"suspicious Process\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe\",\r\n \"suspicious Command Line\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"parent Process\": \"c:\\\\windows\\\\system32\\\\svchost.exe\",\r\n \"suspicious Process Id\": \"0xfac\",\r\n \"arguments Auditing Enabled\": \"true\",\r\n \"enrichment_tas_threat__reports\": \"{\\\"Kind\\\":\\\"MultiLink\\\",\\\"DisplayValueToUrlDictionary\\\":{\\\"Report: EICAR File\\\":\\\"https://interflowwebportalext.trafficmanager.net/reports/DisplayReport?callerIdentity=ddd5443d-e6f4-441c-b52b-5278d2f21dfa&reportCreateDateTime=2020-05-04T09%3a23%3a00&reportName=MSTI-TS-EICAR-File.pdf&tenantId=b11492db-77a6-4ec0-9ff7-17b6ba420e1e&urlCreateDateTime=2020-05-04T09%3a23%3a00&token=XhSuWhrbEKAk2sXS1TcK0SVTLOehFDirzLCUSUoWPL4=\\\"}}\",\r\n \"resourceType\": \"Virtual Machine\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2020-05-04T12:58:46.4927078Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/mainws/providers/microsoft.operationalinsights/workspaces/securityuserws\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": [\r\n {\r\n \"$id\": \"westeurope_36\",\r\n \"dnsDomain\": \"\",\r\n \"ntDomain\": \"\",\r\n \"hostName\": \"ALERTSTEST\",\r\n \"netBiosName\": \"ALERTSTEST\",\r\n \"azureID\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"omsAgentID\": \"6bc4f1df-17e1-40f0-8227-f1635aea54dd\",\r\n \"osFamily\": \"Windows\",\r\n \"osVersion\": \"Windows\",\r\n \"isDomainJoined\": false,\r\n \"type\": \"host\"\r\n },\r\n {\r\n \"$id\": \"westeurope_37\",\r\n \"directory\": \"c:\\\\windows\\\\system32\",\r\n \"name\": \"svchost.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_38\",\r\n \"processId\": \"0x6ec\",\r\n \"commandLine\": \"\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_37\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_36\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_39\",\r\n \"name\": \"alertsTest$\",\r\n \"ntDomain\": \"WORKGROUP\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_36\"\r\n },\r\n \"sid\": \"S-1-5-18\",\r\n \"isDomainJoined\": true,\r\n \"type\": \"account\",\r\n \"LogonId\": \"0x3e7\"\r\n },\r\n {\r\n \"$id\": \"westeurope_40\",\r\n \"directory\": \"c:\\\\scripts\",\r\n \"name\": \"asc_alerttest_662jfi039n.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_41\",\r\n \"processId\": \"0xfac\",\r\n \"commandLine\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"elevationToken\": \"Default\",\r\n \"creationTimeUtc\": \"2020-05-04T12:58:28.5855194Z\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_40\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_39\"\r\n },\r\n \"parentProcess\": {\r\n \"$ref\": \"westeurope_38\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_36\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_42\",\r\n \"sessionId\": \"0x3e7\",\r\n \"startTimeUtc\": \"2020-05-04T12:58:28.5855194Z\",\r\n \"endTimeUtc\": \"2020-05-04T12:58:28.5855194Z\",\r\n \"type\": \"host-logon-session\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_36\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_39\"\r\n }\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Security/locations/westeurope/alerts/2518137037321194617_adafe5f0-ade9-47b4-86f3-3155038827f6\",\r\n \"name\": \"2518137037321194617_adafe5f0-ade9-47b4-86f3-3155038827f6\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft\",\r\n \"alertDisplayName\": \"Azure Security Center test alert (not a threat)\",\r\n \"alertName\": \"VM_EICAR\",\r\n \"detectedTimeUtc\": \"2020-05-04T12:57:47.8805382Z\",\r\n \"description\": \"This is a test alert generated by Azure Security Center. No further action is needed.\",\r\n \"remediationSteps\": \"No further action is needed.\",\r\n \"actionTaken\": \"Undefined\",\r\n \"reportedSeverity\": \"High\",\r\n \"compromisedEntity\": \"ALERTSTEST\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"adafe5f0-ade9-47b4-86f3-3155038827f6\",\r\n \"extendedProperties\": {\r\n \"compromised Host\": \"ALERTSTEST\",\r\n \"user Name\": \"WORKGROUP\\\\alertsTest$\",\r\n \"account Session Id\": \"0x3e7\",\r\n \"suspicious Process\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe\",\r\n \"suspicious Command Line\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"parent Process\": \"c:\\\\windows\\\\system32\\\\svchost.exe\",\r\n \"suspicious Process Id\": \"0x1d50\",\r\n \"arguments Auditing Enabled\": \"true\",\r\n \"enrichment_tas_threat__reports\": \"{\\\"Kind\\\":\\\"MultiLink\\\",\\\"DisplayValueToUrlDictionary\\\":{\\\"Report: EICAR File\\\":\\\"https://interflowwebportalext.trafficmanager.net/reports/DisplayReport?callerIdentity=ddd5443d-e6f4-441c-b52b-5278d2f21dfa&reportCreateDateTime=2020-05-04T08%3a32%3a57&reportName=MSTI-TS-EICAR-File.pdf&tenantId=1c68e967-70a6-4cda-a34b-6d281cffe06e&urlCreateDateTime=2020-05-04T08%3a32%3a57&token=s7wyF62JLdEde8/SccnrGqIJxUOajFUpTETdhi3lCyY=\\\"}}\",\r\n \"resourceType\": \"Virtual Machine\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2020-05-04T12:57:53.7990186Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/mainws/providers/microsoft.operationalinsights/workspaces/securityuserws\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": [\r\n {\r\n \"$id\": \"westeurope_43\",\r\n \"dnsDomain\": \"\",\r\n \"ntDomain\": \"\",\r\n \"hostName\": \"ALERTSTEST\",\r\n \"netBiosName\": \"ALERTSTEST\",\r\n \"azureID\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"omsAgentID\": \"6bc4f1df-17e1-40f0-8227-f1635aea54dd\",\r\n \"osFamily\": \"Windows\",\r\n \"osVersion\": \"Windows\",\r\n \"isDomainJoined\": false,\r\n \"type\": \"host\"\r\n },\r\n {\r\n \"$id\": \"westeurope_44\",\r\n \"directory\": \"c:\\\\windows\\\\system32\",\r\n \"name\": \"svchost.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_45\",\r\n \"processId\": \"0x6ec\",\r\n \"commandLine\": \"\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_44\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_43\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_46\",\r\n \"name\": \"alertsTest$\",\r\n \"ntDomain\": \"WORKGROUP\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_43\"\r\n },\r\n \"sid\": \"S-1-5-18\",\r\n \"isDomainJoined\": true,\r\n \"type\": \"account\",\r\n \"LogonId\": \"0x3e7\"\r\n },\r\n {\r\n \"$id\": \"westeurope_47\",\r\n \"directory\": \"c:\\\\scripts\",\r\n \"name\": \"asc_alerttest_662jfi039n.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_48\",\r\n \"processId\": \"0x1d50\",\r\n \"commandLine\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"elevationToken\": \"Default\",\r\n \"creationTimeUtc\": \"2020-05-04T12:57:47.8805382Z\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_47\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_46\"\r\n },\r\n \"parentProcess\": {\r\n \"$ref\": \"westeurope_45\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_43\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_49\",\r\n \"sessionId\": \"0x3e7\",\r\n \"startTimeUtc\": \"2020-05-04T12:57:47.8805382Z\",\r\n \"endTimeUtc\": \"2020-05-04T12:57:47.8805382Z\",\r\n \"type\": \"host-logon-session\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_43\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_46\"\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n}",
"StatusCode": 200
}
],
"Names": {},
- "Variables": {
- "SubscriptionId": "487bb485-b5b0-471e-9c0d-10717612f869"
- }
+ "Variables": {}
}
\ No newline at end of file
diff --git a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/SecurityAlertsTests/SecurityAlerts_ListResourceGroupLevelAlertsByRegion.json b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/SecurityAlertsTests/SecurityAlerts_ListResourceGroupLevelAlertsByRegion.json
index f955e95996e6..53a459dc79e9 100644
--- a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/SecurityAlertsTests/SecurityAlerts_ListResourceGroupLevelAlertsByRegion.json
+++ b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/SecurityAlertsTests/SecurityAlerts_ListResourceGroupLevelAlertsByRegion.json
@@ -7,7 +7,7 @@
"RequestBody": "",
"RequestHeaders": {
"x-ms-client-request-id": [
- "bb813202-efbe-491d-a57f-95f74edb9a99"
+ "ccfb7ccf-e768-4d5f-80c1-3a9babefc8ea"
],
"accept-language": [
"en-US"
@@ -15,8 +15,8 @@
"User-Agent": [
"FxVersion/4.6.26614.01",
"OSName/Windows",
- "OSVersion/Microsoft.Windows.10.0.17763.",
- "Microsoft.Azure.Management.Security.SecurityCenterClient/0.11.0.0"
+ "OSVersion/Microsoft.Windows.10.0.18363.",
+ "Microsoft.Azure.Management.Security.SecurityCenterClient/1.1.3.0"
]
},
"ResponseHeaders": {
@@ -24,26 +24,26 @@
"no-cache"
],
"Date": [
- "Mon, 04 Mar 2019 16:01:59 GMT"
+ "Mon, 04 May 2020 14:43:00 GMT"
],
"Pragma": [
"no-cache"
],
"x-ms-original-request-ids": [
- "b49e5fba-b6d7-4816-a91e-ff6d8938c1d9",
- "c184df38-50a2-4731-b6d5-aa7a3df20397"
+ "8620350a-9458-427b-8d46-f183c9a768f3",
+ "42ed126d-68ca-4207-9087-8d7ba4474e0e"
],
"x-ms-ratelimit-remaining-subscription-resource-requests": [
"749"
],
"x-ms-request-id": [
- "7c20d21d-9f1d-47a6-adeb-76a214f92e9c"
+ "49d028fa-a3d8-48c6-8b46-4f459f9cb704"
],
"x-ms-correlation-request-id": [
- "7c20d21d-9f1d-47a6-adeb-76a214f92e9c"
+ "49d028fa-a3d8-48c6-8b46-4f459f9cb704"
],
"x-ms-routing-request-id": [
- "UKWEST:20190304T160159Z:7c20d21d-9f1d-47a6-adeb-76a214f92e9c"
+ "GERMANYWESTCENTRAL:20200504T144301Z:49d028fa-a3d8-48c6-8b46-4f459f9cb704"
],
"Strict-Transport-Security": [
"max-age=31536000; includeSubDomains"
@@ -52,7 +52,7 @@
"nosniff"
],
"Content-Length": [
- "169158"
+ "25641"
],
"Content-Type": [
"application/json; charset=utf-8"
@@ -61,17 +61,17 @@
"-1"
]
},
- "ResponseBody": "{\r\n \"value\": [\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/rg/providers/Microsoft.Security/locations/centralus/alerts/2518532788749999999_66276b36-db2a-4b2c-84ad-9676fe753a01\",\r\n \"name\": \"2518532788749999999_66276b36-db2a-4b2c-84ad-9676fe753a01\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft\",\r\n \"alertDisplayName\": \"Web fingerprinting detected\",\r\n \"alertName\": \"APPS_Nmap\",\r\n \"detectedTimeUtc\": \"2019-03-03T17:40:43Z\",\r\n \"description\": \"Azure App Service activity log indicates a possible web fingerprinting activity on your App Service resource.The suspicious activity detected is associated with NMAP. Attackers often use this tool for probing the web application to find vulnerabilities.\",\r\n \"remediationSteps\": \"If only specific IP addresses should be allowed to access the web app, set IP restrictions (https://docs.microsoft.com/azure/app-service/app-service-ip-restrictions) for it.\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"High\",\r\n \"compromisedEntity\": \"sitename\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/rg/providers/Microsoft.Web/sites/sitename\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"b3d77198-6f95-40ed-9675-10001c2e93cc\",\r\n \"extendedProperties\": {\r\n \"last Event Time\": \"2/11/2019 5:40:46 PM\",\r\n \"sample URIs\": \"/sdk, /, /.git/HEAD, /favicon.ico, /evox/about, /robots.txt, /nmaplowercheck1549906843, /HNAP1\",\r\n \"sample User Agents\": \"Mozilla/5.0+(compatible;+Nmap+Scripting+Engine;+https://nmap.org/book/nse.html)\",\r\n \"sample Referer\": \"-\",\r\n \"resourceType\": \"App Service\"\r\n },\r\n \"state\": \"Dismissed\",\r\n \"reportedTimeUtc\": \"2019-03-03T20:41:03.846Z\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": [\r\n {\r\n \"$id\": \"centralus_1\",\r\n \"hostName\": \"sitename\",\r\n \"azureID\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/rg/providers/Microsoft.Web/sites/sitename\",\r\n \"type\": \"host\"\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/providers/Microsoft.Security/locations/centralus/alerts/2518532788749999999_66276b36-db2a-4b2c-84ad-9676fe753a02\",\r\n \"name\": \"2518532788749999999_66276b36-db2a-4b2c-84ad-9676fe753a02\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft\",\r\n \"alertDisplayName\": \"Web fingerprinting detected\",\r\n \"alertName\": \"APPS_Nmap\",\r\n \"detectedTimeUtc\": \"2019-03-03T17:40:43Z\",\r\n \"description\": \"Azure App Service activity log indicates a possible web fingerprinting activity on your App Service resource.The suspicious activity detected is associated with NMAP. Attackers often use this tool for probing the web application to find vulnerabilities.\",\r\n \"remediationSteps\": \"If only specific IP addresses should be allowed to access the web app, set IP restrictions (https://docs.microsoft.com/azure/app-service/app-service-ip-restrictions) for it.\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"High\",\r\n \"compromisedEntity\": \"sitename\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/providers/Microsoft.Web/sites/sitename\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"b3d77198-6f95-40ed-9675-10001c2e93cd\",\r\n \"extendedProperties\": {\r\n \"last Event Time\": \"2/11/2019 5:40:46 PM\",\r\n \"sample URIs\": \"/sdk, /, /.git/HEAD, /favicon.ico, /evox/about, /robots.txt, /nmaplowercheck1549906843, /HNAP1\",\r\n \"sample User Agents\": \"Mozilla/5.0+(compatible;+Nmap+Scripting+Engine;+https://nmap.org/book/nse.html)\",\r\n \"sample Referer\": \"-\",\r\n \"resourceType\": \"App Service\"\r\n },\r\n \"state\": \"Dismissed\",\r\n \"reportedTimeUtc\": \"2019-03-03T20:41:03.846Z\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": [\r\n {\r\n \"$id\": \"centralus_2\",\r\n \"hostName\": \"sitename\",\r\n \"azureID\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/providers/Microsoft.Web/sites/sitename\",\r\n \"type\": \"host\"\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518505891999999999_c908c4ae-9a04-4d98-bb7e-18c82dfd9a81\",\r\n \"name\": \"2518505891999999999_c908c4ae-9a04-4d98-bb7e-18c82dfd9a81\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-04T15:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"c908c4ae-9a04-4d98-bb7e-18c82dfd9a81\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"159.192.218.25\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T16:00:11.489254Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518505927999999999_38e859b9-60eb-406d-aa42-a54dc5be9b17\",\r\n \"name\": \"2518505927999999999_38e859b9-60eb-406d-aa42-a54dc5be9b17\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-04T14:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"38e859b9-60eb-406d-aa42-a54dc5be9b17\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T15:00:56.8950851Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518505927999999999_3c3f8a61-1245-4e92-be38-ac054249f4a2\",\r\n \"name\": \"2518505927999999999_3c3f8a61-1245-4e92-be38-ac054249f4a2\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-04T14:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with scripting/generic HTTP client Matched Data: python-requests found within REQUEST_HEADERS:User-Agent: python-requests/2.6.0 CPython/2.7.5 Linux/3.10.0-957.1.3.el7.x86_64\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"3c3f8a61-1245-4e92-be38-ac054249f4a2\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T15:00:56.8950851Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518505927999999999_f646ad4c-8a5d-4355-9dfc-56a3f2521310\",\r\n \"name\": \"2518505927999999999_f646ad4c-8a5d-4355-9dfc-56a3f2521310\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-04T14:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 8)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"f646ad4c-8a5d-4355-9dfc-56a3f2521310\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T15:00:56.4081088Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518505963999999999_7e0b842e-b80f-4544-979d-952ed3b60db6\",\r\n \"name\": \"2518505963999999999_7e0b842e-b80f-4544-979d-952ed3b60db6\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-04T13:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"7e0b842e-b80f-4544-979d-952ed3b60db6\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"103.94.170.218,113.161.130.251\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T14:00:41.0033381Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506035999999999_4316a00c-7ac8-4b34-8b74-cf73e2a91b70\",\r\n \"name\": \"2518506035999999999_4316a00c-7ac8-4b34-8b74-cf73e2a91b70\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-04T11:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with scripting/generic HTTP client Matched Data: python-requests found within REQUEST_HEADERS:User-Agent: python-requests/2.6.0 CPython/2.7.5 Linux/3.10.0-957.1.3.el7.x86_64\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"4316a00c-7ac8-4b34-8b74-cf73e2a91b70\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T12:00:02.3651318Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506035999999999_553a1004-ff2f-4d39-9baf-cdb764aa6a1e\",\r\n \"name\": \"2518506035999999999_553a1004-ff2f-4d39-9baf-cdb764aa6a1e\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-04T11:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 8)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"553a1004-ff2f-4d39-9baf-cdb764aa6a1e\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T12:00:01.7153581Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506035999999999_d91570aa-65a5-46de-aee7-98b41a8027e4\",\r\n \"name\": \"2518506035999999999_d91570aa-65a5-46de-aee7-98b41a8027e4\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-04T11:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"d91570aa-65a5-46de-aee7-98b41a8027e4\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"176.32.33.80,103.212.90.36\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T12:00:02.3651318Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506071999999999_129ec79b-c7a6-4082-91af-c6733ce46447\",\r\n \"name\": \"2518506071999999999_129ec79b-c7a6-4082-91af-c6733ce46447\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-04T10:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"129ec79b-c7a6-4082-91af-c6733ce46447\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"51.83.15.87\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T11:00:48.0270644Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506071999999999_784f1ab8-ec53-4216-a522-52669e63bcde\",\r\n \"name\": \"2518506071999999999_784f1ab8-ec53-4216-a522-52669e63bcde\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-04T10:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"784f1ab8-ec53-4216-a522-52669e63bcde\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"45.115.6.194\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T11:00:48.4809846Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506179999999999_a4b834f3-2e4b-406c-bc49-1dc4339732e6\",\r\n \"name\": \"2518506179999999999_a4b834f3-2e4b-406c-bc49-1dc4339732e6\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-04T07:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 8)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"a4b834f3-2e4b-406c-bc49-1dc4339732e6\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T08:00:01.2466784Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506179999999999_e2dfaff2-872b-479b-8ead-f3473da44a88\",\r\n \"name\": \"2518506179999999999_e2dfaff2-872b-479b-8ead-f3473da44a88\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-04T07:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"e2dfaff2-872b-479b-8ead-f3473da44a88\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"179.110.123.218,176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T08:00:02.116777Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506179999999999_e67879f8-55f1-49a0-bfde-d8d076fae90e\",\r\n \"name\": \"2518506179999999999_e67879f8-55f1-49a0-bfde-d8d076fae90e\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-04T07:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with scripting/generic HTTP client Matched Data: python-requests found within REQUEST_HEADERS:User-Agent: python-requests/2.6.0 CPython/2.7.5 Linux/3.10.0-957.1.3.el7.x86_64\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"e67879f8-55f1-49a0-bfde-d8d076fae90e\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T08:00:02.116777Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506215999999999_137fc371-1c41-4da3-9f32-61dbf0c876b3\",\r\n \"name\": \"2518506215999999999_137fc371-1c41-4da3-9f32-61dbf0c876b3\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-04T06:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"137fc371-1c41-4da3-9f32-61dbf0c876b3\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"186.226.218.121,191.37.250.231\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T07:00:47.1096409Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506215999999999_d1922f41-45da-4c89-b3f0-ae2ee97ca464\",\r\n \"name\": \"2518506215999999999_d1922f41-45da-4c89-b3f0-ae2ee97ca464\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-04T06:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"d1922f41-45da-4c89-b3f0-ae2ee97ca464\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"109.73.182.157\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T07:00:46.5853915Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506251999999999_8ad58304-6c26-4379-89fc-b89fcfa1e747\",\r\n \"name\": \"2518506251999999999_8ad58304-6c26-4379-89fc-b89fcfa1e747\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-04T05:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"8ad58304-6c26-4379-89fc-b89fcfa1e747\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"185.123.233.160\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T06:00:33.4180269Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506287999999999_1ed08eec-64cc-4d93-9eea-ea73822c2320\",\r\n \"name\": \"2518506287999999999_1ed08eec-64cc-4d93-9eea-ea73822c2320\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-04T04:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"1ed08eec-64cc-4d93-9eea-ea73822c2320\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T05:00:20.5069656Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506287999999999_8f8d4f63-d98c-4e11-aa94-d1f3886b6afb\",\r\n \"name\": \"2518506287999999999_8f8d4f63-d98c-4e11-aa94-d1f3886b6afb\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-04T04:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with scripting/generic HTTP client Matched Data: python-requests found within REQUEST_HEADERS:User-Agent: python-requests/2.6.0 CPython/2.7.5 Linux/3.10.0-957.1.3.el7.x86_64\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"8f8d4f63-d98c-4e11-aa94-d1f3886b6afb\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T05:00:20.5069656Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506287999999999_e84d6d25-d3fd-4198-a9ea-8d1a695a8a0e\",\r\n \"name\": \"2518506287999999999_e84d6d25-d3fd-4198-a9ea-8d1a695a8a0e\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-04T04:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 8)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"e84d6d25-d3fd-4198-a9ea-8d1a695a8a0e\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T05:00:20.5069656Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506395999999999_025841f9-9581-450c-8349-b96da379d72c\",\r\n \"name\": \"2518506395999999999_025841f9-9581-450c-8349-b96da379d72c\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-04T01:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 8)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"025841f9-9581-450c-8349-b96da379d72c\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T02:00:39.9205038Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506395999999999_21099c91-d37e-4843-966e-55f53d3fe657\",\r\n \"name\": \"2518506395999999999_21099c91-d37e-4843-966e-55f53d3fe657\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-04T01:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with scripting/generic HTTP client Matched Data: python-requests found within REQUEST_HEADERS:User-Agent: python-requests/2.6.0 CPython/2.7.5 Linux/3.10.0-957.1.3.el7.x86_64\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"21099c91-d37e-4843-966e-55f53d3fe657\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T02:00:40.4337488Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506395999999999_997886ee-adcc-4233-b389-4f349a4e4f19\",\r\n \"name\": \"2518506395999999999_997886ee-adcc-4233-b389-4f349a4e4f19\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-04T01:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"997886ee-adcc-4233-b389-4f349a4e4f19\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T02:00:40.4337488Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506431999999999_3628cfac-0858-4075-873e-cb45feafc2d8\",\r\n \"name\": \"2518506431999999999_3628cfac-0858-4075-873e-cb45feafc2d8\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"METHOD-ENFORCEMENT\",\r\n \"alertName\": \"METHOD-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-04T00:00:00Z\",\r\n \"description\": \"Detail:Method is not allowed by policy PROPFIND\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"3628cfac-0858-4075-873e-cb45feafc2d8\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"123.206.22.203\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T01:00:24.1988577Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506431999999999_65048fd9-87b9-4d11-9570-f3ea77419866\",\r\n \"name\": \"2518506431999999999_65048fd9-87b9-4d11-9570-f3ea77419866\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-04T00:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"65048fd9-87b9-4d11-9570-f3ea77419866\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"108\",\r\n \"source IPs\": \"45.170.220.47,123.206.22.203,183.89.68.95\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T01:00:24.1988577Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506431999999999_a8a29940-e0bd-4742-95cc-c6d01e1afe48\",\r\n \"name\": \"2518506431999999999_a8a29940-e0bd-4742-95cc-c6d01e1afe48\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"APPLICATION-ATTACK-SQLI\",\r\n \"alertName\": \"APPLICATION-ATTACK-SQLI\",\r\n \"detectedTimeUtc\": \"2019-03-04T00:00:00Z\",\r\n \"description\": \"Detail:SQL Injection Attack Matched Data: md5 found within ARGS:h: die(@md5(M4rch));\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"a8a29940-e0bd-4742-95cc-c6d01e1afe48\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"16\",\r\n \"source IPs\": \"123.206.22.203\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T01:00:24.1988577Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506431999999999_b41572ea-083b-4743-ab2f-f653b504c3c3\",\r\n \"name\": \"2518506431999999999_b41572ea-083b-4743-ab2f-f653b504c3c3\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-04T00:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 5)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"b41572ea-083b-4743-ab2f-f653b504c3c3\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"41\",\r\n \"source IPs\": \"123.206.22.203\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T01:00:24.1988577Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506431999999999_b463a506-46aa-4a9d-8468-40e2ed74fae2\",\r\n \"name\": \"2518506431999999999_b463a506-46aa-4a9d-8468-40e2ed74fae2\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"APPLICATION-ATTACK-SQLI\",\r\n \"alertName\": \"APPLICATION-ATTACK-SQLI\",\r\n \"detectedTimeUtc\": \"2019-03-04T00:00:00Z\",\r\n \"description\": \"Detail:SQL Injection Attack Matched Data: md5 found within ARGS:h: die(@md5(M4rch));\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"b463a506-46aa-4a9d-8468-40e2ed74fae2\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"24\",\r\n \"source IPs\": \"123.206.22.203\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T01:00:23.6287102Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506431999999999_da18a55d-358d-499b-97e2-d4a9169d6d79\",\r\n \"name\": \"2518506431999999999_da18a55d-358d-499b-97e2-d4a9169d6d79\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-04T00:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 12)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"da18a55d-358d-499b-97e2-d4a9169d6d79\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"43\",\r\n \"source IPs\": \"123.206.22.203\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T01:00:24.1988577Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506431999999999_e188c598-6c5a-4b88-b062-53a84c8e5866\",\r\n \"name\": \"2518506431999999999_e188c598-6c5a-4b88-b062-53a84c8e5866\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-04T00:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"e188c598-6c5a-4b88-b062-53a84c8e5866\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"98\",\r\n \"source IPs\": \"123.206.22.203\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T01:00:24.1988577Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506431999999999_f3759b4d-98d9-4133-820f-c53404075381\",\r\n \"name\": \"2518506431999999999_f3759b4d-98d9-4133-820f-c53404075381\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"APPLICATION-ATTACK-LFI\",\r\n \"alertName\": \"APPLICATION-ATTACK-LFI\",\r\n \"detectedTimeUtc\": \"2019-03-04T00:00:00Z\",\r\n \"description\": \"Detail:Restricted File Access Attempt Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"f3759b4d-98d9-4133-820f-c53404075381\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"123.206.22.203\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T01:00:24.1988577Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506467999999999_e16ffb83-a733-495b-b767-56079cca194b\",\r\n \"name\": \"2518506467999999999_e16ffb83-a733-495b-b767-56079cca194b\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T23:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"e16ffb83-a733-495b-b767-56079cca194b\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"37.57.97.61\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T00:00:05.2118352Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506539999999999_96264969-2f25-4495-8e4a-26d705da8fa9\",\r\n \"name\": \"2518506539999999999_96264969-2f25-4495-8e4a-26d705da8fa9\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-03T21:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with scripting/generic HTTP client Matched Data: python-requests found within REQUEST_HEADERS:User-Agent: python-requests/2.6.0 CPython/2.7.5 Linux/3.10.0-957.1.3.el7.x86_64\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"96264969-2f25-4495-8e4a-26d705da8fa9\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T22:00:34.1747263Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506539999999999_dd92cb6e-f129-4405-9e18-11fa5c1252c2\",\r\n \"name\": \"2518506539999999999_dd92cb6e-f129-4405-9e18-11fa5c1252c2\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T21:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 8)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"dd92cb6e-f129-4405-9e18-11fa5c1252c2\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T22:00:33.6975993Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506539999999999_ecdf89d6-b2a2-4d32-9e16-f7cd67984891\",\r\n \"name\": \"2518506539999999999_ecdf89d6-b2a2-4d32-9e16-f7cd67984891\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T21:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"ecdf89d6-b2a2-4d32-9e16-f7cd67984891\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"41.50.83.103,176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T22:00:34.1747263Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506575999999999_5aee1028-31b6-4d35-93cc-569793a2d3a2\",\r\n \"name\": \"2518506575999999999_5aee1028-31b6-4d35-93cc-569793a2d3a2\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T20:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"5aee1028-31b6-4d35-93cc-569793a2d3a2\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"181.166.19.204\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T21:00:19.3291561Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506611999999999_3c7cfa09-e213-4490-ba8d-a11b72b6d000\",\r\n \"name\": \"2518506611999999999_3c7cfa09-e213-4490-ba8d-a11b72b6d000\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T19:00:00Z\",\r\n \"description\": \"Detail:Request Missing a Host Header\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"3c7cfa09-e213-4490-ba8d-a11b72b6d000\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"178.73.215.171\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T20:00:05.4039046Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506611999999999_af8a5586-7eae-4aba-bb14-5a0d9f18bb97\",\r\n \"name\": \"2518506611999999999_af8a5586-7eae-4aba-bb14-5a0d9f18bb97\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T19:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"af8a5586-7eae-4aba-bb14-5a0d9f18bb97\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"39.96.43.158,200.207.20.30\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T20:00:05.4039046Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506611999999999_ea4eb36f-4b5c-4b3d-a52e-b06a0a8634ac\",\r\n \"name\": \"2518506611999999999_ea4eb36f-4b5c-4b3d-a52e-b06a0a8634ac\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T19:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 5)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"ea4eb36f-4b5c-4b3d-a52e-b06a0a8634ac\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"178.73.215.171\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T20:00:04.9007841Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506647999999999_2049cf22-f78e-45c4-8c8d-620175ea9b67\",\r\n \"name\": \"2518506647999999999_2049cf22-f78e-45c4-8c8d-620175ea9b67\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"APPLICATION-ATTACK-SQLI\",\r\n \"alertName\": \"APPLICATION-ATTACK-SQLI\",\r\n \"detectedTimeUtc\": \"2019-03-03T18:00:00Z\",\r\n \"description\": \"Detail:SQL Injection Attack: SQL Tautology Detected. Matched Data: methodName>system found within ARGS_NAMES: system.listMethods : system.listMethods \",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"2049cf22-f78e-45c4-8c8d-620175ea9b67\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"52.183.58.122\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T19:00:51.2707099Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506647999999999_5dd2d179-737e-47de-a37d-c6b6731c149a\",\r\n \"name\": \"2518506647999999999_5dd2d179-737e-47de-a37d-c6b6731c149a\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-03T18:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with security scanner Matched Data: nmap scripting engine found within REQUEST_HEADERS:User-Agent: Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"5dd2d179-737e-47de-a37d-c6b6731c149a\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"16\",\r\n \"source IPs\": \"52.183.58.122\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T19:00:51.2707099Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506647999999999_7bc4f2d4-49d2-4e83-801e-18e5f7288546\",\r\n \"name\": \"2518506647999999999_7bc4f2d4-49d2-4e83-801e-18e5f7288546\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T18:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 5)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"7bc4f2d4-49d2-4e83-801e-18e5f7288546\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"17\",\r\n \"source IPs\": \"52.183.58.122\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T19:00:51.2707099Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506647999999999_7db374f1-b737-40f9-9801-427d6ded6631\",\r\n \"name\": \"2518506647999999999_7db374f1-b737-40f9-9801-427d6ded6631\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T18:00:00Z\",\r\n \"description\": \"Detail:Request Missing a Host Header\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"7db374f1-b737-40f9-9801-427d6ded6631\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"29\",\r\n \"source IPs\": \"52.183.58.122\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T19:00:51.2707099Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506647999999999_7fdd74ca-ecdc-47c7-8ede-237604683d32\",\r\n \"name\": \"2518506647999999999_7fdd74ca-ecdc-47c7-8ede-237604683d32\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T18:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 10)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"7fdd74ca-ecdc-47c7-8ede-237604683d32\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"18\",\r\n \"source IPs\": \"52.183.58.122\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T19:00:51.2707099Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506647999999999_8a49395c-6a4a-44c1-ada6-5d9e25ad2cb4\",\r\n \"name\": \"2518506647999999999_8a49395c-6a4a-44c1-ada6-5d9e25ad2cb4\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-03T18:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with security scanner Matched Data: nmap scripting engine found within REQUEST_HEADERS:User-Agent: Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"8a49395c-6a4a-44c1-ada6-5d9e25ad2cb4\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"16\",\r\n \"source IPs\": \"52.183.58.122\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T19:00:51.2707099Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506647999999999_9aa674cd-3d5a-44d0-ae78-26bb404bb9cd\",\r\n \"name\": \"2518506647999999999_9aa674cd-3d5a-44d0-ae78-26bb404bb9cd\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"APPLICATION-ATTACK-LFI\",\r\n \"alertName\": \"APPLICATION-ATTACK-LFI\",\r\n \"detectedTimeUtc\": \"2019-03-03T18:00:00Z\",\r\n \"description\": \"Detail:Restricted File Access Attempt Matched Data: /.git/ found within REQUEST_FILENAME: /.git/HEAD\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"9aa674cd-3d5a-44d0-ae78-26bb404bb9cd\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"52.183.58.122\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T19:00:50.6994998Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506647999999999_a1d6f3b7-f990-4f60-aa51-f9dedb286a93\",\r\n \"name\": \"2518506647999999999_a1d6f3b7-f990-4f60-aa51-f9dedb286a93\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"METHOD-ENFORCEMENT\",\r\n \"alertName\": \"METHOD-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T18:00:00Z\",\r\n \"description\": \"Detail:Method is not allowed by policy PROPFIND\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"a1d6f3b7-f990-4f60-aa51-f9dedb286a93\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"4\",\r\n \"source IPs\": \"52.183.58.122\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T19:00:51.2707099Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506647999999999_e88f0966-faba-4c11-806c-1dd3d0f02349\",\r\n \"name\": \"2518506647999999999_e88f0966-faba-4c11-806c-1dd3d0f02349\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T18:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"e88f0966-faba-4c11-806c-1dd3d0f02349\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"30\",\r\n \"source IPs\": \"52.183.58.122\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T19:00:51.2707099Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506683999999999_3ffd1f5a-8a43-42dd-950f-94a708c4eccf\",\r\n \"name\": \"2518506683999999999_3ffd1f5a-8a43-42dd-950f-94a708c4eccf\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-03T17:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with scripting/generic HTTP client Matched Data: Python-urllib found within REQUEST_HEADERS:User-Agent: Python-urllib/2.7\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"3ffd1f5a-8a43-42dd-950f-94a708c4eccf\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"5.189.188.237\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T18:00:33.544093Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506683999999999_45daf153-e9c2-4943-aa00-60a4d57dfe57\",\r\n \"name\": \"2518506683999999999_45daf153-e9c2-4943-aa00-60a4d57dfe57\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T17:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 5)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"45daf153-e9c2-4943-aa00-60a4d57dfe57\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"185\",\r\n \"source IPs\": \"153.37.197.94\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T18:00:34.0159991Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506683999999999_5f021722-537d-490c-bdfd-ac6fc510da5c\",\r\n \"name\": \"2518506683999999999_5f021722-537d-490c-bdfd-ac6fc510da5c\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T17:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"5f021722-537d-490c-bdfd-ac6fc510da5c\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"241\",\r\n \"source IPs\": \"153.37.197.94\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T18:00:34.0159991Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506683999999999_6a5df300-a1b4-4403-a419-eb6688efdf7b\",\r\n \"name\": \"2518506683999999999_6a5df300-a1b4-4403-a419-eb6688efdf7b\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"APPLICATION-ATTACK-SQLI\",\r\n \"alertName\": \"APPLICATION-ATTACK-SQLI\",\r\n \"detectedTimeUtc\": \"2019-03-03T17:00:00Z\",\r\n \"description\": \"Detail:SQL Injection Attack Matched Data: md5 found within ARGS:h: die(@md5(M4rch));\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"6a5df300-a1b4-4403-a419-eb6688efdf7b\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"258\",\r\n \"source IPs\": \"153.37.197.94\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T18:00:34.0159991Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506683999999999_874c6ebd-1e67-4774-a5ce-0d731c1c27db\",\r\n \"name\": \"2518506683999999999_874c6ebd-1e67-4774-a5ce-0d731c1c27db\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T17:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 12)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"874c6ebd-1e67-4774-a5ce-0d731c1c27db\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"187\",\r\n \"source IPs\": \"153.37.197.94,5.189.188.237\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T18:00:34.0159991Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506683999999999_96f96063-0f51-4b5a-8548-a58f55a126bb\",\r\n \"name\": \"2518506683999999999_96f96063-0f51-4b5a-8548-a58f55a126bb\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"APPLICATION-ATTACK-LFI\",\r\n \"alertName\": \"APPLICATION-ATTACK-LFI\",\r\n \"detectedTimeUtc\": \"2019-03-03T17:00:00Z\",\r\n \"description\": \"Detail:Restricted File Access Attempt Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"96f96063-0f51-4b5a-8548-a58f55a126bb\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"153.37.197.94\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T18:00:34.0159991Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506683999999999_a1fd9cb6-278c-4fa8-8378-b88d15b68e37\",\r\n \"name\": \"2518506683999999999_a1fd9cb6-278c-4fa8-8378-b88d15b68e37\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"APPLICATION-ATTACK-SQLI\",\r\n \"alertName\": \"APPLICATION-ATTACK-SQLI\",\r\n \"detectedTimeUtc\": \"2019-03-03T17:00:00Z\",\r\n \"description\": \"Detail:SQL Injection Attack Matched Data: md5 found within ARGS:h: die(@md5(M4rch));\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"a1fd9cb6-278c-4fa8-8378-b88d15b68e37\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"242\",\r\n \"source IPs\": \"153.37.197.94\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T18:00:34.0159991Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506683999999999_e4985ba6-3474-4f25-8d0e-0d29bb6b38c9\",\r\n \"name\": \"2518506683999999999_e4985ba6-3474-4f25-8d0e-0d29bb6b38c9\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T17:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"e4985ba6-3474-4f25-8d0e-0d29bb6b38c9\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"254\",\r\n \"source IPs\": \"143.255.242.186,153.37.197.94,5.189.188.237\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T18:00:34.0159991Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506683999999999_e6988005-220a-4136-82fd-14ef12b4ddf1\",\r\n \"name\": \"2518506683999999999_e6988005-220a-4136-82fd-14ef12b4ddf1\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"METHOD-ENFORCEMENT\",\r\n \"alertName\": \"METHOD-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T17:00:00Z\",\r\n \"description\": \"Detail:Method is not allowed by policy PROPFIND\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"e6988005-220a-4136-82fd-14ef12b4ddf1\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"153.37.197.94\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T18:00:34.0159991Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506719999999999_13a28970-6f30-4c49-8db1-bbeb8c53f358\",\r\n \"name\": \"2518506719999999999_13a28970-6f30-4c49-8db1-bbeb8c53f358\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-03T16:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with scripting/generic HTTP client Matched Data: python-requests found within REQUEST_HEADERS:User-Agent: python-requests/2.6.0 CPython/2.7.5 Linux/3.10.0-957.1.3.el7.x86_64\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"13a28970-6f30-4c49-8db1-bbeb8c53f358\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T17:00:20.7167821Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506719999999999_3dd7d880-0612-484b-9352-47cbe5e955c0\",\r\n \"name\": \"2518506719999999999_3dd7d880-0612-484b-9352-47cbe5e955c0\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T16:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"3dd7d880-0612-484b-9352-47cbe5e955c0\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"4\",\r\n \"source IPs\": \"151.14.49.82,106.12.205.48,176.32.33.80,27.112.69.69\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T17:00:20.7167821Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506719999999999_45ad41ef-a52a-4383-b5a0-cf77d0f52769\",\r\n \"name\": \"2518506719999999999_45ad41ef-a52a-4383-b5a0-cf77d0f52769\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T16:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 8)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"45ad41ef-a52a-4383-b5a0-cf77d0f52769\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T17:00:20.7167821Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506755999999999_08c7bb21-5ce6-4a29-8559-e0f681637727\",\r\n \"name\": \"2518506755999999999_08c7bb21-5ce6-4a29-8559-e0f681637727\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T15:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"08c7bb21-5ce6-4a29-8559-e0f681637727\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"112.109.90.7\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T16:00:13.9856128Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506791999999999_a4f72ed5-04a4-4396-a55f-6c1e53f5de88\",\r\n \"name\": \"2518506791999999999_a4f72ed5-04a4-4396-a55f-6c1e53f5de88\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T14:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"a4f72ed5-04a4-4396-a55f-6c1e53f5de88\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"191.19.156.211\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T15:00:53.1284306Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506791999999999_d7624e51-e813-4e82-9d24-b0c7d1ee54a2\",\r\n \"name\": \"2518506791999999999_d7624e51-e813-4e82-9d24-b0c7d1ee54a2\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T14:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"d7624e51-e813-4e82-9d24-b0c7d1ee54a2\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"191.19.156.211\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T15:00:53.5907512Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506827999999999_5d48c911-b79f-4a9c-adf7-b1f7b542e139\",\r\n \"name\": \"2518506827999999999_5d48c911-b79f-4a9c-adf7-b1f7b542e139\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T13:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"5d48c911-b79f-4a9c-adf7-b1f7b542e139\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"47.44.40.236\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T14:00:40.9369659Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506827999999999_6705b59f-aa53-4b22-a799-0ec168f16554\",\r\n \"name\": \"2518506827999999999_6705b59f-aa53-4b22-a799-0ec168f16554\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T13:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 5)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"6705b59f-aa53-4b22-a799-0ec168f16554\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"86.101.76.223\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T14:00:41.4313385Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506827999999999_8ef4d78a-8e10-42c2-809c-b06a1dbac6ff\",\r\n \"name\": \"2518506827999999999_8ef4d78a-8e10-42c2-809c-b06a1dbac6ff\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T13:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"8ef4d78a-8e10-42c2-809c-b06a1dbac6ff\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"3\",\r\n \"source IPs\": \"86.101.76.223,37.112.145.247\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T14:00:41.4313385Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506863999999999_0a57514d-bfbb-40de-945f-edab4061fa9f\",\r\n \"name\": \"2518506863999999999_0a57514d-bfbb-40de-945f-edab4061fa9f\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-03T12:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with scripting/generic HTTP client Matched Data: python-requests found within REQUEST_HEADERS:User-Agent: python-requests/2.6.0 CPython/2.7.5 Linux/3.10.0-957.1.3.el7.x86_64\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"0a57514d-bfbb-40de-945f-edab4061fa9f\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T13:00:27.4966084Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506863999999999_2aec0c06-933a-4981-bd34-59809b81bdcf\",\r\n \"name\": \"2518506863999999999_2aec0c06-933a-4981-bd34-59809b81bdcf\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T12:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"2aec0c06-933a-4981-bd34-59809b81bdcf\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"3\",\r\n \"source IPs\": \"139.162.106.181,176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T13:00:27.9629747Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506863999999999_3906c573-8bb4-47b5-922d-3a93dacb999a\",\r\n \"name\": \"2518506863999999999_3906c573-8bb4-47b5-922d-3a93dacb999a\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T12:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 5)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"3906c573-8bb4-47b5-922d-3a93dacb999a\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"139.162.106.181,176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T13:00:27.9629747Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506863999999999_ccc614e5-38e9-4794-a4a7-b084779313b2\",\r\n \"name\": \"2518506863999999999_ccc614e5-38e9-4794-a4a7-b084779313b2\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T12:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"ccc614e5-38e9-4794-a4a7-b084779313b2\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"189.79.106.13,175.106.10.226\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T13:00:27.9629747Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506899999999999_0628b610-6b29-45ec-a08c-2561f6201681\",\r\n \"name\": \"2518506899999999999_0628b610-6b29-45ec-a08c-2561f6201681\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T11:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"0628b610-6b29-45ec-a08c-2561f6201681\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"4\",\r\n \"source IPs\": \"170.233.47.249,149.71.160.254,125.64.94.200\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T12:00:05.3305889Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506899999999999_7008ba75-4cc8-4291-93bc-ea17eba8f37c\",\r\n \"name\": \"2518506899999999999_7008ba75-4cc8-4291-93bc-ea17eba8f37c\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T11:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 5)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"7008ba75-4cc8-4291-93bc-ea17eba8f37c\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"125.64.94.200\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T12:00:04.8798965Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506935999999999_6f663a4f-982b-4818-8ef1-f87730e40dcc\",\r\n \"name\": \"2518506935999999999_6f663a4f-982b-4818-8ef1-f87730e40dcc\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T10:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"6f663a4f-982b-4818-8ef1-f87730e40dcc\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"177.190.65.151\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T11:00:50.1566901Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506971999999999_205da57b-4636-44f8-894e-3a78c60e78be\",\r\n \"name\": \"2518506971999999999_205da57b-4636-44f8-894e-3a78c60e78be\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-03T09:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with security scanner Matched Data: zmeu found within REQUEST_HEADERS:User-Agent: ZmEu\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"205da57b-4636-44f8-894e-3a78c60e78be\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"5\",\r\n \"source IPs\": \"202.111.175.134\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T10:00:37.6036112Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506971999999999_36d74c57-219a-48dd-9d85-8edf5dad9605\",\r\n \"name\": \"2518506971999999999_36d74c57-219a-48dd-9d85-8edf5dad9605\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T09:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 8)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"36d74c57-219a-48dd-9d85-8edf5dad9605\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"3\",\r\n \"source IPs\": \"176.32.33.80,202.111.175.134\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T10:00:37.6036112Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506971999999999_51794aa7-6274-4156-b321-a8404ec2c8a1\",\r\n \"name\": \"2518506971999999999_51794aa7-6274-4156-b321-a8404ec2c8a1\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T09:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 13)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"51794aa7-6274-4156-b321-a8404ec2c8a1\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"4\",\r\n \"source IPs\": \"202.111.175.134\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T10:00:36.6754928Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506971999999999_8fd280c9-d229-4ab0-b7c2-a1e6ed13d475\",\r\n \"name\": \"2518506971999999999_8fd280c9-d229-4ab0-b7c2-a1e6ed13d475\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T09:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"8fd280c9-d229-4ab0-b7c2-a1e6ed13d475\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"4\",\r\n \"source IPs\": \"202.111.175.134\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T10:00:37.6036112Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506971999999999_c5f9f5ef-e626-494f-af62-296e9a3aae90\",\r\n \"name\": \"2518506971999999999_c5f9f5ef-e626-494f-af62-296e9a3aae90\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T09:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"c5f9f5ef-e626-494f-af62-296e9a3aae90\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"3\",\r\n \"source IPs\": \"176.32.33.80,202.111.175.134\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T10:00:37.6036112Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506971999999999_f2c8d1c4-1673-484b-a6dd-83ba0f631030\",\r\n \"name\": \"2518506971999999999_f2c8d1c4-1673-484b-a6dd-83ba0f631030\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-03T09:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with scripting/generic HTTP client Matched Data: python-requests found within REQUEST_HEADERS:User-Agent: python-requests/2.6.0 CPython/2.7.5 Linux/3.10.0-957.1.3.el7.x86_64\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"f2c8d1c4-1673-484b-a6dd-83ba0f631030\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"3\",\r\n \"source IPs\": \"176.32.33.80,202.111.175.134\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T10:00:37.6036112Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507007999999999_d08f4e21-7e7a-4f55-8d05-c262b6ea7296\",\r\n \"name\": \"2518507007999999999_d08f4e21-7e7a-4f55-8d05-c262b6ea7296\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T08:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"d08f4e21-7e7a-4f55-8d05-c262b6ea7296\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"200.170.107.213\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T09:00:23.6177593Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507043999999999_4113b94b-e345-435c-9860-319263f7dd62\",\r\n \"name\": \"2518507043999999999_4113b94b-e345-435c-9860-319263f7dd62\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T07:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"4113b94b-e345-435c-9860-319263f7dd62\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"3\",\r\n \"source IPs\": \"185.53.88.120,177.95.121.11\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T08:00:08.812839Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507043999999999_61e42d8a-87ae-4aad-909c-c68cf39040d4\",\r\n \"name\": \"2518507043999999999_61e42d8a-87ae-4aad-909c-c68cf39040d4\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T07:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 5)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"61e42d8a-87ae-4aad-909c-c68cf39040d4\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"185.53.88.120\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T08:00:08.812839Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507043999999999_61fd9c97-c980-48c2-b39a-defed87af2a2\",\r\n \"name\": \"2518507043999999999_61fd9c97-c980-48c2-b39a-defed87af2a2\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T07:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"61fd9c97-c980-48c2-b39a-defed87af2a2\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"189.211.124.220\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T08:00:08.812839Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507079999999999_1b89d7cb-b586-4a38-ad61-75bbaebf2170\",\r\n \"name\": \"2518507079999999999_1b89d7cb-b586-4a38-ad61-75bbaebf2170\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-03T06:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with security scanner Matched Data: masscan found within REQUEST_HEADERS:User-Agent: masscan/1.0 (https://github.com/robertdavidgraham/masscan)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"1b89d7cb-b586-4a38-ad61-75bbaebf2170\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"185.165.169.28\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T07:00:54.0188006Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507079999999999_c2c1230a-f1d5-4fe1-9aa3-0a77e7299186\",\r\n \"name\": \"2518507079999999999_c2c1230a-f1d5-4fe1-9aa3-0a77e7299186\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T06:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 8)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"c2c1230a-f1d5-4fe1-9aa3-0a77e7299186\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"185.165.169.28\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T07:00:53.5777047Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507079999999999_eac52c76-659b-498e-91f5-525511b48ded\",\r\n \"name\": \"2518507079999999999_eac52c76-659b-498e-91f5-525511b48ded\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T06:00:00Z\",\r\n \"description\": \"Detail:Request Missing a Host Header\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"eac52c76-659b-498e-91f5-525511b48ded\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"185.165.169.28\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T07:00:54.0188006Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507115999999999_3f4c572d-c6c7-440c-84e7-7a3f4cd866af\",\r\n \"name\": \"2518507115999999999_3f4c572d-c6c7-440c-84e7-7a3f4cd866af\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T05:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"3f4c572d-c6c7-440c-84e7-7a3f4cd866af\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"191.19.210.54\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T06:00:38.331985Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507115999999999_537e6f2f-d393-4cdf-a530-3255b9cc34c9\",\r\n \"name\": \"2518507115999999999_537e6f2f-d393-4cdf-a530-3255b9cc34c9\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T05:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 8)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"537e6f2f-d393-4cdf-a530-3255b9cc34c9\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"176.32.33.80,106.75.63.218\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T06:00:38.8618086Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507115999999999_b291073d-47ad-4563-b5be-d3cc4955e3db\",\r\n \"name\": \"2518507115999999999_b291073d-47ad-4563-b5be-d3cc4955e3db\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-03T05:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with scripting/generic HTTP client Matched Data: python-requests found within REQUEST_HEADERS:User-Agent: python-requests/2.6.0 CPython/2.7.5 Linux/3.10.0-957.1.3.el7.x86_64\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"b291073d-47ad-4563-b5be-d3cc4955e3db\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T06:00:38.8618086Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507115999999999_c9b1c4e8-589e-4c7e-945f-ef107e422d0e\",\r\n \"name\": \"2518507115999999999_c9b1c4e8-589e-4c7e-945f-ef107e422d0e\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T05:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"c9b1c4e8-589e-4c7e-945f-ef107e422d0e\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"3\",\r\n \"source IPs\": \"176.32.33.80,106.75.63.218\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T06:00:38.8618086Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507151999999999_395b050b-039c-42ac-84eb-93d3e7faea3e\",\r\n \"name\": \"2518507151999999999_395b050b-039c-42ac-84eb-93d3e7faea3e\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T04:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"395b050b-039c-42ac-84eb-93d3e7faea3e\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"82.227.32.4\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T05:00:24.7267003Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507151999999999_6db5bd58-9d70-42c8-b0c1-723f6cd5b8e7\",\r\n \"name\": \"2518507151999999999_6db5bd58-9d70-42c8-b0c1-723f6cd5b8e7\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T04:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 5)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"6db5bd58-9d70-42c8-b0c1-723f6cd5b8e7\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"82.227.32.4\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T05:00:24.2392146Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507223999999999_ee9ccd4a-9ffe-4674-93a3-8dce991f38ab\",\r\n \"name\": \"2518507223999999999_ee9ccd4a-9ffe-4674-93a3-8dce991f38ab\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T02:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"ee9ccd4a-9ffe-4674-93a3-8dce991f38ab\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"3\",\r\n \"source IPs\": \"46.201.249.7,91.192.33.145,95.133.40.164\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T03:00:56.5825657Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507295999999999_4fe4d5bf-6672-490d-b840-051c7f68b697\",\r\n \"name\": \"2518507295999999999_4fe4d5bf-6672-490d-b840-051c7f68b697\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T00:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 5)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"4fe4d5bf-6672-490d-b840-051c7f68b697\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"61.62.156.174\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T01:00:28.5948373Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507295999999999_863f36fb-20ad-45d2-9063-2a07be7f4d5f\",\r\n \"name\": \"2518507295999999999_863f36fb-20ad-45d2-9063-2a07be7f4d5f\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T00:00:00Z\",\r\n \"description\": \"Detail:Request Missing a Host Header\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"863f36fb-20ad-45d2-9063-2a07be7f4d5f\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"61.62.156.174\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T01:00:29.0871558Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507331999999999_3462bbf4-9200-4fdc-871c-01f2eb234c84\",\r\n \"name\": \"2518507331999999999_3462bbf4-9200-4fdc-871c-01f2eb234c84\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-02T23:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"3462bbf4-9200-4fdc-871c-01f2eb234c84\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"3\",\r\n \"source IPs\": \"179.110.96.144,95.85.11.140,185.219.135.195\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T00:00:16.354891Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507331999999999_99ba6c6b-501a-41df-a80a-d3c5fddff4e1\",\r\n \"name\": \"2518507331999999999_99ba6c6b-501a-41df-a80a-d3c5fddff4e1\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-02T23:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"99ba6c6b-501a-41df-a80a-d3c5fddff4e1\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"185.219.135.195\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T00:00:15.8819814Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507403999999999_7f0e0ee0-50f0-4f6d-87f6-3a386629e3ee\",\r\n \"name\": \"2518507403999999999_7f0e0ee0-50f0-4f6d-87f6-3a386629e3ee\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-02T21:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"7f0e0ee0-50f0-4f6d-87f6-3a386629e3ee\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"1.245.46.34,200.207.141.250\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-02T22:00:38.1461713Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507403999999999_b8d1e867-333f-4776-bfb1-23dc9d0f3883\",\r\n \"name\": \"2518507403999999999_b8d1e867-333f-4776-bfb1-23dc9d0f3883\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-02T21:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"b8d1e867-333f-4776-bfb1-23dc9d0f3883\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"42.51.32.9,200.207.141.250\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-02T22:00:38.6594318Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507439999999999_1b54ab81-5ca3-4ea0-a706-38112361afaa\",\r\n \"name\": \"2518507439999999999_1b54ab81-5ca3-4ea0-a706-38112361afaa\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-02T20:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with security scanner Matched Data: nmap scripting engine found within REQUEST_HEADERS:User-Agent: Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"bc09060f-3280-4734-a595-310679b63b8f.cloudapp.net\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"1b54ab81-5ca3-4ea0-a706-38112361afaa\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"16\",\r\n \"source IPs\": \"52.183.32.182\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-02T21:00:26.0576367Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507439999999999_3e947bdc-233d-4de1-8031-2038a4d74620\",\r\n \"name\": \"2518507439999999999_3e947bdc-233d-4de1-8031-2038a4d74620\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-02T20:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with security scanner Matched Data: nmap scripting engine found within REQUEST_HEADERS:User-Agent: Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"bc09060f-3280-4734-a595-310679b63b8f.cloudapp.net\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"3e947bdc-233d-4de1-8031-2038a4d74620\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"17\",\r\n \"source IPs\": \"52.183.32.182\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-02T21:00:26.0576367Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n }\r\n ],\r\n \"nextLink\": \"https://management.azure.com/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/providers/Microsoft.Security/alerts?api-version=2019-01-01&%24skiptoken=TY%2fLbqMwAEX%2fhcXsCDYBEkeqRmpqmKQFUmMbys482jjhNdhpIFX%2ffTLSLEa6u3N1ru6X0dWTfpHdWRmbLyPFCcWMxAdsbIyj1oPaWFYrOvFRt3WnF%2bJ2GetF2bcbx1la6lKocpSDln2nLGe9Kgpn7ZqFWwDTWcHaRCWoTAhWcOVB%2b33tIWsY%2b09Z1aOyQlmOverf9SKpy8so9WyJph61%2bikGaX7eK3frgw0gMgG854c6y4H257p7qOd9nGdHwAJ%2froIGiBRdEpu7u1MvwwSDeOvHJChvaQr3IUaYZyQXTT5QFl5D7HqknUIeTL8pq0iFIXulUcSDcKacPBcM4ZQy%2bbL9t9Gi5X%2fuZST9SDTcoYDwCrgey4YDDxSkkIwRQ0zc%2bIGfPmaaDWfxl9N9%2fHrze9pUzwJPjLUwFo0PUk6U4MNT%2bPQYccxA2pB9yNAv1uqI%2b0zv5FXSljuVT45v7dTQ1td5svOKjqtie5X8%2fj23OaABOr1lZChsR8anR2R8f%2f8B\"\r\n}",
+ "ResponseBody": "{\r\n \"value\": [\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Security/locations/westeurope/alerts/2518136982923187680_ef6aa4e6-9c60-4405-8f08-f465e8e50cd2\",\r\n \"name\": \"2518136982923187680_ef6aa4e6-9c60-4405-8f08-f465e8e50cd2\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft\",\r\n \"alertDisplayName\": \"Azure Security Center test alert (not a threat)\",\r\n \"alertName\": \"VM_EICAR\",\r\n \"detectedTimeUtc\": \"2020-05-04T14:28:27.6812319Z\",\r\n \"description\": \"This is a test alert generated by Azure Security Center. No further action is needed.\",\r\n \"remediationSteps\": \"No further action is needed.\",\r\n \"actionTaken\": \"Undefined\",\r\n \"reportedSeverity\": \"High\",\r\n \"compromisedEntity\": \"ALERTSTEST\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"ef6aa4e6-9c60-4405-8f08-f465e8e50cd2\",\r\n \"extendedProperties\": {\r\n \"compromised Host\": \"ALERTSTEST\",\r\n \"user Name\": \"WORKGROUP\\\\alertsTest$\",\r\n \"account Session Id\": \"0x3e7\",\r\n \"suspicious Process\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe\",\r\n \"suspicious Command Line\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"parent Process\": \"c:\\\\windows\\\\system32\\\\svchost.exe\",\r\n \"suspicious Process Id\": \"0x688\",\r\n \"arguments Auditing Enabled\": \"true\",\r\n \"enrichment_tas_threat__reports\": \"{\\\"Kind\\\":\\\"MultiLink\\\",\\\"DisplayValueToUrlDictionary\\\":{\\\"Report: EICAR File\\\":\\\"https://interflowwebportalext.trafficmanager.net/reports/DisplayReport?callerIdentity=ddd5443d-e6f4-441c-b52b-5278d2f21dfa&reportCreateDateTime=2020-05-04T09%3a13%3a05&reportName=MSTI-TS-EICAR-File.pdf&tenantId=387eb67f-0039-43ad-81b9-b66c6c0b1951&urlCreateDateTime=2020-05-04T09%3a13%3a05&token=aRLLv1q8UI%20eVn54OVy%20WbqcH7H9dSGDUOuWywymCrQ=\\\"}}\",\r\n \"resourceType\": \"Virtual Machine\"\r\n },\r\n \"state\": \"Dismissed\",\r\n \"reportedTimeUtc\": \"2020-05-04T14:29:05.5983077Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/mainws/providers/microsoft.operationalinsights/workspaces/securityuserws\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": [\r\n {\r\n \"$id\": \"westeurope_1\",\r\n \"dnsDomain\": \"\",\r\n \"ntDomain\": \"\",\r\n \"hostName\": \"ALERTSTEST\",\r\n \"netBiosName\": \"ALERTSTEST\",\r\n \"azureID\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"omsAgentID\": \"6bc4f1df-17e1-40f0-8227-f1635aea54dd\",\r\n \"osFamily\": \"Windows\",\r\n \"osVersion\": \"Windows\",\r\n \"isDomainJoined\": false,\r\n \"type\": \"host\"\r\n },\r\n {\r\n \"$id\": \"westeurope_2\",\r\n \"directory\": \"c:\\\\windows\\\\system32\",\r\n \"name\": \"svchost.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_3\",\r\n \"processId\": \"0x6ec\",\r\n \"commandLine\": \"\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_2\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_1\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_4\",\r\n \"name\": \"alertsTest$\",\r\n \"ntDomain\": \"WORKGROUP\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_1\"\r\n },\r\n \"sid\": \"S-1-5-18\",\r\n \"isDomainJoined\": true,\r\n \"type\": \"account\",\r\n \"LogonId\": \"0x3e7\"\r\n },\r\n {\r\n \"$id\": \"westeurope_5\",\r\n \"directory\": \"c:\\\\scripts\",\r\n \"name\": \"asc_alerttest_662jfi039n.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_6\",\r\n \"processId\": \"0x688\",\r\n \"commandLine\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"elevationToken\": \"Default\",\r\n \"creationTimeUtc\": \"2020-05-04T14:28:27.6812319Z\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_5\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_4\"\r\n },\r\n \"parentProcess\": {\r\n \"$ref\": \"westeurope_3\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_1\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_7\",\r\n \"sessionId\": \"0x3e7\",\r\n \"startTimeUtc\": \"2020-05-04T14:28:27.6812319Z\",\r\n \"endTimeUtc\": \"2020-05-04T14:28:27.6812319Z\",\r\n \"type\": \"host-logon-session\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_1\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_4\"\r\n }\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Security/locations/westeurope/alerts/2518137000923212703_d25bac04-7492-4ece-9d75-7a377d74d833\",\r\n \"name\": \"2518137000923212703_d25bac04-7492-4ece-9d75-7a377d74d833\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft\",\r\n \"alertDisplayName\": \"Azure Security Center test alert (not a threat)\",\r\n \"alertName\": \"VM_EICAR\",\r\n \"detectedTimeUtc\": \"2020-05-04T13:58:27.6787296Z\",\r\n \"description\": \"This is a test alert generated by Azure Security Center. No further action is needed.\",\r\n \"remediationSteps\": \"No further action is needed.\",\r\n \"actionTaken\": \"Undefined\",\r\n \"reportedSeverity\": \"High\",\r\n \"compromisedEntity\": \"ALERTSTEST\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"d25bac04-7492-4ece-9d75-7a377d74d833\",\r\n \"extendedProperties\": {\r\n \"compromised Host\": \"ALERTSTEST\",\r\n \"user Name\": \"WORKGROUP\\\\alertsTest$\",\r\n \"account Session Id\": \"0x3e7\",\r\n \"suspicious Process\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe\",\r\n \"suspicious Command Line\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"parent Process\": \"c:\\\\windows\\\\system32\\\\svchost.exe\",\r\n \"suspicious Process Id\": \"0x1c7c\",\r\n \"arguments Auditing Enabled\": \"true\",\r\n \"enrichment_tas_threat__reports\": \"{\\\"Kind\\\":\\\"MultiLink\\\",\\\"DisplayValueToUrlDictionary\\\":{\\\"Report: EICAR File\\\":\\\"https://interflowwebportalext.trafficmanager.net/reports/DisplayReport?callerIdentity=ddd5443d-e6f4-441c-b52b-5278d2f21dfa&reportCreateDateTime=2020-05-04T09%3a13%3a05&reportName=MSTI-TS-EICAR-File.pdf&tenantId=387eb67f-0039-43ad-81b9-b66c6c0b1951&urlCreateDateTime=2020-05-04T09%3a13%3a05&token=aRLLv1q8UI%20eVn54OVy%20WbqcH7H9dSGDUOuWywymCrQ=\\\"}}\",\r\n \"resourceType\": \"Virtual Machine\"\r\n },\r\n \"state\": \"Dismissed\",\r\n \"reportedTimeUtc\": \"2020-05-04T13:58:34.2198556Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/mainws/providers/microsoft.operationalinsights/workspaces/securityuserws\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": [\r\n {\r\n \"$id\": \"westeurope_8\",\r\n \"dnsDomain\": \"\",\r\n \"ntDomain\": \"\",\r\n \"hostName\": \"ALERTSTEST\",\r\n \"netBiosName\": \"ALERTSTEST\",\r\n \"azureID\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"omsAgentID\": \"6bc4f1df-17e1-40f0-8227-f1635aea54dd\",\r\n \"osFamily\": \"Windows\",\r\n \"osVersion\": \"Windows\",\r\n \"isDomainJoined\": false,\r\n \"type\": \"host\"\r\n },\r\n {\r\n \"$id\": \"westeurope_9\",\r\n \"directory\": \"c:\\\\windows\\\\system32\",\r\n \"name\": \"svchost.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_10\",\r\n \"processId\": \"0x6ec\",\r\n \"commandLine\": \"\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_9\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_8\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_11\",\r\n \"name\": \"alertsTest$\",\r\n \"ntDomain\": \"WORKGROUP\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_8\"\r\n },\r\n \"sid\": \"S-1-5-18\",\r\n \"isDomainJoined\": true,\r\n \"type\": \"account\",\r\n \"LogonId\": \"0x3e7\"\r\n },\r\n {\r\n \"$id\": \"westeurope_12\",\r\n \"directory\": \"c:\\\\scripts\",\r\n \"name\": \"asc_alerttest_662jfi039n.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_13\",\r\n \"processId\": \"0x1c7c\",\r\n \"commandLine\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"elevationToken\": \"Default\",\r\n \"creationTimeUtc\": \"2020-05-04T13:58:27.6787296Z\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_12\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_11\"\r\n },\r\n \"parentProcess\": {\r\n \"$ref\": \"westeurope_10\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_8\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_14\",\r\n \"sessionId\": \"0x3e7\",\r\n \"startTimeUtc\": \"2020-05-04T13:58:27.6787296Z\",\r\n \"endTimeUtc\": \"2020-05-04T13:58:27.6787296Z\",\r\n \"type\": \"host-logon-session\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_8\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_11\"\r\n }\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Security/locations/westeurope/alerts/2518137018913138372_93d99441-2eff-436e-ab25-0307b3484bb4\",\r\n \"name\": \"2518137018913138372_93d99441-2eff-436e-ab25-0307b3484bb4\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft\",\r\n \"alertDisplayName\": \"Azure Security Center test alert (not a threat)\",\r\n \"alertName\": \"VM_EICAR\",\r\n \"detectedTimeUtc\": \"2020-05-04T13:28:28.6861627Z\",\r\n \"description\": \"This is a test alert generated by Azure Security Center. No further action is needed.\",\r\n \"remediationSteps\": \"No further action is needed.\",\r\n \"actionTaken\": \"Undefined\",\r\n \"reportedSeverity\": \"High\",\r\n \"compromisedEntity\": \"ALERTSTEST\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"93d99441-2eff-436e-ab25-0307b3484bb4\",\r\n \"extendedProperties\": {\r\n \"compromised Host\": \"ALERTSTEST\",\r\n \"user Name\": \"WORKGROUP\\\\alertsTest$\",\r\n \"account Session Id\": \"0x3e7\",\r\n \"suspicious Process\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe\",\r\n \"suspicious Command Line\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"parent Process\": \"c:\\\\windows\\\\system32\\\\svchost.exe\",\r\n \"suspicious Process Id\": \"0x122c\",\r\n \"arguments Auditing Enabled\": \"true\",\r\n \"enrichment_tas_threat__reports\": \"{\\\"Kind\\\":\\\"MultiLink\\\",\\\"DisplayValueToUrlDictionary\\\":{\\\"Report: EICAR File\\\":\\\"https://interflowwebportalext.trafficmanager.net/reports/DisplayReport?callerIdentity=ddd5443d-e6f4-441c-b52b-5278d2f21dfa&reportCreateDateTime=2020-05-04T08%3a32%3a57&reportName=MSTI-TS-EICAR-File.pdf&tenantId=1c68e967-70a6-4cda-a34b-6d281cffe06e&urlCreateDateTime=2020-05-04T08%3a32%3a57&token=s7wyF62JLdEde8/SccnrGqIJxUOajFUpTETdhi3lCyY=\\\"}}\",\r\n \"resourceType\": \"Virtual Machine\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2020-05-04T13:28:59.9528247Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/mainws/providers/microsoft.operationalinsights/workspaces/securityuserws\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": [\r\n {\r\n \"$id\": \"westeurope_15\",\r\n \"dnsDomain\": \"\",\r\n \"ntDomain\": \"\",\r\n \"hostName\": \"ALERTSTEST\",\r\n \"netBiosName\": \"ALERTSTEST\",\r\n \"azureID\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"omsAgentID\": \"6bc4f1df-17e1-40f0-8227-f1635aea54dd\",\r\n \"osFamily\": \"Windows\",\r\n \"osVersion\": \"Windows\",\r\n \"isDomainJoined\": false,\r\n \"type\": \"host\"\r\n },\r\n {\r\n \"$id\": \"westeurope_16\",\r\n \"directory\": \"c:\\\\windows\\\\system32\",\r\n \"name\": \"svchost.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_17\",\r\n \"processId\": \"0x6ec\",\r\n \"commandLine\": \"\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_16\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_15\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_18\",\r\n \"name\": \"alertsTest$\",\r\n \"ntDomain\": \"WORKGROUP\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_15\"\r\n },\r\n \"sid\": \"S-1-5-18\",\r\n \"isDomainJoined\": true,\r\n \"type\": \"account\",\r\n \"LogonId\": \"0x3e7\"\r\n },\r\n {\r\n \"$id\": \"westeurope_19\",\r\n \"directory\": \"c:\\\\scripts\",\r\n \"name\": \"asc_alerttest_662jfi039n.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_20\",\r\n \"processId\": \"0x122c\",\r\n \"commandLine\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"elevationToken\": \"Default\",\r\n \"creationTimeUtc\": \"2020-05-04T13:28:28.6861627Z\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_19\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_18\"\r\n },\r\n \"parentProcess\": {\r\n \"$ref\": \"westeurope_17\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_15\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_21\",\r\n \"sessionId\": \"0x3e7\",\r\n \"startTimeUtc\": \"2020-05-04T13:28:28.6861627Z\",\r\n \"endTimeUtc\": \"2020-05-04T13:28:28.6861627Z\",\r\n \"type\": \"host-logon-session\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_15\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_18\"\r\n }\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Security/locations/westeurope/alerts/2518137035665338254_a345cb85-18aa-4d14-9293-e4d2ba15cb9d\",\r\n \"name\": \"2518137035665338254_a345cb85-18aa-4d14-9293-e4d2ba15cb9d\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft\",\r\n \"alertDisplayName\": \"Azure Security Center test alert (not a threat)\",\r\n \"alertName\": \"VM_EICAR\",\r\n \"detectedTimeUtc\": \"2020-05-04T13:00:33.4661745Z\",\r\n \"description\": \"This is a test alert generated by Azure Security Center. No further action is needed.\",\r\n \"remediationSteps\": \"No further action is needed.\",\r\n \"actionTaken\": \"Undefined\",\r\n \"reportedSeverity\": \"High\",\r\n \"compromisedEntity\": \"ALERTSTEST\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"a345cb85-18aa-4d14-9293-e4d2ba15cb9d\",\r\n \"extendedProperties\": {\r\n \"compromised Host\": \"ALERTSTEST\",\r\n \"user Name\": \"WORKGROUP\\\\alertsTest$\",\r\n \"account Session Id\": \"0x3e7\",\r\n \"suspicious Process\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe\",\r\n \"suspicious Command Line\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"parent Process\": \"c:\\\\windows\\\\system32\\\\svchost.exe\",\r\n \"suspicious Process Id\": \"0xe38\",\r\n \"arguments Auditing Enabled\": \"true\",\r\n \"enrichment_tas_threat__reports\": \"{\\\"Kind\\\":\\\"MultiLink\\\",\\\"DisplayValueToUrlDictionary\\\":{\\\"Report: EICAR File\\\":\\\"https://interflowwebportalext.trafficmanager.net/reports/DisplayReport?callerIdentity=ddd5443d-e6f4-441c-b52b-5278d2f21dfa&reportCreateDateTime=2020-05-04T09%3a13%3a05&reportName=MSTI-TS-EICAR-File.pdf&tenantId=387eb67f-0039-43ad-81b9-b66c6c0b1951&urlCreateDateTime=2020-05-04T09%3a13%3a05&token=aRLLv1q8UI%20eVn54OVy%20WbqcH7H9dSGDUOuWywymCrQ=\\\"}}\",\r\n \"resourceType\": \"Virtual Machine\"\r\n },\r\n \"state\": \"Dismissed\",\r\n \"reportedTimeUtc\": \"2020-05-04T13:00:37.889087Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/mainws/providers/microsoft.operationalinsights/workspaces/securityuserws\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": [\r\n {\r\n \"$id\": \"westeurope_22\",\r\n \"dnsDomain\": \"\",\r\n \"ntDomain\": \"\",\r\n \"hostName\": \"ALERTSTEST\",\r\n \"netBiosName\": \"ALERTSTEST\",\r\n \"azureID\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"omsAgentID\": \"6bc4f1df-17e1-40f0-8227-f1635aea54dd\",\r\n \"osFamily\": \"Windows\",\r\n \"osVersion\": \"Windows\",\r\n \"isDomainJoined\": false,\r\n \"type\": \"host\"\r\n },\r\n {\r\n \"$id\": \"westeurope_23\",\r\n \"directory\": \"c:\\\\windows\\\\system32\",\r\n \"name\": \"svchost.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_24\",\r\n \"processId\": \"0x6ec\",\r\n \"commandLine\": \"\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_23\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_22\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_25\",\r\n \"name\": \"alertsTest$\",\r\n \"ntDomain\": \"WORKGROUP\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_22\"\r\n },\r\n \"sid\": \"S-1-5-18\",\r\n \"isDomainJoined\": true,\r\n \"type\": \"account\",\r\n \"LogonId\": \"0x3e7\"\r\n },\r\n {\r\n \"$id\": \"westeurope_26\",\r\n \"directory\": \"c:\\\\scripts\",\r\n \"name\": \"asc_alerttest_662jfi039n.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_27\",\r\n \"processId\": \"0xe38\",\r\n \"commandLine\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"elevationToken\": \"Default\",\r\n \"creationTimeUtc\": \"2020-05-04T13:00:33.4661745Z\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_26\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_25\"\r\n },\r\n \"parentProcess\": {\r\n \"$ref\": \"westeurope_24\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_22\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_28\",\r\n \"sessionId\": \"0x3e7\",\r\n \"startTimeUtc\": \"2020-05-04T13:00:33.4661745Z\",\r\n \"endTimeUtc\": \"2020-05-04T13:00:33.4661745Z\",\r\n \"type\": \"host-logon-session\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_22\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_25\"\r\n }\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Security/locations/westeurope/alerts/2518137036458453383_d763b77f-129c-4e95-af39-5c4b4c411b5b\",\r\n \"name\": \"2518137036458453383_d763b77f-129c-4e95-af39-5c4b4c411b5b\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft\",\r\n \"alertDisplayName\": \"Azure Security Center test alert (not a threat)\",\r\n \"alertName\": \"VM_EICAR\",\r\n \"detectedTimeUtc\": \"2020-05-04T12:59:14.1546616Z\",\r\n \"description\": \"This is a test alert generated by Azure Security Center. No further action is needed.\",\r\n \"remediationSteps\": \"No further action is needed.\",\r\n \"actionTaken\": \"Undefined\",\r\n \"reportedSeverity\": \"High\",\r\n \"compromisedEntity\": \"ALERTSTEST\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"d763b77f-129c-4e95-af39-5c4b4c411b5b\",\r\n \"extendedProperties\": {\r\n \"compromised Host\": \"ALERTSTEST\",\r\n \"user Name\": \"WORKGROUP\\\\alertsTest$\",\r\n \"account Session Id\": \"0x3e7\",\r\n \"suspicious Process\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe\",\r\n \"suspicious Command Line\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"parent Process\": \"c:\\\\windows\\\\system32\\\\svchost.exe\",\r\n \"suspicious Process Id\": \"0xe7c\",\r\n \"arguments Auditing Enabled\": \"true\",\r\n \"enrichment_tas_threat__reports\": \"{\\\"Kind\\\":\\\"MultiLink\\\",\\\"DisplayValueToUrlDictionary\\\":{\\\"Report: EICAR File\\\":\\\"https://interflowwebportalext.trafficmanager.net/reports/DisplayReport?callerIdentity=ddd5443d-e6f4-441c-b52b-5278d2f21dfa&reportCreateDateTime=2020-05-04T08%3a32%3a57&reportName=MSTI-TS-EICAR-File.pdf&tenantId=1c68e967-70a6-4cda-a34b-6d281cffe06e&urlCreateDateTime=2020-05-04T08%3a32%3a57&token=s7wyF62JLdEde8/SccnrGqIJxUOajFUpTETdhi3lCyY=\\\"}}\",\r\n \"resourceType\": \"Virtual Machine\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2020-05-04T12:59:35.6273663Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/mainws/providers/microsoft.operationalinsights/workspaces/securityuserws\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": [\r\n {\r\n \"$id\": \"westeurope_29\",\r\n \"dnsDomain\": \"\",\r\n \"ntDomain\": \"\",\r\n \"hostName\": \"ALERTSTEST\",\r\n \"netBiosName\": \"ALERTSTEST\",\r\n \"azureID\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"omsAgentID\": \"6bc4f1df-17e1-40f0-8227-f1635aea54dd\",\r\n \"osFamily\": \"Windows\",\r\n \"osVersion\": \"Windows\",\r\n \"isDomainJoined\": false,\r\n \"type\": \"host\"\r\n },\r\n {\r\n \"$id\": \"westeurope_30\",\r\n \"directory\": \"c:\\\\windows\\\\system32\",\r\n \"name\": \"svchost.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_31\",\r\n \"processId\": \"0x6ec\",\r\n \"commandLine\": \"\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_30\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_29\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_32\",\r\n \"name\": \"alertsTest$\",\r\n \"ntDomain\": \"WORKGROUP\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_29\"\r\n },\r\n \"sid\": \"S-1-5-18\",\r\n \"isDomainJoined\": true,\r\n \"type\": \"account\",\r\n \"LogonId\": \"0x3e7\"\r\n },\r\n {\r\n \"$id\": \"westeurope_33\",\r\n \"directory\": \"c:\\\\scripts\",\r\n \"name\": \"asc_alerttest_662jfi039n.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_34\",\r\n \"processId\": \"0xe7c\",\r\n \"commandLine\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"elevationToken\": \"Default\",\r\n \"creationTimeUtc\": \"2020-05-04T12:59:14.1546616Z\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_33\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_32\"\r\n },\r\n \"parentProcess\": {\r\n \"$ref\": \"westeurope_31\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_29\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_35\",\r\n \"sessionId\": \"0x3e7\",\r\n \"startTimeUtc\": \"2020-05-04T12:59:14.1546616Z\",\r\n \"endTimeUtc\": \"2020-05-04T12:59:14.1546616Z\",\r\n \"type\": \"host-logon-session\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_29\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_32\"\r\n }\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Security/locations/westeurope/alerts/2518137036914144805_a3d0999b-cdfc-41d9-9d28-ee1335f03081\",\r\n \"name\": \"2518137036914144805_a3d0999b-cdfc-41d9-9d28-ee1335f03081\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft\",\r\n \"alertDisplayName\": \"Azure Security Center test alert (not a threat)\",\r\n \"alertName\": \"VM_EICAR\",\r\n \"detectedTimeUtc\": \"2020-05-04T12:58:28.5855194Z\",\r\n \"description\": \"This is a test alert generated by Azure Security Center. No further action is needed.\",\r\n \"remediationSteps\": \"No further action is needed.\",\r\n \"actionTaken\": \"Undefined\",\r\n \"reportedSeverity\": \"High\",\r\n \"compromisedEntity\": \"ALERTSTEST\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"a3d0999b-cdfc-41d9-9d28-ee1335f03081\",\r\n \"extendedProperties\": {\r\n \"compromised Host\": \"ALERTSTEST\",\r\n \"user Name\": \"WORKGROUP\\\\alertsTest$\",\r\n \"account Session Id\": \"0x3e7\",\r\n \"suspicious Process\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe\",\r\n \"suspicious Command Line\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"parent Process\": \"c:\\\\windows\\\\system32\\\\svchost.exe\",\r\n \"suspicious Process Id\": \"0xfac\",\r\n \"arguments Auditing Enabled\": \"true\",\r\n \"enrichment_tas_threat__reports\": \"{\\\"Kind\\\":\\\"MultiLink\\\",\\\"DisplayValueToUrlDictionary\\\":{\\\"Report: EICAR File\\\":\\\"https://interflowwebportalext.trafficmanager.net/reports/DisplayReport?callerIdentity=ddd5443d-e6f4-441c-b52b-5278d2f21dfa&reportCreateDateTime=2020-05-04T09%3a23%3a00&reportName=MSTI-TS-EICAR-File.pdf&tenantId=b11492db-77a6-4ec0-9ff7-17b6ba420e1e&urlCreateDateTime=2020-05-04T09%3a23%3a00&token=XhSuWhrbEKAk2sXS1TcK0SVTLOehFDirzLCUSUoWPL4=\\\"}}\",\r\n \"resourceType\": \"Virtual Machine\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2020-05-04T12:58:46.4927078Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/mainws/providers/microsoft.operationalinsights/workspaces/securityuserws\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": [\r\n {\r\n \"$id\": \"westeurope_36\",\r\n \"dnsDomain\": \"\",\r\n \"ntDomain\": \"\",\r\n \"hostName\": \"ALERTSTEST\",\r\n \"netBiosName\": \"ALERTSTEST\",\r\n \"azureID\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"omsAgentID\": \"6bc4f1df-17e1-40f0-8227-f1635aea54dd\",\r\n \"osFamily\": \"Windows\",\r\n \"osVersion\": \"Windows\",\r\n \"isDomainJoined\": false,\r\n \"type\": \"host\"\r\n },\r\n {\r\n \"$id\": \"westeurope_37\",\r\n \"directory\": \"c:\\\\windows\\\\system32\",\r\n \"name\": \"svchost.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_38\",\r\n \"processId\": \"0x6ec\",\r\n \"commandLine\": \"\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_37\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_36\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_39\",\r\n \"name\": \"alertsTest$\",\r\n \"ntDomain\": \"WORKGROUP\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_36\"\r\n },\r\n \"sid\": \"S-1-5-18\",\r\n \"isDomainJoined\": true,\r\n \"type\": \"account\",\r\n \"LogonId\": \"0x3e7\"\r\n },\r\n {\r\n \"$id\": \"westeurope_40\",\r\n \"directory\": \"c:\\\\scripts\",\r\n \"name\": \"asc_alerttest_662jfi039n.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_41\",\r\n \"processId\": \"0xfac\",\r\n \"commandLine\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"elevationToken\": \"Default\",\r\n \"creationTimeUtc\": \"2020-05-04T12:58:28.5855194Z\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_40\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_39\"\r\n },\r\n \"parentProcess\": {\r\n \"$ref\": \"westeurope_38\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_36\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_42\",\r\n \"sessionId\": \"0x3e7\",\r\n \"startTimeUtc\": \"2020-05-04T12:58:28.5855194Z\",\r\n \"endTimeUtc\": \"2020-05-04T12:58:28.5855194Z\",\r\n \"type\": \"host-logon-session\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_36\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_39\"\r\n }\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Security/locations/westeurope/alerts/2518137037321194617_adafe5f0-ade9-47b4-86f3-3155038827f6\",\r\n \"name\": \"2518137037321194617_adafe5f0-ade9-47b4-86f3-3155038827f6\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft\",\r\n \"alertDisplayName\": \"Azure Security Center test alert (not a threat)\",\r\n \"alertName\": \"VM_EICAR\",\r\n \"detectedTimeUtc\": \"2020-05-04T12:57:47.8805382Z\",\r\n \"description\": \"This is a test alert generated by Azure Security Center. No further action is needed.\",\r\n \"remediationSteps\": \"No further action is needed.\",\r\n \"actionTaken\": \"Undefined\",\r\n \"reportedSeverity\": \"High\",\r\n \"compromisedEntity\": \"ALERTSTEST\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"adafe5f0-ade9-47b4-86f3-3155038827f6\",\r\n \"extendedProperties\": {\r\n \"compromised Host\": \"ALERTSTEST\",\r\n \"user Name\": \"WORKGROUP\\\\alertsTest$\",\r\n \"account Session Id\": \"0x3e7\",\r\n \"suspicious Process\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe\",\r\n \"suspicious Command Line\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"parent Process\": \"c:\\\\windows\\\\system32\\\\svchost.exe\",\r\n \"suspicious Process Id\": \"0x1d50\",\r\n \"arguments Auditing Enabled\": \"true\",\r\n \"enrichment_tas_threat__reports\": \"{\\\"Kind\\\":\\\"MultiLink\\\",\\\"DisplayValueToUrlDictionary\\\":{\\\"Report: EICAR File\\\":\\\"https://interflowwebportalext.trafficmanager.net/reports/DisplayReport?callerIdentity=ddd5443d-e6f4-441c-b52b-5278d2f21dfa&reportCreateDateTime=2020-05-04T08%3a32%3a57&reportName=MSTI-TS-EICAR-File.pdf&tenantId=1c68e967-70a6-4cda-a34b-6d281cffe06e&urlCreateDateTime=2020-05-04T08%3a32%3a57&token=s7wyF62JLdEde8/SccnrGqIJxUOajFUpTETdhi3lCyY=\\\"}}\",\r\n \"resourceType\": \"Virtual Machine\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2020-05-04T12:57:53.7990186Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/mainws/providers/microsoft.operationalinsights/workspaces/securityuserws\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": [\r\n {\r\n \"$id\": \"westeurope_43\",\r\n \"dnsDomain\": \"\",\r\n \"ntDomain\": \"\",\r\n \"hostName\": \"ALERTSTEST\",\r\n \"netBiosName\": \"ALERTSTEST\",\r\n \"azureID\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"omsAgentID\": \"6bc4f1df-17e1-40f0-8227-f1635aea54dd\",\r\n \"osFamily\": \"Windows\",\r\n \"osVersion\": \"Windows\",\r\n \"isDomainJoined\": false,\r\n \"type\": \"host\"\r\n },\r\n {\r\n \"$id\": \"westeurope_44\",\r\n \"directory\": \"c:\\\\windows\\\\system32\",\r\n \"name\": \"svchost.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_45\",\r\n \"processId\": \"0x6ec\",\r\n \"commandLine\": \"\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_44\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_43\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_46\",\r\n \"name\": \"alertsTest$\",\r\n \"ntDomain\": \"WORKGROUP\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_43\"\r\n },\r\n \"sid\": \"S-1-5-18\",\r\n \"isDomainJoined\": true,\r\n \"type\": \"account\",\r\n \"LogonId\": \"0x3e7\"\r\n },\r\n {\r\n \"$id\": \"westeurope_47\",\r\n \"directory\": \"c:\\\\scripts\",\r\n \"name\": \"asc_alerttest_662jfi039n.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_48\",\r\n \"processId\": \"0x1d50\",\r\n \"commandLine\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"elevationToken\": \"Default\",\r\n \"creationTimeUtc\": \"2020-05-04T12:57:47.8805382Z\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_47\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_46\"\r\n },\r\n \"parentProcess\": {\r\n \"$ref\": \"westeurope_45\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_43\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_49\",\r\n \"sessionId\": \"0x3e7\",\r\n \"startTimeUtc\": \"2020-05-04T12:57:47.8805382Z\",\r\n \"endTimeUtc\": \"2020-05-04T12:57:47.8805382Z\",\r\n \"type\": \"host-logon-session\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_43\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_46\"\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n}",
"StatusCode": 200
},
{
- "RequestUri": "/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/rg/providers/Microsoft.Security/locations/centralus/alerts?api-version=2019-01-01",
- "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvNDg3YmI0ODUtYjViMC00NzFlLTljMGQtMTA3MTc2MTJmODY5L3Jlc291cmNlR3JvdXBzL3JnL3Byb3ZpZGVycy9NaWNyb3NvZnQuU2VjdXJpdHkvbG9jYXRpb25zL2NlbnRyYWx1cy9hbGVydHM/YXBpLXZlcnNpb249MjAxOS0wMS0wMQ==",
+ "RequestUri": "/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Security/locations/westeurope/alerts?api-version=2019-01-01",
+ "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvNDg3YmI0ODUtYjViMC00NzFlLTljMGQtMTA3MTc2MTJmODY5L3Jlc291cmNlR3JvdXBzL3Rha2xlaS9wcm92aWRlcnMvTWljcm9zb2Z0LlNlY3VyaXR5L2xvY2F0aW9ucy93ZXN0ZXVyb3BlL2FsZXJ0cz9hcGktdmVyc2lvbj0yMDE5LTAxLTAx",
"RequestMethod": "GET",
"RequestBody": "",
"RequestHeaders": {
"x-ms-client-request-id": [
- "653ad201-2370-4b04-b7eb-6db9165143d9"
+ "4f2b40f0-93a6-460c-aa11-e0ec0511805f"
],
"accept-language": [
"en-US"
@@ -79,8 +79,8 @@
"User-Agent": [
"FxVersion/4.6.26614.01",
"OSName/Windows",
- "OSVersion/Microsoft.Windows.10.0.17763.",
- "Microsoft.Azure.Management.Security.SecurityCenterClient/0.11.0.0"
+ "OSVersion/Microsoft.Windows.10.0.18363.",
+ "Microsoft.Azure.Management.Security.SecurityCenterClient/1.1.3.0"
]
},
"ResponseHeaders": {
@@ -88,7 +88,7 @@
"no-cache"
],
"Date": [
- "Mon, 04 Mar 2019 16:02:00 GMT"
+ "Mon, 04 May 2020 14:43:01 GMT"
],
"Pragma": [
"no-cache"
@@ -100,22 +100,22 @@
"max-age=31536000; includeSubDomains"
],
"x-ms-request-id": [
- "6f9ba888-fe66-4ef8-80ae-e300b84ea76b"
+ "b4f11f03-c487-4bdf-a317-0e92162998ed"
],
"x-ms-ratelimit-remaining-subscription-resource-requests": [
"749"
],
"x-ms-correlation-request-id": [
- "f0b3799c-96a4-4666-855f-c296c6c6ddd4"
+ "1b7256d0-d7da-4e43-8b57-f78dbff09ab6"
],
"x-ms-routing-request-id": [
- "UKWEST:20190304T160200Z:f0b3799c-96a4-4666-855f-c296c6c6ddd4"
+ "GERMANYWESTCENTRAL:20200504T144302Z:1b7256d0-d7da-4e43-8b57-f78dbff09ab6"
],
"X-Content-Type-Options": [
"nosniff"
],
"Content-Length": [
- "1930"
+ "25641"
],
"Content-Type": [
"application/json; charset=utf-8"
@@ -124,12 +124,10 @@
"-1"
]
},
- "ResponseBody": "{\r\n \"value\": [\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/rg/providers/Microsoft.Security/locations/centralus/alerts/2518532788749999999_66276b36-db2a-4b2c-84ad-9676fe753a01\",\r\n \"name\": \"2518532788749999999_66276b36-db2a-4b2c-84ad-9676fe753a01\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft\",\r\n \"alertDisplayName\": \"Web fingerprinting detected\",\r\n \"alertName\": \"APPS_Nmap\",\r\n \"detectedTimeUtc\": \"2019-03-03T17:40:43Z\",\r\n \"description\": \"Azure App Service activity log indicates a possible web fingerprinting activity on your App Service resource.The suspicious activity detected is associated with NMAP. Attackers often use this tool for probing the web application to find vulnerabilities.\",\r\n \"remediationSteps\": \"If only specific IP addresses should be allowed to access the web app, set IP restrictions (https://docs.microsoft.com/azure/app-service/app-service-ip-restrictions) for it.\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"High\",\r\n \"compromisedEntity\": \"sitename\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/rg/providers/Microsoft.Web/sites/sitename\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"b3d77198-6f95-40ed-9675-10001c2e93cc\",\r\n \"extendedProperties\": {\r\n \"last Event Time\": \"2/11/2019 5:40:46 PM\",\r\n \"sample URIs\": \"/sdk, /, /.git/HEAD, /favicon.ico, /evox/about, /robots.txt, /nmaplowercheck1549906843, /HNAP1\",\r\n \"sample User Agents\": \"Mozilla/5.0+(compatible;+Nmap+Scripting+Engine;+https://nmap.org/book/nse.html)\",\r\n \"sample Referer\": \"-\",\r\n \"resourceType\": \"App Service\"\r\n },\r\n \"state\": \"Dismissed\",\r\n \"reportedTimeUtc\": \"2019-03-03T20:41:03.846Z\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": [\r\n {\r\n \"$id\": \"centralus_1\",\r\n \"hostName\": \"sitename\",\r\n \"azureID\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/rg/providers/Microsoft.Web/sites/sitename\",\r\n \"type\": \"host\"\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n}",
+ "ResponseBody": "{\r\n \"value\": [\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Security/locations/westeurope/alerts/2518136982923187680_ef6aa4e6-9c60-4405-8f08-f465e8e50cd2\",\r\n \"name\": \"2518136982923187680_ef6aa4e6-9c60-4405-8f08-f465e8e50cd2\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft\",\r\n \"alertDisplayName\": \"Azure Security Center test alert (not a threat)\",\r\n \"alertName\": \"VM_EICAR\",\r\n \"detectedTimeUtc\": \"2020-05-04T14:28:27.6812319Z\",\r\n \"description\": \"This is a test alert generated by Azure Security Center. No further action is needed.\",\r\n \"remediationSteps\": \"No further action is needed.\",\r\n \"actionTaken\": \"Undefined\",\r\n \"reportedSeverity\": \"High\",\r\n \"compromisedEntity\": \"ALERTSTEST\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"ef6aa4e6-9c60-4405-8f08-f465e8e50cd2\",\r\n \"extendedProperties\": {\r\n \"compromised Host\": \"ALERTSTEST\",\r\n \"user Name\": \"WORKGROUP\\\\alertsTest$\",\r\n \"account Session Id\": \"0x3e7\",\r\n \"suspicious Process\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe\",\r\n \"suspicious Command Line\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"parent Process\": \"c:\\\\windows\\\\system32\\\\svchost.exe\",\r\n \"suspicious Process Id\": \"0x688\",\r\n \"arguments Auditing Enabled\": \"true\",\r\n \"enrichment_tas_threat__reports\": \"{\\\"Kind\\\":\\\"MultiLink\\\",\\\"DisplayValueToUrlDictionary\\\":{\\\"Report: EICAR File\\\":\\\"https://interflowwebportalext.trafficmanager.net/reports/DisplayReport?callerIdentity=ddd5443d-e6f4-441c-b52b-5278d2f21dfa&reportCreateDateTime=2020-05-04T09%3a13%3a05&reportName=MSTI-TS-EICAR-File.pdf&tenantId=387eb67f-0039-43ad-81b9-b66c6c0b1951&urlCreateDateTime=2020-05-04T09%3a13%3a05&token=aRLLv1q8UI%20eVn54OVy%20WbqcH7H9dSGDUOuWywymCrQ=\\\"}}\",\r\n \"resourceType\": \"Virtual Machine\"\r\n },\r\n \"state\": \"Dismissed\",\r\n \"reportedTimeUtc\": \"2020-05-04T14:29:05.5983077Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/mainws/providers/microsoft.operationalinsights/workspaces/securityuserws\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": [\r\n {\r\n \"$id\": \"westeurope_1\",\r\n \"dnsDomain\": \"\",\r\n \"ntDomain\": \"\",\r\n \"hostName\": \"ALERTSTEST\",\r\n \"netBiosName\": \"ALERTSTEST\",\r\n \"azureID\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"omsAgentID\": \"6bc4f1df-17e1-40f0-8227-f1635aea54dd\",\r\n \"osFamily\": \"Windows\",\r\n \"osVersion\": \"Windows\",\r\n \"isDomainJoined\": false,\r\n \"type\": \"host\"\r\n },\r\n {\r\n \"$id\": \"westeurope_2\",\r\n \"directory\": \"c:\\\\windows\\\\system32\",\r\n \"name\": \"svchost.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_3\",\r\n \"processId\": \"0x6ec\",\r\n \"commandLine\": \"\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_2\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_1\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_4\",\r\n \"name\": \"alertsTest$\",\r\n \"ntDomain\": \"WORKGROUP\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_1\"\r\n },\r\n \"sid\": \"S-1-5-18\",\r\n \"isDomainJoined\": true,\r\n \"type\": \"account\",\r\n \"LogonId\": \"0x3e7\"\r\n },\r\n {\r\n \"$id\": \"westeurope_5\",\r\n \"directory\": \"c:\\\\scripts\",\r\n \"name\": \"asc_alerttest_662jfi039n.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_6\",\r\n \"processId\": \"0x688\",\r\n \"commandLine\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"elevationToken\": \"Default\",\r\n \"creationTimeUtc\": \"2020-05-04T14:28:27.6812319Z\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_5\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_4\"\r\n },\r\n \"parentProcess\": {\r\n \"$ref\": \"westeurope_3\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_1\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_7\",\r\n \"sessionId\": \"0x3e7\",\r\n \"startTimeUtc\": \"2020-05-04T14:28:27.6812319Z\",\r\n \"endTimeUtc\": \"2020-05-04T14:28:27.6812319Z\",\r\n \"type\": \"host-logon-session\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_1\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_4\"\r\n }\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Security/locations/westeurope/alerts/2518137000923212703_d25bac04-7492-4ece-9d75-7a377d74d833\",\r\n \"name\": \"2518137000923212703_d25bac04-7492-4ece-9d75-7a377d74d833\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft\",\r\n \"alertDisplayName\": \"Azure Security Center test alert (not a threat)\",\r\n \"alertName\": \"VM_EICAR\",\r\n \"detectedTimeUtc\": \"2020-05-04T13:58:27.6787296Z\",\r\n \"description\": \"This is a test alert generated by Azure Security Center. No further action is needed.\",\r\n \"remediationSteps\": \"No further action is needed.\",\r\n \"actionTaken\": \"Undefined\",\r\n \"reportedSeverity\": \"High\",\r\n \"compromisedEntity\": \"ALERTSTEST\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"d25bac04-7492-4ece-9d75-7a377d74d833\",\r\n \"extendedProperties\": {\r\n \"compromised Host\": \"ALERTSTEST\",\r\n \"user Name\": \"WORKGROUP\\\\alertsTest$\",\r\n \"account Session Id\": \"0x3e7\",\r\n \"suspicious Process\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe\",\r\n \"suspicious Command Line\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"parent Process\": \"c:\\\\windows\\\\system32\\\\svchost.exe\",\r\n \"suspicious Process Id\": \"0x1c7c\",\r\n \"arguments Auditing Enabled\": \"true\",\r\n \"enrichment_tas_threat__reports\": \"{\\\"Kind\\\":\\\"MultiLink\\\",\\\"DisplayValueToUrlDictionary\\\":{\\\"Report: EICAR File\\\":\\\"https://interflowwebportalext.trafficmanager.net/reports/DisplayReport?callerIdentity=ddd5443d-e6f4-441c-b52b-5278d2f21dfa&reportCreateDateTime=2020-05-04T09%3a13%3a05&reportName=MSTI-TS-EICAR-File.pdf&tenantId=387eb67f-0039-43ad-81b9-b66c6c0b1951&urlCreateDateTime=2020-05-04T09%3a13%3a05&token=aRLLv1q8UI%20eVn54OVy%20WbqcH7H9dSGDUOuWywymCrQ=\\\"}}\",\r\n \"resourceType\": \"Virtual Machine\"\r\n },\r\n \"state\": \"Dismissed\",\r\n \"reportedTimeUtc\": \"2020-05-04T13:58:34.2198556Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/mainws/providers/microsoft.operationalinsights/workspaces/securityuserws\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": [\r\n {\r\n \"$id\": \"westeurope_8\",\r\n \"dnsDomain\": \"\",\r\n \"ntDomain\": \"\",\r\n \"hostName\": \"ALERTSTEST\",\r\n \"netBiosName\": \"ALERTSTEST\",\r\n \"azureID\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"omsAgentID\": \"6bc4f1df-17e1-40f0-8227-f1635aea54dd\",\r\n \"osFamily\": \"Windows\",\r\n \"osVersion\": \"Windows\",\r\n \"isDomainJoined\": false,\r\n \"type\": \"host\"\r\n },\r\n {\r\n \"$id\": \"westeurope_9\",\r\n \"directory\": \"c:\\\\windows\\\\system32\",\r\n \"name\": \"svchost.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_10\",\r\n \"processId\": \"0x6ec\",\r\n \"commandLine\": \"\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_9\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_8\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_11\",\r\n \"name\": \"alertsTest$\",\r\n \"ntDomain\": \"WORKGROUP\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_8\"\r\n },\r\n \"sid\": \"S-1-5-18\",\r\n \"isDomainJoined\": true,\r\n \"type\": \"account\",\r\n \"LogonId\": \"0x3e7\"\r\n },\r\n {\r\n \"$id\": \"westeurope_12\",\r\n \"directory\": \"c:\\\\scripts\",\r\n \"name\": \"asc_alerttest_662jfi039n.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_13\",\r\n \"processId\": \"0x1c7c\",\r\n \"commandLine\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"elevationToken\": \"Default\",\r\n \"creationTimeUtc\": \"2020-05-04T13:58:27.6787296Z\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_12\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_11\"\r\n },\r\n \"parentProcess\": {\r\n \"$ref\": \"westeurope_10\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_8\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_14\",\r\n \"sessionId\": \"0x3e7\",\r\n \"startTimeUtc\": \"2020-05-04T13:58:27.6787296Z\",\r\n \"endTimeUtc\": \"2020-05-04T13:58:27.6787296Z\",\r\n \"type\": \"host-logon-session\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_8\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_11\"\r\n }\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Security/locations/westeurope/alerts/2518137018913138372_93d99441-2eff-436e-ab25-0307b3484bb4\",\r\n \"name\": \"2518137018913138372_93d99441-2eff-436e-ab25-0307b3484bb4\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft\",\r\n \"alertDisplayName\": \"Azure Security Center test alert (not a threat)\",\r\n \"alertName\": \"VM_EICAR\",\r\n \"detectedTimeUtc\": \"2020-05-04T13:28:28.6861627Z\",\r\n \"description\": \"This is a test alert generated by Azure Security Center. No further action is needed.\",\r\n \"remediationSteps\": \"No further action is needed.\",\r\n \"actionTaken\": \"Undefined\",\r\n \"reportedSeverity\": \"High\",\r\n \"compromisedEntity\": \"ALERTSTEST\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"93d99441-2eff-436e-ab25-0307b3484bb4\",\r\n \"extendedProperties\": {\r\n \"compromised Host\": \"ALERTSTEST\",\r\n \"user Name\": \"WORKGROUP\\\\alertsTest$\",\r\n \"account Session Id\": \"0x3e7\",\r\n \"suspicious Process\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe\",\r\n \"suspicious Command Line\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"parent Process\": \"c:\\\\windows\\\\system32\\\\svchost.exe\",\r\n \"suspicious Process Id\": \"0x122c\",\r\n \"arguments Auditing Enabled\": \"true\",\r\n \"enrichment_tas_threat__reports\": \"{\\\"Kind\\\":\\\"MultiLink\\\",\\\"DisplayValueToUrlDictionary\\\":{\\\"Report: EICAR File\\\":\\\"https://interflowwebportalext.trafficmanager.net/reports/DisplayReport?callerIdentity=ddd5443d-e6f4-441c-b52b-5278d2f21dfa&reportCreateDateTime=2020-05-04T08%3a32%3a57&reportName=MSTI-TS-EICAR-File.pdf&tenantId=1c68e967-70a6-4cda-a34b-6d281cffe06e&urlCreateDateTime=2020-05-04T08%3a32%3a57&token=s7wyF62JLdEde8/SccnrGqIJxUOajFUpTETdhi3lCyY=\\\"}}\",\r\n \"resourceType\": \"Virtual Machine\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2020-05-04T13:28:59.9528247Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/mainws/providers/microsoft.operationalinsights/workspaces/securityuserws\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": [\r\n {\r\n \"$id\": \"westeurope_15\",\r\n \"dnsDomain\": \"\",\r\n \"ntDomain\": \"\",\r\n \"hostName\": \"ALERTSTEST\",\r\n \"netBiosName\": \"ALERTSTEST\",\r\n \"azureID\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"omsAgentID\": \"6bc4f1df-17e1-40f0-8227-f1635aea54dd\",\r\n \"osFamily\": \"Windows\",\r\n \"osVersion\": \"Windows\",\r\n \"isDomainJoined\": false,\r\n \"type\": \"host\"\r\n },\r\n {\r\n \"$id\": \"westeurope_16\",\r\n \"directory\": \"c:\\\\windows\\\\system32\",\r\n \"name\": \"svchost.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_17\",\r\n \"processId\": \"0x6ec\",\r\n \"commandLine\": \"\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_16\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_15\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_18\",\r\n \"name\": \"alertsTest$\",\r\n \"ntDomain\": \"WORKGROUP\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_15\"\r\n },\r\n \"sid\": \"S-1-5-18\",\r\n \"isDomainJoined\": true,\r\n \"type\": \"account\",\r\n \"LogonId\": \"0x3e7\"\r\n },\r\n {\r\n \"$id\": \"westeurope_19\",\r\n \"directory\": \"c:\\\\scripts\",\r\n \"name\": \"asc_alerttest_662jfi039n.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_20\",\r\n \"processId\": \"0x122c\",\r\n \"commandLine\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"elevationToken\": \"Default\",\r\n \"creationTimeUtc\": \"2020-05-04T13:28:28.6861627Z\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_19\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_18\"\r\n },\r\n \"parentProcess\": {\r\n \"$ref\": \"westeurope_17\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_15\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_21\",\r\n \"sessionId\": \"0x3e7\",\r\n \"startTimeUtc\": \"2020-05-04T13:28:28.6861627Z\",\r\n \"endTimeUtc\": \"2020-05-04T13:28:28.6861627Z\",\r\n \"type\": \"host-logon-session\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_15\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_18\"\r\n }\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Security/locations/westeurope/alerts/2518137035665338254_a345cb85-18aa-4d14-9293-e4d2ba15cb9d\",\r\n \"name\": \"2518137035665338254_a345cb85-18aa-4d14-9293-e4d2ba15cb9d\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft\",\r\n \"alertDisplayName\": \"Azure Security Center test alert (not a threat)\",\r\n \"alertName\": \"VM_EICAR\",\r\n \"detectedTimeUtc\": \"2020-05-04T13:00:33.4661745Z\",\r\n \"description\": \"This is a test alert generated by Azure Security Center. No further action is needed.\",\r\n \"remediationSteps\": \"No further action is needed.\",\r\n \"actionTaken\": \"Undefined\",\r\n \"reportedSeverity\": \"High\",\r\n \"compromisedEntity\": \"ALERTSTEST\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"a345cb85-18aa-4d14-9293-e4d2ba15cb9d\",\r\n \"extendedProperties\": {\r\n \"compromised Host\": \"ALERTSTEST\",\r\n \"user Name\": \"WORKGROUP\\\\alertsTest$\",\r\n \"account Session Id\": \"0x3e7\",\r\n \"suspicious Process\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe\",\r\n \"suspicious Command Line\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"parent Process\": \"c:\\\\windows\\\\system32\\\\svchost.exe\",\r\n \"suspicious Process Id\": \"0xe38\",\r\n \"arguments Auditing Enabled\": \"true\",\r\n \"enrichment_tas_threat__reports\": \"{\\\"Kind\\\":\\\"MultiLink\\\",\\\"DisplayValueToUrlDictionary\\\":{\\\"Report: EICAR File\\\":\\\"https://interflowwebportalext.trafficmanager.net/reports/DisplayReport?callerIdentity=ddd5443d-e6f4-441c-b52b-5278d2f21dfa&reportCreateDateTime=2020-05-04T09%3a13%3a05&reportName=MSTI-TS-EICAR-File.pdf&tenantId=387eb67f-0039-43ad-81b9-b66c6c0b1951&urlCreateDateTime=2020-05-04T09%3a13%3a05&token=aRLLv1q8UI%20eVn54OVy%20WbqcH7H9dSGDUOuWywymCrQ=\\\"}}\",\r\n \"resourceType\": \"Virtual Machine\"\r\n },\r\n \"state\": \"Dismissed\",\r\n \"reportedTimeUtc\": \"2020-05-04T13:00:37.889087Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/mainws/providers/microsoft.operationalinsights/workspaces/securityuserws\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": [\r\n {\r\n \"$id\": \"westeurope_22\",\r\n \"dnsDomain\": \"\",\r\n \"ntDomain\": \"\",\r\n \"hostName\": \"ALERTSTEST\",\r\n \"netBiosName\": \"ALERTSTEST\",\r\n \"azureID\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"omsAgentID\": \"6bc4f1df-17e1-40f0-8227-f1635aea54dd\",\r\n \"osFamily\": \"Windows\",\r\n \"osVersion\": \"Windows\",\r\n \"isDomainJoined\": false,\r\n \"type\": \"host\"\r\n },\r\n {\r\n \"$id\": \"westeurope_23\",\r\n \"directory\": \"c:\\\\windows\\\\system32\",\r\n \"name\": \"svchost.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_24\",\r\n \"processId\": \"0x6ec\",\r\n \"commandLine\": \"\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_23\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_22\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_25\",\r\n \"name\": \"alertsTest$\",\r\n \"ntDomain\": \"WORKGROUP\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_22\"\r\n },\r\n \"sid\": \"S-1-5-18\",\r\n \"isDomainJoined\": true,\r\n \"type\": \"account\",\r\n \"LogonId\": \"0x3e7\"\r\n },\r\n {\r\n \"$id\": \"westeurope_26\",\r\n \"directory\": \"c:\\\\scripts\",\r\n \"name\": \"asc_alerttest_662jfi039n.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_27\",\r\n \"processId\": \"0xe38\",\r\n \"commandLine\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"elevationToken\": \"Default\",\r\n \"creationTimeUtc\": \"2020-05-04T13:00:33.4661745Z\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_26\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_25\"\r\n },\r\n \"parentProcess\": {\r\n \"$ref\": \"westeurope_24\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_22\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_28\",\r\n \"sessionId\": \"0x3e7\",\r\n \"startTimeUtc\": \"2020-05-04T13:00:33.4661745Z\",\r\n \"endTimeUtc\": \"2020-05-04T13:00:33.4661745Z\",\r\n \"type\": \"host-logon-session\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_22\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_25\"\r\n }\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Security/locations/westeurope/alerts/2518137036458453383_d763b77f-129c-4e95-af39-5c4b4c411b5b\",\r\n \"name\": \"2518137036458453383_d763b77f-129c-4e95-af39-5c4b4c411b5b\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft\",\r\n \"alertDisplayName\": \"Azure Security Center test alert (not a threat)\",\r\n \"alertName\": \"VM_EICAR\",\r\n \"detectedTimeUtc\": \"2020-05-04T12:59:14.1546616Z\",\r\n \"description\": \"This is a test alert generated by Azure Security Center. No further action is needed.\",\r\n \"remediationSteps\": \"No further action is needed.\",\r\n \"actionTaken\": \"Undefined\",\r\n \"reportedSeverity\": \"High\",\r\n \"compromisedEntity\": \"ALERTSTEST\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"d763b77f-129c-4e95-af39-5c4b4c411b5b\",\r\n \"extendedProperties\": {\r\n \"compromised Host\": \"ALERTSTEST\",\r\n \"user Name\": \"WORKGROUP\\\\alertsTest$\",\r\n \"account Session Id\": \"0x3e7\",\r\n \"suspicious Process\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe\",\r\n \"suspicious Command Line\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"parent Process\": \"c:\\\\windows\\\\system32\\\\svchost.exe\",\r\n \"suspicious Process Id\": \"0xe7c\",\r\n \"arguments Auditing Enabled\": \"true\",\r\n \"enrichment_tas_threat__reports\": \"{\\\"Kind\\\":\\\"MultiLink\\\",\\\"DisplayValueToUrlDictionary\\\":{\\\"Report: EICAR File\\\":\\\"https://interflowwebportalext.trafficmanager.net/reports/DisplayReport?callerIdentity=ddd5443d-e6f4-441c-b52b-5278d2f21dfa&reportCreateDateTime=2020-05-04T08%3a32%3a57&reportName=MSTI-TS-EICAR-File.pdf&tenantId=1c68e967-70a6-4cda-a34b-6d281cffe06e&urlCreateDateTime=2020-05-04T08%3a32%3a57&token=s7wyF62JLdEde8/SccnrGqIJxUOajFUpTETdhi3lCyY=\\\"}}\",\r\n \"resourceType\": \"Virtual Machine\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2020-05-04T12:59:35.6273663Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/mainws/providers/microsoft.operationalinsights/workspaces/securityuserws\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": [\r\n {\r\n \"$id\": \"westeurope_29\",\r\n \"dnsDomain\": \"\",\r\n \"ntDomain\": \"\",\r\n \"hostName\": \"ALERTSTEST\",\r\n \"netBiosName\": \"ALERTSTEST\",\r\n \"azureID\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"omsAgentID\": \"6bc4f1df-17e1-40f0-8227-f1635aea54dd\",\r\n \"osFamily\": \"Windows\",\r\n \"osVersion\": \"Windows\",\r\n \"isDomainJoined\": false,\r\n \"type\": \"host\"\r\n },\r\n {\r\n \"$id\": \"westeurope_30\",\r\n \"directory\": \"c:\\\\windows\\\\system32\",\r\n \"name\": \"svchost.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_31\",\r\n \"processId\": \"0x6ec\",\r\n \"commandLine\": \"\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_30\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_29\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_32\",\r\n \"name\": \"alertsTest$\",\r\n \"ntDomain\": \"WORKGROUP\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_29\"\r\n },\r\n \"sid\": \"S-1-5-18\",\r\n \"isDomainJoined\": true,\r\n \"type\": \"account\",\r\n \"LogonId\": \"0x3e7\"\r\n },\r\n {\r\n \"$id\": \"westeurope_33\",\r\n \"directory\": \"c:\\\\scripts\",\r\n \"name\": \"asc_alerttest_662jfi039n.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_34\",\r\n \"processId\": \"0xe7c\",\r\n \"commandLine\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"elevationToken\": \"Default\",\r\n \"creationTimeUtc\": \"2020-05-04T12:59:14.1546616Z\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_33\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_32\"\r\n },\r\n \"parentProcess\": {\r\n \"$ref\": \"westeurope_31\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_29\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_35\",\r\n \"sessionId\": \"0x3e7\",\r\n \"startTimeUtc\": \"2020-05-04T12:59:14.1546616Z\",\r\n \"endTimeUtc\": \"2020-05-04T12:59:14.1546616Z\",\r\n \"type\": \"host-logon-session\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_29\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_32\"\r\n }\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Security/locations/westeurope/alerts/2518137036914144805_a3d0999b-cdfc-41d9-9d28-ee1335f03081\",\r\n \"name\": \"2518137036914144805_a3d0999b-cdfc-41d9-9d28-ee1335f03081\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft\",\r\n \"alertDisplayName\": \"Azure Security Center test alert (not a threat)\",\r\n \"alertName\": \"VM_EICAR\",\r\n \"detectedTimeUtc\": \"2020-05-04T12:58:28.5855194Z\",\r\n \"description\": \"This is a test alert generated by Azure Security Center. No further action is needed.\",\r\n \"remediationSteps\": \"No further action is needed.\",\r\n \"actionTaken\": \"Undefined\",\r\n \"reportedSeverity\": \"High\",\r\n \"compromisedEntity\": \"ALERTSTEST\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"a3d0999b-cdfc-41d9-9d28-ee1335f03081\",\r\n \"extendedProperties\": {\r\n \"compromised Host\": \"ALERTSTEST\",\r\n \"user Name\": \"WORKGROUP\\\\alertsTest$\",\r\n \"account Session Id\": \"0x3e7\",\r\n \"suspicious Process\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe\",\r\n \"suspicious Command Line\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"parent Process\": \"c:\\\\windows\\\\system32\\\\svchost.exe\",\r\n \"suspicious Process Id\": \"0xfac\",\r\n \"arguments Auditing Enabled\": \"true\",\r\n \"enrichment_tas_threat__reports\": \"{\\\"Kind\\\":\\\"MultiLink\\\",\\\"DisplayValueToUrlDictionary\\\":{\\\"Report: EICAR File\\\":\\\"https://interflowwebportalext.trafficmanager.net/reports/DisplayReport?callerIdentity=ddd5443d-e6f4-441c-b52b-5278d2f21dfa&reportCreateDateTime=2020-05-04T09%3a23%3a00&reportName=MSTI-TS-EICAR-File.pdf&tenantId=b11492db-77a6-4ec0-9ff7-17b6ba420e1e&urlCreateDateTime=2020-05-04T09%3a23%3a00&token=XhSuWhrbEKAk2sXS1TcK0SVTLOehFDirzLCUSUoWPL4=\\\"}}\",\r\n \"resourceType\": \"Virtual Machine\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2020-05-04T12:58:46.4927078Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/mainws/providers/microsoft.operationalinsights/workspaces/securityuserws\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": [\r\n {\r\n \"$id\": \"westeurope_36\",\r\n \"dnsDomain\": \"\",\r\n \"ntDomain\": \"\",\r\n \"hostName\": \"ALERTSTEST\",\r\n \"netBiosName\": \"ALERTSTEST\",\r\n \"azureID\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"omsAgentID\": \"6bc4f1df-17e1-40f0-8227-f1635aea54dd\",\r\n \"osFamily\": \"Windows\",\r\n \"osVersion\": \"Windows\",\r\n \"isDomainJoined\": false,\r\n \"type\": \"host\"\r\n },\r\n {\r\n \"$id\": \"westeurope_37\",\r\n \"directory\": \"c:\\\\windows\\\\system32\",\r\n \"name\": \"svchost.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_38\",\r\n \"processId\": \"0x6ec\",\r\n \"commandLine\": \"\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_37\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_36\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_39\",\r\n \"name\": \"alertsTest$\",\r\n \"ntDomain\": \"WORKGROUP\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_36\"\r\n },\r\n \"sid\": \"S-1-5-18\",\r\n \"isDomainJoined\": true,\r\n \"type\": \"account\",\r\n \"LogonId\": \"0x3e7\"\r\n },\r\n {\r\n \"$id\": \"westeurope_40\",\r\n \"directory\": \"c:\\\\scripts\",\r\n \"name\": \"asc_alerttest_662jfi039n.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_41\",\r\n \"processId\": \"0xfac\",\r\n \"commandLine\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"elevationToken\": \"Default\",\r\n \"creationTimeUtc\": \"2020-05-04T12:58:28.5855194Z\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_40\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_39\"\r\n },\r\n \"parentProcess\": {\r\n \"$ref\": \"westeurope_38\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_36\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_42\",\r\n \"sessionId\": \"0x3e7\",\r\n \"startTimeUtc\": \"2020-05-04T12:58:28.5855194Z\",\r\n \"endTimeUtc\": \"2020-05-04T12:58:28.5855194Z\",\r\n \"type\": \"host-logon-session\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_36\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_39\"\r\n }\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Security/locations/westeurope/alerts/2518137037321194617_adafe5f0-ade9-47b4-86f3-3155038827f6\",\r\n \"name\": \"2518137037321194617_adafe5f0-ade9-47b4-86f3-3155038827f6\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft\",\r\n \"alertDisplayName\": \"Azure Security Center test alert (not a threat)\",\r\n \"alertName\": \"VM_EICAR\",\r\n \"detectedTimeUtc\": \"2020-05-04T12:57:47.8805382Z\",\r\n \"description\": \"This is a test alert generated by Azure Security Center. No further action is needed.\",\r\n \"remediationSteps\": \"No further action is needed.\",\r\n \"actionTaken\": \"Undefined\",\r\n \"reportedSeverity\": \"High\",\r\n \"compromisedEntity\": \"ALERTSTEST\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"adafe5f0-ade9-47b4-86f3-3155038827f6\",\r\n \"extendedProperties\": {\r\n \"compromised Host\": \"ALERTSTEST\",\r\n \"user Name\": \"WORKGROUP\\\\alertsTest$\",\r\n \"account Session Id\": \"0x3e7\",\r\n \"suspicious Process\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe\",\r\n \"suspicious Command Line\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"parent Process\": \"c:\\\\windows\\\\system32\\\\svchost.exe\",\r\n \"suspicious Process Id\": \"0x1d50\",\r\n \"arguments Auditing Enabled\": \"true\",\r\n \"enrichment_tas_threat__reports\": \"{\\\"Kind\\\":\\\"MultiLink\\\",\\\"DisplayValueToUrlDictionary\\\":{\\\"Report: EICAR File\\\":\\\"https://interflowwebportalext.trafficmanager.net/reports/DisplayReport?callerIdentity=ddd5443d-e6f4-441c-b52b-5278d2f21dfa&reportCreateDateTime=2020-05-04T08%3a32%3a57&reportName=MSTI-TS-EICAR-File.pdf&tenantId=1c68e967-70a6-4cda-a34b-6d281cffe06e&urlCreateDateTime=2020-05-04T08%3a32%3a57&token=s7wyF62JLdEde8/SccnrGqIJxUOajFUpTETdhi3lCyY=\\\"}}\",\r\n \"resourceType\": \"Virtual Machine\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2020-05-04T12:57:53.7990186Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/mainws/providers/microsoft.operationalinsights/workspaces/securityuserws\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": [\r\n {\r\n \"$id\": \"westeurope_43\",\r\n \"dnsDomain\": \"\",\r\n \"ntDomain\": \"\",\r\n \"hostName\": \"ALERTSTEST\",\r\n \"netBiosName\": \"ALERTSTEST\",\r\n \"azureID\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"omsAgentID\": \"6bc4f1df-17e1-40f0-8227-f1635aea54dd\",\r\n \"osFamily\": \"Windows\",\r\n \"osVersion\": \"Windows\",\r\n \"isDomainJoined\": false,\r\n \"type\": \"host\"\r\n },\r\n {\r\n \"$id\": \"westeurope_44\",\r\n \"directory\": \"c:\\\\windows\\\\system32\",\r\n \"name\": \"svchost.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_45\",\r\n \"processId\": \"0x6ec\",\r\n \"commandLine\": \"\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_44\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_43\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_46\",\r\n \"name\": \"alertsTest$\",\r\n \"ntDomain\": \"WORKGROUP\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_43\"\r\n },\r\n \"sid\": \"S-1-5-18\",\r\n \"isDomainJoined\": true,\r\n \"type\": \"account\",\r\n \"LogonId\": \"0x3e7\"\r\n },\r\n {\r\n \"$id\": \"westeurope_47\",\r\n \"directory\": \"c:\\\\scripts\",\r\n \"name\": \"asc_alerttest_662jfi039n.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_48\",\r\n \"processId\": \"0x1d50\",\r\n \"commandLine\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"elevationToken\": \"Default\",\r\n \"creationTimeUtc\": \"2020-05-04T12:57:47.8805382Z\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_47\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_46\"\r\n },\r\n \"parentProcess\": {\r\n \"$ref\": \"westeurope_45\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_43\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_49\",\r\n \"sessionId\": \"0x3e7\",\r\n \"startTimeUtc\": \"2020-05-04T12:57:47.8805382Z\",\r\n \"endTimeUtc\": \"2020-05-04T12:57:47.8805382Z\",\r\n \"type\": \"host-logon-session\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_43\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_46\"\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n}",
"StatusCode": 200
}
],
"Names": {},
- "Variables": {
- "SubscriptionId": "487bb485-b5b0-471e-9c0d-10717612f869"
- }
+ "Variables": {}
}
\ No newline at end of file
diff --git a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/SecurityAlertsTests/SecurityAlerts_ListSubscriptionLevelAlertsByRegion.json b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/SecurityAlertsTests/SecurityAlerts_ListSubscriptionLevelAlertsByRegion.json
index 5e3bd2189135..aecfbdfcc88f 100644
--- a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/SecurityAlertsTests/SecurityAlerts_ListSubscriptionLevelAlertsByRegion.json
+++ b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/SecurityAlertsTests/SecurityAlerts_ListSubscriptionLevelAlertsByRegion.json
@@ -7,7 +7,7 @@
"RequestBody": "",
"RequestHeaders": {
"x-ms-client-request-id": [
- "bb74a129-aedb-41f8-86be-b30c697e392a"
+ "4b72bd54-642c-48d2-9cec-5b06ba6e31df"
],
"accept-language": [
"en-US"
@@ -15,8 +15,8 @@
"User-Agent": [
"FxVersion/4.6.26614.01",
"OSName/Windows",
- "OSVersion/Microsoft.Windows.10.0.17763.",
- "Microsoft.Azure.Management.Security.SecurityCenterClient/0.11.0.0"
+ "OSVersion/Microsoft.Windows.10.0.18363.",
+ "Microsoft.Azure.Management.Security.SecurityCenterClient/1.1.3.0"
]
},
"ResponseHeaders": {
@@ -24,26 +24,26 @@
"no-cache"
],
"Date": [
- "Mon, 04 Mar 2019 16:02:02 GMT"
+ "Mon, 04 May 2020 14:43:04 GMT"
],
"Pragma": [
"no-cache"
],
"x-ms-original-request-ids": [
- "740a03a2-9ef4-4292-bb94-b20c4d9da37e",
- "76f0f254-24f1-43eb-83b1-55b1eecc420c"
+ "11d3353c-32fa-447f-9224-a079f15d56c9",
+ "aa1bcf95-fe97-4f72-acea-c9a3b156b97e"
],
"x-ms-ratelimit-remaining-subscription-resource-requests": [
"748"
],
"x-ms-request-id": [
- "6d0bb72f-1738-40f0-b4c8-a83ff974b721"
+ "e0be10fb-62d0-45a1-958a-4bda6ed6e7f4"
],
"x-ms-correlation-request-id": [
- "6d0bb72f-1738-40f0-b4c8-a83ff974b721"
+ "e0be10fb-62d0-45a1-958a-4bda6ed6e7f4"
],
"x-ms-routing-request-id": [
- "UKWEST:20190304T160202Z:6d0bb72f-1738-40f0-b4c8-a83ff974b721"
+ "GERMANYWESTCENTRAL:20200504T144304Z:e0be10fb-62d0-45a1-958a-4bda6ed6e7f4"
],
"Strict-Transport-Security": [
"max-age=31536000; includeSubDomains"
@@ -52,7 +52,7 @@
"nosniff"
],
"Content-Length": [
- "169158"
+ "25641"
],
"Content-Type": [
"application/json; charset=utf-8"
@@ -61,17 +61,17 @@
"-1"
]
},
- "ResponseBody": "{\r\n \"value\": [\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/rg/providers/Microsoft.Security/locations/centralus/alerts/2518532788749999999_66276b36-db2a-4b2c-84ad-9676fe753a01\",\r\n \"name\": \"2518532788749999999_66276b36-db2a-4b2c-84ad-9676fe753a01\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft\",\r\n \"alertDisplayName\": \"Web fingerprinting detected\",\r\n \"alertName\": \"APPS_Nmap\",\r\n \"detectedTimeUtc\": \"2019-03-03T17:40:43Z\",\r\n \"description\": \"Azure App Service activity log indicates a possible web fingerprinting activity on your App Service resource.The suspicious activity detected is associated with NMAP. Attackers often use this tool for probing the web application to find vulnerabilities.\",\r\n \"remediationSteps\": \"If only specific IP addresses should be allowed to access the web app, set IP restrictions (https://docs.microsoft.com/azure/app-service/app-service-ip-restrictions) for it.\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"High\",\r\n \"compromisedEntity\": \"sitename\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/rg/providers/Microsoft.Web/sites/sitename\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"b3d77198-6f95-40ed-9675-10001c2e93cc\",\r\n \"extendedProperties\": {\r\n \"last Event Time\": \"2/11/2019 5:40:46 PM\",\r\n \"sample URIs\": \"/sdk, /, /.git/HEAD, /favicon.ico, /evox/about, /robots.txt, /nmaplowercheck1549906843, /HNAP1\",\r\n \"sample User Agents\": \"Mozilla/5.0+(compatible;+Nmap+Scripting+Engine;+https://nmap.org/book/nse.html)\",\r\n \"sample Referer\": \"-\",\r\n \"resourceType\": \"App Service\"\r\n },\r\n \"state\": \"Dismissed\",\r\n \"reportedTimeUtc\": \"2019-03-03T20:41:03.846Z\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": [\r\n {\r\n \"$id\": \"centralus_1\",\r\n \"hostName\": \"sitename\",\r\n \"azureID\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/rg/providers/Microsoft.Web/sites/sitename\",\r\n \"type\": \"host\"\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/providers/Microsoft.Security/locations/centralus/alerts/2518532788749999999_66276b36-db2a-4b2c-84ad-9676fe753a02\",\r\n \"name\": \"2518532788749999999_66276b36-db2a-4b2c-84ad-9676fe753a02\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft\",\r\n \"alertDisplayName\": \"Web fingerprinting detected\",\r\n \"alertName\": \"APPS_Nmap\",\r\n \"detectedTimeUtc\": \"2019-03-03T17:40:43Z\",\r\n \"description\": \"Azure App Service activity log indicates a possible web fingerprinting activity on your App Service resource.The suspicious activity detected is associated with NMAP. Attackers often use this tool for probing the web application to find vulnerabilities.\",\r\n \"remediationSteps\": \"If only specific IP addresses should be allowed to access the web app, set IP restrictions (https://docs.microsoft.com/azure/app-service/app-service-ip-restrictions) for it.\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"High\",\r\n \"compromisedEntity\": \"sitename\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/providers/Microsoft.Web/sites/sitename\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"b3d77198-6f95-40ed-9675-10001c2e93cd\",\r\n \"extendedProperties\": {\r\n \"last Event Time\": \"2/11/2019 5:40:46 PM\",\r\n \"sample URIs\": \"/sdk, /, /.git/HEAD, /favicon.ico, /evox/about, /robots.txt, /nmaplowercheck1549906843, /HNAP1\",\r\n \"sample User Agents\": \"Mozilla/5.0+(compatible;+Nmap+Scripting+Engine;+https://nmap.org/book/nse.html)\",\r\n \"sample Referer\": \"-\",\r\n \"resourceType\": \"App Service\"\r\n },\r\n \"state\": \"Dismissed\",\r\n \"reportedTimeUtc\": \"2019-03-03T20:41:03.846Z\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": [\r\n {\r\n \"$id\": \"centralus_2\",\r\n \"hostName\": \"sitename\",\r\n \"azureID\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/providers/Microsoft.Web/sites/sitename\",\r\n \"type\": \"host\"\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518505891999999999_c908c4ae-9a04-4d98-bb7e-18c82dfd9a81\",\r\n \"name\": \"2518505891999999999_c908c4ae-9a04-4d98-bb7e-18c82dfd9a81\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-04T15:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"c908c4ae-9a04-4d98-bb7e-18c82dfd9a81\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"159.192.218.25\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T16:00:11.489254Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518505927999999999_38e859b9-60eb-406d-aa42-a54dc5be9b17\",\r\n \"name\": \"2518505927999999999_38e859b9-60eb-406d-aa42-a54dc5be9b17\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-04T14:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"38e859b9-60eb-406d-aa42-a54dc5be9b17\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T15:00:56.8950851Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518505927999999999_3c3f8a61-1245-4e92-be38-ac054249f4a2\",\r\n \"name\": \"2518505927999999999_3c3f8a61-1245-4e92-be38-ac054249f4a2\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-04T14:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with scripting/generic HTTP client Matched Data: python-requests found within REQUEST_HEADERS:User-Agent: python-requests/2.6.0 CPython/2.7.5 Linux/3.10.0-957.1.3.el7.x86_64\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"3c3f8a61-1245-4e92-be38-ac054249f4a2\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T15:00:56.8950851Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518505927999999999_f646ad4c-8a5d-4355-9dfc-56a3f2521310\",\r\n \"name\": \"2518505927999999999_f646ad4c-8a5d-4355-9dfc-56a3f2521310\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-04T14:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 8)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"f646ad4c-8a5d-4355-9dfc-56a3f2521310\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T15:00:56.4081088Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518505963999999999_7e0b842e-b80f-4544-979d-952ed3b60db6\",\r\n \"name\": \"2518505963999999999_7e0b842e-b80f-4544-979d-952ed3b60db6\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-04T13:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"7e0b842e-b80f-4544-979d-952ed3b60db6\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"103.94.170.218,113.161.130.251\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T14:00:41.0033381Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506035999999999_4316a00c-7ac8-4b34-8b74-cf73e2a91b70\",\r\n \"name\": \"2518506035999999999_4316a00c-7ac8-4b34-8b74-cf73e2a91b70\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-04T11:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with scripting/generic HTTP client Matched Data: python-requests found within REQUEST_HEADERS:User-Agent: python-requests/2.6.0 CPython/2.7.5 Linux/3.10.0-957.1.3.el7.x86_64\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"4316a00c-7ac8-4b34-8b74-cf73e2a91b70\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T12:00:02.3651318Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506035999999999_553a1004-ff2f-4d39-9baf-cdb764aa6a1e\",\r\n \"name\": \"2518506035999999999_553a1004-ff2f-4d39-9baf-cdb764aa6a1e\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-04T11:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 8)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"553a1004-ff2f-4d39-9baf-cdb764aa6a1e\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T12:00:01.7153581Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506035999999999_d91570aa-65a5-46de-aee7-98b41a8027e4\",\r\n \"name\": \"2518506035999999999_d91570aa-65a5-46de-aee7-98b41a8027e4\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-04T11:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"d91570aa-65a5-46de-aee7-98b41a8027e4\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"176.32.33.80,103.212.90.36\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T12:00:02.3651318Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506071999999999_129ec79b-c7a6-4082-91af-c6733ce46447\",\r\n \"name\": \"2518506071999999999_129ec79b-c7a6-4082-91af-c6733ce46447\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-04T10:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"129ec79b-c7a6-4082-91af-c6733ce46447\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"51.83.15.87\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T11:00:48.0270644Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506071999999999_784f1ab8-ec53-4216-a522-52669e63bcde\",\r\n \"name\": \"2518506071999999999_784f1ab8-ec53-4216-a522-52669e63bcde\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-04T10:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"784f1ab8-ec53-4216-a522-52669e63bcde\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"45.115.6.194\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T11:00:48.4809846Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506179999999999_a4b834f3-2e4b-406c-bc49-1dc4339732e6\",\r\n \"name\": \"2518506179999999999_a4b834f3-2e4b-406c-bc49-1dc4339732e6\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-04T07:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 8)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"a4b834f3-2e4b-406c-bc49-1dc4339732e6\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T08:00:01.2466784Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506179999999999_e2dfaff2-872b-479b-8ead-f3473da44a88\",\r\n \"name\": \"2518506179999999999_e2dfaff2-872b-479b-8ead-f3473da44a88\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-04T07:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"e2dfaff2-872b-479b-8ead-f3473da44a88\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"179.110.123.218,176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T08:00:02.116777Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506179999999999_e67879f8-55f1-49a0-bfde-d8d076fae90e\",\r\n \"name\": \"2518506179999999999_e67879f8-55f1-49a0-bfde-d8d076fae90e\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-04T07:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with scripting/generic HTTP client Matched Data: python-requests found within REQUEST_HEADERS:User-Agent: python-requests/2.6.0 CPython/2.7.5 Linux/3.10.0-957.1.3.el7.x86_64\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"e67879f8-55f1-49a0-bfde-d8d076fae90e\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T08:00:02.116777Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506215999999999_137fc371-1c41-4da3-9f32-61dbf0c876b3\",\r\n \"name\": \"2518506215999999999_137fc371-1c41-4da3-9f32-61dbf0c876b3\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-04T06:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"137fc371-1c41-4da3-9f32-61dbf0c876b3\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"186.226.218.121,191.37.250.231\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T07:00:47.1096409Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506215999999999_d1922f41-45da-4c89-b3f0-ae2ee97ca464\",\r\n \"name\": \"2518506215999999999_d1922f41-45da-4c89-b3f0-ae2ee97ca464\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-04T06:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"d1922f41-45da-4c89-b3f0-ae2ee97ca464\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"109.73.182.157\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T07:00:46.5853915Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506251999999999_8ad58304-6c26-4379-89fc-b89fcfa1e747\",\r\n \"name\": \"2518506251999999999_8ad58304-6c26-4379-89fc-b89fcfa1e747\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-04T05:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"8ad58304-6c26-4379-89fc-b89fcfa1e747\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"185.123.233.160\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T06:00:33.4180269Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506287999999999_1ed08eec-64cc-4d93-9eea-ea73822c2320\",\r\n \"name\": \"2518506287999999999_1ed08eec-64cc-4d93-9eea-ea73822c2320\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-04T04:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"1ed08eec-64cc-4d93-9eea-ea73822c2320\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T05:00:20.5069656Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506287999999999_8f8d4f63-d98c-4e11-aa94-d1f3886b6afb\",\r\n \"name\": \"2518506287999999999_8f8d4f63-d98c-4e11-aa94-d1f3886b6afb\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-04T04:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with scripting/generic HTTP client Matched Data: python-requests found within REQUEST_HEADERS:User-Agent: python-requests/2.6.0 CPython/2.7.5 Linux/3.10.0-957.1.3.el7.x86_64\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"8f8d4f63-d98c-4e11-aa94-d1f3886b6afb\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T05:00:20.5069656Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506287999999999_e84d6d25-d3fd-4198-a9ea-8d1a695a8a0e\",\r\n \"name\": \"2518506287999999999_e84d6d25-d3fd-4198-a9ea-8d1a695a8a0e\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-04T04:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 8)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"e84d6d25-d3fd-4198-a9ea-8d1a695a8a0e\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T05:00:20.5069656Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506395999999999_025841f9-9581-450c-8349-b96da379d72c\",\r\n \"name\": \"2518506395999999999_025841f9-9581-450c-8349-b96da379d72c\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-04T01:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 8)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"025841f9-9581-450c-8349-b96da379d72c\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T02:00:39.9205038Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506395999999999_21099c91-d37e-4843-966e-55f53d3fe657\",\r\n \"name\": \"2518506395999999999_21099c91-d37e-4843-966e-55f53d3fe657\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-04T01:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with scripting/generic HTTP client Matched Data: python-requests found within REQUEST_HEADERS:User-Agent: python-requests/2.6.0 CPython/2.7.5 Linux/3.10.0-957.1.3.el7.x86_64\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"21099c91-d37e-4843-966e-55f53d3fe657\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T02:00:40.4337488Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506395999999999_997886ee-adcc-4233-b389-4f349a4e4f19\",\r\n \"name\": \"2518506395999999999_997886ee-adcc-4233-b389-4f349a4e4f19\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-04T01:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"997886ee-adcc-4233-b389-4f349a4e4f19\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T02:00:40.4337488Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506431999999999_3628cfac-0858-4075-873e-cb45feafc2d8\",\r\n \"name\": \"2518506431999999999_3628cfac-0858-4075-873e-cb45feafc2d8\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"METHOD-ENFORCEMENT\",\r\n \"alertName\": \"METHOD-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-04T00:00:00Z\",\r\n \"description\": \"Detail:Method is not allowed by policy PROPFIND\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"3628cfac-0858-4075-873e-cb45feafc2d8\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"123.206.22.203\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T01:00:24.1988577Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506431999999999_65048fd9-87b9-4d11-9570-f3ea77419866\",\r\n \"name\": \"2518506431999999999_65048fd9-87b9-4d11-9570-f3ea77419866\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-04T00:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"65048fd9-87b9-4d11-9570-f3ea77419866\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"108\",\r\n \"source IPs\": \"45.170.220.47,123.206.22.203,183.89.68.95\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T01:00:24.1988577Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506431999999999_a8a29940-e0bd-4742-95cc-c6d01e1afe48\",\r\n \"name\": \"2518506431999999999_a8a29940-e0bd-4742-95cc-c6d01e1afe48\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"APPLICATION-ATTACK-SQLI\",\r\n \"alertName\": \"APPLICATION-ATTACK-SQLI\",\r\n \"detectedTimeUtc\": \"2019-03-04T00:00:00Z\",\r\n \"description\": \"Detail:SQL Injection Attack Matched Data: md5 found within ARGS:h: die(@md5(M4rch));\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"a8a29940-e0bd-4742-95cc-c6d01e1afe48\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"16\",\r\n \"source IPs\": \"123.206.22.203\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T01:00:24.1988577Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506431999999999_b41572ea-083b-4743-ab2f-f653b504c3c3\",\r\n \"name\": \"2518506431999999999_b41572ea-083b-4743-ab2f-f653b504c3c3\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-04T00:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 5)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"b41572ea-083b-4743-ab2f-f653b504c3c3\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"41\",\r\n \"source IPs\": \"123.206.22.203\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T01:00:24.1988577Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506431999999999_b463a506-46aa-4a9d-8468-40e2ed74fae2\",\r\n \"name\": \"2518506431999999999_b463a506-46aa-4a9d-8468-40e2ed74fae2\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"APPLICATION-ATTACK-SQLI\",\r\n \"alertName\": \"APPLICATION-ATTACK-SQLI\",\r\n \"detectedTimeUtc\": \"2019-03-04T00:00:00Z\",\r\n \"description\": \"Detail:SQL Injection Attack Matched Data: md5 found within ARGS:h: die(@md5(M4rch));\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"b463a506-46aa-4a9d-8468-40e2ed74fae2\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"24\",\r\n \"source IPs\": \"123.206.22.203\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T01:00:23.6287102Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506431999999999_da18a55d-358d-499b-97e2-d4a9169d6d79\",\r\n \"name\": \"2518506431999999999_da18a55d-358d-499b-97e2-d4a9169d6d79\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-04T00:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 12)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"da18a55d-358d-499b-97e2-d4a9169d6d79\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"43\",\r\n \"source IPs\": \"123.206.22.203\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T01:00:24.1988577Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506431999999999_e188c598-6c5a-4b88-b062-53a84c8e5866\",\r\n \"name\": \"2518506431999999999_e188c598-6c5a-4b88-b062-53a84c8e5866\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-04T00:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"e188c598-6c5a-4b88-b062-53a84c8e5866\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"98\",\r\n \"source IPs\": \"123.206.22.203\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T01:00:24.1988577Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506431999999999_f3759b4d-98d9-4133-820f-c53404075381\",\r\n \"name\": \"2518506431999999999_f3759b4d-98d9-4133-820f-c53404075381\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"APPLICATION-ATTACK-LFI\",\r\n \"alertName\": \"APPLICATION-ATTACK-LFI\",\r\n \"detectedTimeUtc\": \"2019-03-04T00:00:00Z\",\r\n \"description\": \"Detail:Restricted File Access Attempt Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"f3759b4d-98d9-4133-820f-c53404075381\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"123.206.22.203\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T01:00:24.1988577Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506467999999999_e16ffb83-a733-495b-b767-56079cca194b\",\r\n \"name\": \"2518506467999999999_e16ffb83-a733-495b-b767-56079cca194b\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T23:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"e16ffb83-a733-495b-b767-56079cca194b\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"37.57.97.61\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T00:00:05.2118352Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506539999999999_96264969-2f25-4495-8e4a-26d705da8fa9\",\r\n \"name\": \"2518506539999999999_96264969-2f25-4495-8e4a-26d705da8fa9\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-03T21:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with scripting/generic HTTP client Matched Data: python-requests found within REQUEST_HEADERS:User-Agent: python-requests/2.6.0 CPython/2.7.5 Linux/3.10.0-957.1.3.el7.x86_64\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"96264969-2f25-4495-8e4a-26d705da8fa9\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T22:00:34.1747263Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506539999999999_dd92cb6e-f129-4405-9e18-11fa5c1252c2\",\r\n \"name\": \"2518506539999999999_dd92cb6e-f129-4405-9e18-11fa5c1252c2\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T21:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 8)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"dd92cb6e-f129-4405-9e18-11fa5c1252c2\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T22:00:33.6975993Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506539999999999_ecdf89d6-b2a2-4d32-9e16-f7cd67984891\",\r\n \"name\": \"2518506539999999999_ecdf89d6-b2a2-4d32-9e16-f7cd67984891\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T21:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"ecdf89d6-b2a2-4d32-9e16-f7cd67984891\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"41.50.83.103,176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T22:00:34.1747263Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506575999999999_5aee1028-31b6-4d35-93cc-569793a2d3a2\",\r\n \"name\": \"2518506575999999999_5aee1028-31b6-4d35-93cc-569793a2d3a2\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T20:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"5aee1028-31b6-4d35-93cc-569793a2d3a2\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"181.166.19.204\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T21:00:19.3291561Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506611999999999_3c7cfa09-e213-4490-ba8d-a11b72b6d000\",\r\n \"name\": \"2518506611999999999_3c7cfa09-e213-4490-ba8d-a11b72b6d000\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T19:00:00Z\",\r\n \"description\": \"Detail:Request Missing a Host Header\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"3c7cfa09-e213-4490-ba8d-a11b72b6d000\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"178.73.215.171\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T20:00:05.4039046Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506611999999999_af8a5586-7eae-4aba-bb14-5a0d9f18bb97\",\r\n \"name\": \"2518506611999999999_af8a5586-7eae-4aba-bb14-5a0d9f18bb97\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T19:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"af8a5586-7eae-4aba-bb14-5a0d9f18bb97\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"39.96.43.158,200.207.20.30\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T20:00:05.4039046Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506611999999999_ea4eb36f-4b5c-4b3d-a52e-b06a0a8634ac\",\r\n \"name\": \"2518506611999999999_ea4eb36f-4b5c-4b3d-a52e-b06a0a8634ac\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T19:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 5)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"ea4eb36f-4b5c-4b3d-a52e-b06a0a8634ac\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"178.73.215.171\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T20:00:04.9007841Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506647999999999_2049cf22-f78e-45c4-8c8d-620175ea9b67\",\r\n \"name\": \"2518506647999999999_2049cf22-f78e-45c4-8c8d-620175ea9b67\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"APPLICATION-ATTACK-SQLI\",\r\n \"alertName\": \"APPLICATION-ATTACK-SQLI\",\r\n \"detectedTimeUtc\": \"2019-03-03T18:00:00Z\",\r\n \"description\": \"Detail:SQL Injection Attack: SQL Tautology Detected. Matched Data: methodName>system found within ARGS_NAMES: system.listMethods : system.listMethods \",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"2049cf22-f78e-45c4-8c8d-620175ea9b67\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"52.183.58.122\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T19:00:51.2707099Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506647999999999_5dd2d179-737e-47de-a37d-c6b6731c149a\",\r\n \"name\": \"2518506647999999999_5dd2d179-737e-47de-a37d-c6b6731c149a\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-03T18:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with security scanner Matched Data: nmap scripting engine found within REQUEST_HEADERS:User-Agent: Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"5dd2d179-737e-47de-a37d-c6b6731c149a\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"16\",\r\n \"source IPs\": \"52.183.58.122\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T19:00:51.2707099Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506647999999999_7bc4f2d4-49d2-4e83-801e-18e5f7288546\",\r\n \"name\": \"2518506647999999999_7bc4f2d4-49d2-4e83-801e-18e5f7288546\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T18:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 5)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"7bc4f2d4-49d2-4e83-801e-18e5f7288546\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"17\",\r\n \"source IPs\": \"52.183.58.122\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T19:00:51.2707099Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506647999999999_7db374f1-b737-40f9-9801-427d6ded6631\",\r\n \"name\": \"2518506647999999999_7db374f1-b737-40f9-9801-427d6ded6631\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T18:00:00Z\",\r\n \"description\": \"Detail:Request Missing a Host Header\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"7db374f1-b737-40f9-9801-427d6ded6631\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"29\",\r\n \"source IPs\": \"52.183.58.122\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T19:00:51.2707099Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506647999999999_7fdd74ca-ecdc-47c7-8ede-237604683d32\",\r\n \"name\": \"2518506647999999999_7fdd74ca-ecdc-47c7-8ede-237604683d32\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T18:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 10)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"7fdd74ca-ecdc-47c7-8ede-237604683d32\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"18\",\r\n \"source IPs\": \"52.183.58.122\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T19:00:51.2707099Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506647999999999_8a49395c-6a4a-44c1-ada6-5d9e25ad2cb4\",\r\n \"name\": \"2518506647999999999_8a49395c-6a4a-44c1-ada6-5d9e25ad2cb4\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-03T18:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with security scanner Matched Data: nmap scripting engine found within REQUEST_HEADERS:User-Agent: Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"8a49395c-6a4a-44c1-ada6-5d9e25ad2cb4\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"16\",\r\n \"source IPs\": \"52.183.58.122\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T19:00:51.2707099Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506647999999999_9aa674cd-3d5a-44d0-ae78-26bb404bb9cd\",\r\n \"name\": \"2518506647999999999_9aa674cd-3d5a-44d0-ae78-26bb404bb9cd\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"APPLICATION-ATTACK-LFI\",\r\n \"alertName\": \"APPLICATION-ATTACK-LFI\",\r\n \"detectedTimeUtc\": \"2019-03-03T18:00:00Z\",\r\n \"description\": \"Detail:Restricted File Access Attempt Matched Data: /.git/ found within REQUEST_FILENAME: /.git/HEAD\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"9aa674cd-3d5a-44d0-ae78-26bb404bb9cd\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"52.183.58.122\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T19:00:50.6994998Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506647999999999_a1d6f3b7-f990-4f60-aa51-f9dedb286a93\",\r\n \"name\": \"2518506647999999999_a1d6f3b7-f990-4f60-aa51-f9dedb286a93\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"METHOD-ENFORCEMENT\",\r\n \"alertName\": \"METHOD-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T18:00:00Z\",\r\n \"description\": \"Detail:Method is not allowed by policy PROPFIND\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"a1d6f3b7-f990-4f60-aa51-f9dedb286a93\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"4\",\r\n \"source IPs\": \"52.183.58.122\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T19:00:51.2707099Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506647999999999_e88f0966-faba-4c11-806c-1dd3d0f02349\",\r\n \"name\": \"2518506647999999999_e88f0966-faba-4c11-806c-1dd3d0f02349\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T18:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"e88f0966-faba-4c11-806c-1dd3d0f02349\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"30\",\r\n \"source IPs\": \"52.183.58.122\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T19:00:51.2707099Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506683999999999_3ffd1f5a-8a43-42dd-950f-94a708c4eccf\",\r\n \"name\": \"2518506683999999999_3ffd1f5a-8a43-42dd-950f-94a708c4eccf\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-03T17:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with scripting/generic HTTP client Matched Data: Python-urllib found within REQUEST_HEADERS:User-Agent: Python-urllib/2.7\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"3ffd1f5a-8a43-42dd-950f-94a708c4eccf\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"5.189.188.237\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T18:00:33.544093Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506683999999999_45daf153-e9c2-4943-aa00-60a4d57dfe57\",\r\n \"name\": \"2518506683999999999_45daf153-e9c2-4943-aa00-60a4d57dfe57\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T17:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 5)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"45daf153-e9c2-4943-aa00-60a4d57dfe57\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"185\",\r\n \"source IPs\": \"153.37.197.94\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T18:00:34.0159991Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506683999999999_5f021722-537d-490c-bdfd-ac6fc510da5c\",\r\n \"name\": \"2518506683999999999_5f021722-537d-490c-bdfd-ac6fc510da5c\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T17:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"5f021722-537d-490c-bdfd-ac6fc510da5c\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"241\",\r\n \"source IPs\": \"153.37.197.94\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T18:00:34.0159991Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506683999999999_6a5df300-a1b4-4403-a419-eb6688efdf7b\",\r\n \"name\": \"2518506683999999999_6a5df300-a1b4-4403-a419-eb6688efdf7b\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"APPLICATION-ATTACK-SQLI\",\r\n \"alertName\": \"APPLICATION-ATTACK-SQLI\",\r\n \"detectedTimeUtc\": \"2019-03-03T17:00:00Z\",\r\n \"description\": \"Detail:SQL Injection Attack Matched Data: md5 found within ARGS:h: die(@md5(M4rch));\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"6a5df300-a1b4-4403-a419-eb6688efdf7b\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"258\",\r\n \"source IPs\": \"153.37.197.94\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T18:00:34.0159991Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506683999999999_874c6ebd-1e67-4774-a5ce-0d731c1c27db\",\r\n \"name\": \"2518506683999999999_874c6ebd-1e67-4774-a5ce-0d731c1c27db\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T17:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 12)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"874c6ebd-1e67-4774-a5ce-0d731c1c27db\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"187\",\r\n \"source IPs\": \"153.37.197.94,5.189.188.237\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T18:00:34.0159991Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506683999999999_96f96063-0f51-4b5a-8548-a58f55a126bb\",\r\n \"name\": \"2518506683999999999_96f96063-0f51-4b5a-8548-a58f55a126bb\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"APPLICATION-ATTACK-LFI\",\r\n \"alertName\": \"APPLICATION-ATTACK-LFI\",\r\n \"detectedTimeUtc\": \"2019-03-03T17:00:00Z\",\r\n \"description\": \"Detail:Restricted File Access Attempt Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"96f96063-0f51-4b5a-8548-a58f55a126bb\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"153.37.197.94\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T18:00:34.0159991Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506683999999999_a1fd9cb6-278c-4fa8-8378-b88d15b68e37\",\r\n \"name\": \"2518506683999999999_a1fd9cb6-278c-4fa8-8378-b88d15b68e37\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"APPLICATION-ATTACK-SQLI\",\r\n \"alertName\": \"APPLICATION-ATTACK-SQLI\",\r\n \"detectedTimeUtc\": \"2019-03-03T17:00:00Z\",\r\n \"description\": \"Detail:SQL Injection Attack Matched Data: md5 found within ARGS:h: die(@md5(M4rch));\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"a1fd9cb6-278c-4fa8-8378-b88d15b68e37\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"242\",\r\n \"source IPs\": \"153.37.197.94\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T18:00:34.0159991Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506683999999999_e4985ba6-3474-4f25-8d0e-0d29bb6b38c9\",\r\n \"name\": \"2518506683999999999_e4985ba6-3474-4f25-8d0e-0d29bb6b38c9\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T17:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"e4985ba6-3474-4f25-8d0e-0d29bb6b38c9\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"254\",\r\n \"source IPs\": \"143.255.242.186,153.37.197.94,5.189.188.237\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T18:00:34.0159991Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506683999999999_e6988005-220a-4136-82fd-14ef12b4ddf1\",\r\n \"name\": \"2518506683999999999_e6988005-220a-4136-82fd-14ef12b4ddf1\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"METHOD-ENFORCEMENT\",\r\n \"alertName\": \"METHOD-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T17:00:00Z\",\r\n \"description\": \"Detail:Method is not allowed by policy PROPFIND\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"e6988005-220a-4136-82fd-14ef12b4ddf1\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"153.37.197.94\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T18:00:34.0159991Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506719999999999_13a28970-6f30-4c49-8db1-bbeb8c53f358\",\r\n \"name\": \"2518506719999999999_13a28970-6f30-4c49-8db1-bbeb8c53f358\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-03T16:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with scripting/generic HTTP client Matched Data: python-requests found within REQUEST_HEADERS:User-Agent: python-requests/2.6.0 CPython/2.7.5 Linux/3.10.0-957.1.3.el7.x86_64\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"13a28970-6f30-4c49-8db1-bbeb8c53f358\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T17:00:20.7167821Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506719999999999_3dd7d880-0612-484b-9352-47cbe5e955c0\",\r\n \"name\": \"2518506719999999999_3dd7d880-0612-484b-9352-47cbe5e955c0\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T16:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"3dd7d880-0612-484b-9352-47cbe5e955c0\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"4\",\r\n \"source IPs\": \"151.14.49.82,106.12.205.48,176.32.33.80,27.112.69.69\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T17:00:20.7167821Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506719999999999_45ad41ef-a52a-4383-b5a0-cf77d0f52769\",\r\n \"name\": \"2518506719999999999_45ad41ef-a52a-4383-b5a0-cf77d0f52769\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T16:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 8)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"45ad41ef-a52a-4383-b5a0-cf77d0f52769\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T17:00:20.7167821Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506755999999999_08c7bb21-5ce6-4a29-8559-e0f681637727\",\r\n \"name\": \"2518506755999999999_08c7bb21-5ce6-4a29-8559-e0f681637727\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T15:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"08c7bb21-5ce6-4a29-8559-e0f681637727\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"112.109.90.7\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T16:00:13.9856128Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506791999999999_a4f72ed5-04a4-4396-a55f-6c1e53f5de88\",\r\n \"name\": \"2518506791999999999_a4f72ed5-04a4-4396-a55f-6c1e53f5de88\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T14:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"a4f72ed5-04a4-4396-a55f-6c1e53f5de88\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"191.19.156.211\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T15:00:53.1284306Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506791999999999_d7624e51-e813-4e82-9d24-b0c7d1ee54a2\",\r\n \"name\": \"2518506791999999999_d7624e51-e813-4e82-9d24-b0c7d1ee54a2\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T14:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"d7624e51-e813-4e82-9d24-b0c7d1ee54a2\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"191.19.156.211\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T15:00:53.5907512Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506827999999999_5d48c911-b79f-4a9c-adf7-b1f7b542e139\",\r\n \"name\": \"2518506827999999999_5d48c911-b79f-4a9c-adf7-b1f7b542e139\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T13:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"5d48c911-b79f-4a9c-adf7-b1f7b542e139\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"47.44.40.236\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T14:00:40.9369659Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506827999999999_6705b59f-aa53-4b22-a799-0ec168f16554\",\r\n \"name\": \"2518506827999999999_6705b59f-aa53-4b22-a799-0ec168f16554\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T13:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 5)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"6705b59f-aa53-4b22-a799-0ec168f16554\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"86.101.76.223\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T14:00:41.4313385Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506827999999999_8ef4d78a-8e10-42c2-809c-b06a1dbac6ff\",\r\n \"name\": \"2518506827999999999_8ef4d78a-8e10-42c2-809c-b06a1dbac6ff\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T13:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"8ef4d78a-8e10-42c2-809c-b06a1dbac6ff\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"3\",\r\n \"source IPs\": \"86.101.76.223,37.112.145.247\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T14:00:41.4313385Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506863999999999_0a57514d-bfbb-40de-945f-edab4061fa9f\",\r\n \"name\": \"2518506863999999999_0a57514d-bfbb-40de-945f-edab4061fa9f\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-03T12:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with scripting/generic HTTP client Matched Data: python-requests found within REQUEST_HEADERS:User-Agent: python-requests/2.6.0 CPython/2.7.5 Linux/3.10.0-957.1.3.el7.x86_64\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"0a57514d-bfbb-40de-945f-edab4061fa9f\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T13:00:27.4966084Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506863999999999_2aec0c06-933a-4981-bd34-59809b81bdcf\",\r\n \"name\": \"2518506863999999999_2aec0c06-933a-4981-bd34-59809b81bdcf\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T12:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"2aec0c06-933a-4981-bd34-59809b81bdcf\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"3\",\r\n \"source IPs\": \"139.162.106.181,176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T13:00:27.9629747Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506863999999999_3906c573-8bb4-47b5-922d-3a93dacb999a\",\r\n \"name\": \"2518506863999999999_3906c573-8bb4-47b5-922d-3a93dacb999a\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T12:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 5)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"3906c573-8bb4-47b5-922d-3a93dacb999a\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"139.162.106.181,176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T13:00:27.9629747Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506863999999999_ccc614e5-38e9-4794-a4a7-b084779313b2\",\r\n \"name\": \"2518506863999999999_ccc614e5-38e9-4794-a4a7-b084779313b2\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T12:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"ccc614e5-38e9-4794-a4a7-b084779313b2\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"189.79.106.13,175.106.10.226\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T13:00:27.9629747Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506899999999999_0628b610-6b29-45ec-a08c-2561f6201681\",\r\n \"name\": \"2518506899999999999_0628b610-6b29-45ec-a08c-2561f6201681\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T11:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"0628b610-6b29-45ec-a08c-2561f6201681\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"4\",\r\n \"source IPs\": \"170.233.47.249,149.71.160.254,125.64.94.200\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T12:00:05.3305889Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506899999999999_7008ba75-4cc8-4291-93bc-ea17eba8f37c\",\r\n \"name\": \"2518506899999999999_7008ba75-4cc8-4291-93bc-ea17eba8f37c\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T11:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 5)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"7008ba75-4cc8-4291-93bc-ea17eba8f37c\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"125.64.94.200\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T12:00:04.8798965Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506935999999999_6f663a4f-982b-4818-8ef1-f87730e40dcc\",\r\n \"name\": \"2518506935999999999_6f663a4f-982b-4818-8ef1-f87730e40dcc\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T10:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"6f663a4f-982b-4818-8ef1-f87730e40dcc\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"177.190.65.151\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T11:00:50.1566901Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506971999999999_205da57b-4636-44f8-894e-3a78c60e78be\",\r\n \"name\": \"2518506971999999999_205da57b-4636-44f8-894e-3a78c60e78be\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-03T09:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with security scanner Matched Data: zmeu found within REQUEST_HEADERS:User-Agent: ZmEu\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"205da57b-4636-44f8-894e-3a78c60e78be\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"5\",\r\n \"source IPs\": \"202.111.175.134\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T10:00:37.6036112Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506971999999999_36d74c57-219a-48dd-9d85-8edf5dad9605\",\r\n \"name\": \"2518506971999999999_36d74c57-219a-48dd-9d85-8edf5dad9605\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T09:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 8)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"36d74c57-219a-48dd-9d85-8edf5dad9605\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"3\",\r\n \"source IPs\": \"176.32.33.80,202.111.175.134\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T10:00:37.6036112Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506971999999999_51794aa7-6274-4156-b321-a8404ec2c8a1\",\r\n \"name\": \"2518506971999999999_51794aa7-6274-4156-b321-a8404ec2c8a1\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T09:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 13)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"51794aa7-6274-4156-b321-a8404ec2c8a1\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"4\",\r\n \"source IPs\": \"202.111.175.134\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T10:00:36.6754928Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506971999999999_8fd280c9-d229-4ab0-b7c2-a1e6ed13d475\",\r\n \"name\": \"2518506971999999999_8fd280c9-d229-4ab0-b7c2-a1e6ed13d475\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T09:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"8fd280c9-d229-4ab0-b7c2-a1e6ed13d475\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"4\",\r\n \"source IPs\": \"202.111.175.134\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T10:00:37.6036112Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506971999999999_c5f9f5ef-e626-494f-af62-296e9a3aae90\",\r\n \"name\": \"2518506971999999999_c5f9f5ef-e626-494f-af62-296e9a3aae90\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T09:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"c5f9f5ef-e626-494f-af62-296e9a3aae90\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"3\",\r\n \"source IPs\": \"176.32.33.80,202.111.175.134\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T10:00:37.6036112Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506971999999999_f2c8d1c4-1673-484b-a6dd-83ba0f631030\",\r\n \"name\": \"2518506971999999999_f2c8d1c4-1673-484b-a6dd-83ba0f631030\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-03T09:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with scripting/generic HTTP client Matched Data: python-requests found within REQUEST_HEADERS:User-Agent: python-requests/2.6.0 CPython/2.7.5 Linux/3.10.0-957.1.3.el7.x86_64\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"f2c8d1c4-1673-484b-a6dd-83ba0f631030\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"3\",\r\n \"source IPs\": \"176.32.33.80,202.111.175.134\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T10:00:37.6036112Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507007999999999_d08f4e21-7e7a-4f55-8d05-c262b6ea7296\",\r\n \"name\": \"2518507007999999999_d08f4e21-7e7a-4f55-8d05-c262b6ea7296\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T08:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"d08f4e21-7e7a-4f55-8d05-c262b6ea7296\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"200.170.107.213\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T09:00:23.6177593Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507043999999999_4113b94b-e345-435c-9860-319263f7dd62\",\r\n \"name\": \"2518507043999999999_4113b94b-e345-435c-9860-319263f7dd62\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T07:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"4113b94b-e345-435c-9860-319263f7dd62\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"3\",\r\n \"source IPs\": \"185.53.88.120,177.95.121.11\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T08:00:08.812839Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507043999999999_61e42d8a-87ae-4aad-909c-c68cf39040d4\",\r\n \"name\": \"2518507043999999999_61e42d8a-87ae-4aad-909c-c68cf39040d4\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T07:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 5)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"61e42d8a-87ae-4aad-909c-c68cf39040d4\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"185.53.88.120\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T08:00:08.812839Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507043999999999_61fd9c97-c980-48c2-b39a-defed87af2a2\",\r\n \"name\": \"2518507043999999999_61fd9c97-c980-48c2-b39a-defed87af2a2\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T07:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"61fd9c97-c980-48c2-b39a-defed87af2a2\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"189.211.124.220\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T08:00:08.812839Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507079999999999_1b89d7cb-b586-4a38-ad61-75bbaebf2170\",\r\n \"name\": \"2518507079999999999_1b89d7cb-b586-4a38-ad61-75bbaebf2170\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-03T06:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with security scanner Matched Data: masscan found within REQUEST_HEADERS:User-Agent: masscan/1.0 (https://github.com/robertdavidgraham/masscan)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"1b89d7cb-b586-4a38-ad61-75bbaebf2170\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"185.165.169.28\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T07:00:54.0188006Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507079999999999_c2c1230a-f1d5-4fe1-9aa3-0a77e7299186\",\r\n \"name\": \"2518507079999999999_c2c1230a-f1d5-4fe1-9aa3-0a77e7299186\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T06:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 8)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"c2c1230a-f1d5-4fe1-9aa3-0a77e7299186\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"185.165.169.28\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T07:00:53.5777047Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507079999999999_eac52c76-659b-498e-91f5-525511b48ded\",\r\n \"name\": \"2518507079999999999_eac52c76-659b-498e-91f5-525511b48ded\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T06:00:00Z\",\r\n \"description\": \"Detail:Request Missing a Host Header\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"eac52c76-659b-498e-91f5-525511b48ded\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"185.165.169.28\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T07:00:54.0188006Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507115999999999_3f4c572d-c6c7-440c-84e7-7a3f4cd866af\",\r\n \"name\": \"2518507115999999999_3f4c572d-c6c7-440c-84e7-7a3f4cd866af\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T05:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"3f4c572d-c6c7-440c-84e7-7a3f4cd866af\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"191.19.210.54\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T06:00:38.331985Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507115999999999_537e6f2f-d393-4cdf-a530-3255b9cc34c9\",\r\n \"name\": \"2518507115999999999_537e6f2f-d393-4cdf-a530-3255b9cc34c9\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T05:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 8)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"537e6f2f-d393-4cdf-a530-3255b9cc34c9\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"176.32.33.80,106.75.63.218\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T06:00:38.8618086Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507115999999999_b291073d-47ad-4563-b5be-d3cc4955e3db\",\r\n \"name\": \"2518507115999999999_b291073d-47ad-4563-b5be-d3cc4955e3db\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-03T05:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with scripting/generic HTTP client Matched Data: python-requests found within REQUEST_HEADERS:User-Agent: python-requests/2.6.0 CPython/2.7.5 Linux/3.10.0-957.1.3.el7.x86_64\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"b291073d-47ad-4563-b5be-d3cc4955e3db\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T06:00:38.8618086Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507115999999999_c9b1c4e8-589e-4c7e-945f-ef107e422d0e\",\r\n \"name\": \"2518507115999999999_c9b1c4e8-589e-4c7e-945f-ef107e422d0e\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T05:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"c9b1c4e8-589e-4c7e-945f-ef107e422d0e\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"3\",\r\n \"source IPs\": \"176.32.33.80,106.75.63.218\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T06:00:38.8618086Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507151999999999_395b050b-039c-42ac-84eb-93d3e7faea3e\",\r\n \"name\": \"2518507151999999999_395b050b-039c-42ac-84eb-93d3e7faea3e\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T04:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"395b050b-039c-42ac-84eb-93d3e7faea3e\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"82.227.32.4\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T05:00:24.7267003Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507151999999999_6db5bd58-9d70-42c8-b0c1-723f6cd5b8e7\",\r\n \"name\": \"2518507151999999999_6db5bd58-9d70-42c8-b0c1-723f6cd5b8e7\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T04:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 5)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"6db5bd58-9d70-42c8-b0c1-723f6cd5b8e7\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"82.227.32.4\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T05:00:24.2392146Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507223999999999_ee9ccd4a-9ffe-4674-93a3-8dce991f38ab\",\r\n \"name\": \"2518507223999999999_ee9ccd4a-9ffe-4674-93a3-8dce991f38ab\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T02:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"ee9ccd4a-9ffe-4674-93a3-8dce991f38ab\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"3\",\r\n \"source IPs\": \"46.201.249.7,91.192.33.145,95.133.40.164\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T03:00:56.5825657Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507295999999999_4fe4d5bf-6672-490d-b840-051c7f68b697\",\r\n \"name\": \"2518507295999999999_4fe4d5bf-6672-490d-b840-051c7f68b697\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T00:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 5)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"4fe4d5bf-6672-490d-b840-051c7f68b697\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"61.62.156.174\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T01:00:28.5948373Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507295999999999_863f36fb-20ad-45d2-9063-2a07be7f4d5f\",\r\n \"name\": \"2518507295999999999_863f36fb-20ad-45d2-9063-2a07be7f4d5f\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T00:00:00Z\",\r\n \"description\": \"Detail:Request Missing a Host Header\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"863f36fb-20ad-45d2-9063-2a07be7f4d5f\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"61.62.156.174\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T01:00:29.0871558Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507331999999999_3462bbf4-9200-4fdc-871c-01f2eb234c84\",\r\n \"name\": \"2518507331999999999_3462bbf4-9200-4fdc-871c-01f2eb234c84\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-02T23:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"3462bbf4-9200-4fdc-871c-01f2eb234c84\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"3\",\r\n \"source IPs\": \"179.110.96.144,95.85.11.140,185.219.135.195\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T00:00:16.354891Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507331999999999_99ba6c6b-501a-41df-a80a-d3c5fddff4e1\",\r\n \"name\": \"2518507331999999999_99ba6c6b-501a-41df-a80a-d3c5fddff4e1\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-02T23:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"99ba6c6b-501a-41df-a80a-d3c5fddff4e1\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"185.219.135.195\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T00:00:15.8819814Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507403999999999_7f0e0ee0-50f0-4f6d-87f6-3a386629e3ee\",\r\n \"name\": \"2518507403999999999_7f0e0ee0-50f0-4f6d-87f6-3a386629e3ee\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-02T21:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"7f0e0ee0-50f0-4f6d-87f6-3a386629e3ee\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"1.245.46.34,200.207.141.250\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-02T22:00:38.1461713Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507403999999999_b8d1e867-333f-4776-bfb1-23dc9d0f3883\",\r\n \"name\": \"2518507403999999999_b8d1e867-333f-4776-bfb1-23dc9d0f3883\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-02T21:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"b8d1e867-333f-4776-bfb1-23dc9d0f3883\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"42.51.32.9,200.207.141.250\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-02T22:00:38.6594318Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507439999999999_1b54ab81-5ca3-4ea0-a706-38112361afaa\",\r\n \"name\": \"2518507439999999999_1b54ab81-5ca3-4ea0-a706-38112361afaa\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-02T20:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with security scanner Matched Data: nmap scripting engine found within REQUEST_HEADERS:User-Agent: Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"bc09060f-3280-4734-a595-310679b63b8f.cloudapp.net\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"1b54ab81-5ca3-4ea0-a706-38112361afaa\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"16\",\r\n \"source IPs\": \"52.183.32.182\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-02T21:00:26.0576367Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507439999999999_3e947bdc-233d-4de1-8031-2038a4d74620\",\r\n \"name\": \"2518507439999999999_3e947bdc-233d-4de1-8031-2038a4d74620\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-02T20:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with security scanner Matched Data: nmap scripting engine found within REQUEST_HEADERS:User-Agent: Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"bc09060f-3280-4734-a595-310679b63b8f.cloudapp.net\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"3e947bdc-233d-4de1-8031-2038a4d74620\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"17\",\r\n \"source IPs\": \"52.183.32.182\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-02T21:00:26.0576367Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n }\r\n ],\r\n \"nextLink\": \"https://management.azure.com/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/providers/Microsoft.Security/alerts?api-version=2019-01-01&%24skiptoken=TY%2fLbqMwAEX%2fhcXsCDYBEkeqRmpqmKQFUmMbys482jjhNdhpIFX%2ffTLSLEa6u3N1ru6X0dWTfpHdWRmbLyPFCcWMxAdsbIyj1oPaWFYrOvFRt3WnF%2bJ2GetF2bcbx1la6lKocpSDln2nLGe9Kgpn7ZqFWwDTWcHaRCWoTAhWcOVB%2b33tIWsY%2b09Z1aOyQlmOverf9SKpy8so9WyJph61%2bikGaX7eK3frgw0gMgG854c6y4H257p7qOd9nGdHwAJ%2froIGiBRdEpu7u1MvwwSDeOvHJChvaQr3IUaYZyQXTT5QFl5D7HqknUIeTL8pq0iFIXulUcSDcKacPBcM4ZQy%2bbL9t9Gi5X%2fuZST9SDTcoYDwCrgey4YDDxSkkIwRQ0zc%2bIGfPmaaDWfxl9N9%2fHrze9pUzwJPjLUwFo0PUk6U4MNT%2bPQYccxA2pB9yNAv1uqI%2b0zv5FXSljuVT45v7dTQ1td5svOKjqtie5X8%2fj23OaABOr1lZChsR8anR2R8f%2f8B\"\r\n}",
+ "ResponseBody": "{\r\n \"value\": [\r\n {\r\n \"properties\": {\r\n \"detectedTimeUtc\": \"2020-05-04T14:28:27.6812319Z\",\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft\",\r\n \"alertDisplayName\": \"Azure Security Center test alert (not a threat)\",\r\n \"alertName\": \"VM_EICAR\",\r\n \"description\": \"This is a test alert generated by Azure Security Center. No further action is needed.\",\r\n \"remediationSteps\": \"No further action is needed.\",\r\n \"actionTaken\": \"Undefined\",\r\n \"reportedSeverity\": \"High\",\r\n \"compromisedEntity\": \"ALERTSTEST\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"ef6aa4e6-9c60-4405-8f08-f465e8e50cd2\",\r\n \"extendedProperties\": {\r\n \"compromised Host\": \"ALERTSTEST\",\r\n \"user Name\": \"WORKGROUP\\\\alertsTest$\",\r\n \"account Session Id\": \"0x3e7\",\r\n \"suspicious Process\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe\",\r\n \"suspicious Command Line\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"parent Process\": \"c:\\\\windows\\\\system32\\\\svchost.exe\",\r\n \"suspicious Process Id\": \"0x688\",\r\n \"arguments Auditing Enabled\": \"true\",\r\n \"enrichment_tas_threat__reports\": \"{\\\"Kind\\\":\\\"MultiLink\\\",\\\"DisplayValueToUrlDictionary\\\":{\\\"Report: EICAR File\\\":\\\"https://interflowwebportalext.trafficmanager.net/reports/DisplayReport?callerIdentity=ddd5443d-e6f4-441c-b52b-5278d2f21dfa&reportCreateDateTime=2020-05-04T09%3a13%3a05&reportName=MSTI-TS-EICAR-File.pdf&tenantId=387eb67f-0039-43ad-81b9-b66c6c0b1951&urlCreateDateTime=2020-05-04T09%3a13%3a05&token=aRLLv1q8UI%20eVn54OVy%20WbqcH7H9dSGDUOuWywymCrQ=\\\"}}\",\r\n \"resourceType\": \"Virtual Machine\"\r\n },\r\n \"state\": \"Dismissed\",\r\n \"reportedTimeUtc\": \"2020-05-04T14:29:05.5983077Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/mainws/providers/microsoft.operationalinsights/workspaces/securityuserws\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": [\r\n {\r\n \"$id\": \"westeurope_1\",\r\n \"dnsDomain\": \"\",\r\n \"ntDomain\": \"\",\r\n \"hostName\": \"ALERTSTEST\",\r\n \"netBiosName\": \"ALERTSTEST\",\r\n \"azureID\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"omsAgentID\": \"6bc4f1df-17e1-40f0-8227-f1635aea54dd\",\r\n \"osFamily\": \"Windows\",\r\n \"osVersion\": \"Windows\",\r\n \"isDomainJoined\": false,\r\n \"type\": \"host\"\r\n },\r\n {\r\n \"$id\": \"westeurope_2\",\r\n \"directory\": \"c:\\\\windows\\\\system32\",\r\n \"name\": \"svchost.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_3\",\r\n \"processId\": \"0x6ec\",\r\n \"commandLine\": \"\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_2\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_1\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_4\",\r\n \"name\": \"alertsTest$\",\r\n \"ntDomain\": \"WORKGROUP\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_1\"\r\n },\r\n \"sid\": \"S-1-5-18\",\r\n \"isDomainJoined\": true,\r\n \"type\": \"account\",\r\n \"LogonId\": \"0x3e7\"\r\n },\r\n {\r\n \"$id\": \"westeurope_5\",\r\n \"directory\": \"c:\\\\scripts\",\r\n \"name\": \"asc_alerttest_662jfi039n.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_6\",\r\n \"processId\": \"0x688\",\r\n \"commandLine\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"elevationToken\": \"Default\",\r\n \"creationTimeUtc\": \"2020-05-04T14:28:27.6812319Z\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_5\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_4\"\r\n },\r\n \"parentProcess\": {\r\n \"$ref\": \"westeurope_3\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_1\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_7\",\r\n \"sessionId\": \"0x3e7\",\r\n \"startTimeUtc\": \"2020-05-04T14:28:27.6812319Z\",\r\n \"endTimeUtc\": \"2020-05-04T14:28:27.6812319Z\",\r\n \"type\": \"host-logon-session\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_1\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_4\"\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Security/locations/westeurope/alerts/2518136982923187680_ef6aa4e6-9c60-4405-8f08-f465e8e50cd2\",\r\n \"name\": \"2518136982923187680_ef6aa4e6-9c60-4405-8f08-f465e8e50cd2\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\"\r\n },\r\n {\r\n \"properties\": {\r\n \"detectedTimeUtc\": \"2020-05-04T13:58:27.6787296Z\",\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft\",\r\n \"alertDisplayName\": \"Azure Security Center test alert (not a threat)\",\r\n \"alertName\": \"VM_EICAR\",\r\n \"description\": \"This is a test alert generated by Azure Security Center. No further action is needed.\",\r\n \"remediationSteps\": \"No further action is needed.\",\r\n \"actionTaken\": \"Undefined\",\r\n \"reportedSeverity\": \"High\",\r\n \"compromisedEntity\": \"ALERTSTEST\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"d25bac04-7492-4ece-9d75-7a377d74d833\",\r\n \"extendedProperties\": {\r\n \"compromised Host\": \"ALERTSTEST\",\r\n \"user Name\": \"WORKGROUP\\\\alertsTest$\",\r\n \"account Session Id\": \"0x3e7\",\r\n \"suspicious Process\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe\",\r\n \"suspicious Command Line\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"parent Process\": \"c:\\\\windows\\\\system32\\\\svchost.exe\",\r\n \"suspicious Process Id\": \"0x1c7c\",\r\n \"arguments Auditing Enabled\": \"true\",\r\n \"enrichment_tas_threat__reports\": \"{\\\"Kind\\\":\\\"MultiLink\\\",\\\"DisplayValueToUrlDictionary\\\":{\\\"Report: EICAR File\\\":\\\"https://interflowwebportalext.trafficmanager.net/reports/DisplayReport?callerIdentity=ddd5443d-e6f4-441c-b52b-5278d2f21dfa&reportCreateDateTime=2020-05-04T09%3a13%3a05&reportName=MSTI-TS-EICAR-File.pdf&tenantId=387eb67f-0039-43ad-81b9-b66c6c0b1951&urlCreateDateTime=2020-05-04T09%3a13%3a05&token=aRLLv1q8UI%20eVn54OVy%20WbqcH7H9dSGDUOuWywymCrQ=\\\"}}\",\r\n \"resourceType\": \"Virtual Machine\"\r\n },\r\n \"state\": \"Dismissed\",\r\n \"reportedTimeUtc\": \"2020-05-04T13:58:34.2198556Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/mainws/providers/microsoft.operationalinsights/workspaces/securityuserws\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": [\r\n {\r\n \"$id\": \"westeurope_8\",\r\n \"dnsDomain\": \"\",\r\n \"ntDomain\": \"\",\r\n \"hostName\": \"ALERTSTEST\",\r\n \"netBiosName\": \"ALERTSTEST\",\r\n \"azureID\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"omsAgentID\": \"6bc4f1df-17e1-40f0-8227-f1635aea54dd\",\r\n \"osFamily\": \"Windows\",\r\n \"osVersion\": \"Windows\",\r\n \"isDomainJoined\": false,\r\n \"type\": \"host\"\r\n },\r\n {\r\n \"$id\": \"westeurope_9\",\r\n \"directory\": \"c:\\\\windows\\\\system32\",\r\n \"name\": \"svchost.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_10\",\r\n \"processId\": \"0x6ec\",\r\n \"commandLine\": \"\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_9\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_8\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_11\",\r\n \"name\": \"alertsTest$\",\r\n \"ntDomain\": \"WORKGROUP\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_8\"\r\n },\r\n \"sid\": \"S-1-5-18\",\r\n \"isDomainJoined\": true,\r\n \"type\": \"account\",\r\n \"LogonId\": \"0x3e7\"\r\n },\r\n {\r\n \"$id\": \"westeurope_12\",\r\n \"directory\": \"c:\\\\scripts\",\r\n \"name\": \"asc_alerttest_662jfi039n.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_13\",\r\n \"processId\": \"0x1c7c\",\r\n \"commandLine\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"elevationToken\": \"Default\",\r\n \"creationTimeUtc\": \"2020-05-04T13:58:27.6787296Z\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_12\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_11\"\r\n },\r\n \"parentProcess\": {\r\n \"$ref\": \"westeurope_10\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_8\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_14\",\r\n \"sessionId\": \"0x3e7\",\r\n \"startTimeUtc\": \"2020-05-04T13:58:27.6787296Z\",\r\n \"endTimeUtc\": \"2020-05-04T13:58:27.6787296Z\",\r\n \"type\": \"host-logon-session\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_8\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_11\"\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Security/locations/westeurope/alerts/2518137000923212703_d25bac04-7492-4ece-9d75-7a377d74d833\",\r\n \"name\": \"2518137000923212703_d25bac04-7492-4ece-9d75-7a377d74d833\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\"\r\n },\r\n {\r\n \"properties\": {\r\n \"detectedTimeUtc\": \"2020-05-04T13:28:28.6861627Z\",\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft\",\r\n \"alertDisplayName\": \"Azure Security Center test alert (not a threat)\",\r\n \"alertName\": \"VM_EICAR\",\r\n \"description\": \"This is a test alert generated by Azure Security Center. No further action is needed.\",\r\n \"remediationSteps\": \"No further action is needed.\",\r\n \"actionTaken\": \"Undefined\",\r\n \"reportedSeverity\": \"High\",\r\n \"compromisedEntity\": \"ALERTSTEST\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"93d99441-2eff-436e-ab25-0307b3484bb4\",\r\n \"extendedProperties\": {\r\n \"compromised Host\": \"ALERTSTEST\",\r\n \"user Name\": \"WORKGROUP\\\\alertsTest$\",\r\n \"account Session Id\": \"0x3e7\",\r\n \"suspicious Process\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe\",\r\n \"suspicious Command Line\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"parent Process\": \"c:\\\\windows\\\\system32\\\\svchost.exe\",\r\n \"suspicious Process Id\": \"0x122c\",\r\n \"arguments Auditing Enabled\": \"true\",\r\n \"enrichment_tas_threat__reports\": \"{\\\"Kind\\\":\\\"MultiLink\\\",\\\"DisplayValueToUrlDictionary\\\":{\\\"Report: EICAR File\\\":\\\"https://interflowwebportalext.trafficmanager.net/reports/DisplayReport?callerIdentity=ddd5443d-e6f4-441c-b52b-5278d2f21dfa&reportCreateDateTime=2020-05-04T08%3a32%3a57&reportName=MSTI-TS-EICAR-File.pdf&tenantId=1c68e967-70a6-4cda-a34b-6d281cffe06e&urlCreateDateTime=2020-05-04T08%3a32%3a57&token=s7wyF62JLdEde8/SccnrGqIJxUOajFUpTETdhi3lCyY=\\\"}}\",\r\n \"resourceType\": \"Virtual Machine\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2020-05-04T13:28:59.9528247Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/mainws/providers/microsoft.operationalinsights/workspaces/securityuserws\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": [\r\n {\r\n \"$id\": \"westeurope_15\",\r\n \"dnsDomain\": \"\",\r\n \"ntDomain\": \"\",\r\n \"hostName\": \"ALERTSTEST\",\r\n \"netBiosName\": \"ALERTSTEST\",\r\n \"azureID\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"omsAgentID\": \"6bc4f1df-17e1-40f0-8227-f1635aea54dd\",\r\n \"osFamily\": \"Windows\",\r\n \"osVersion\": \"Windows\",\r\n \"isDomainJoined\": false,\r\n \"type\": \"host\"\r\n },\r\n {\r\n \"$id\": \"westeurope_16\",\r\n \"directory\": \"c:\\\\windows\\\\system32\",\r\n \"name\": \"svchost.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_17\",\r\n \"processId\": \"0x6ec\",\r\n \"commandLine\": \"\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_16\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_15\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_18\",\r\n \"name\": \"alertsTest$\",\r\n \"ntDomain\": \"WORKGROUP\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_15\"\r\n },\r\n \"sid\": \"S-1-5-18\",\r\n \"isDomainJoined\": true,\r\n \"type\": \"account\",\r\n \"LogonId\": \"0x3e7\"\r\n },\r\n {\r\n \"$id\": \"westeurope_19\",\r\n \"directory\": \"c:\\\\scripts\",\r\n \"name\": \"asc_alerttest_662jfi039n.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_20\",\r\n \"processId\": \"0x122c\",\r\n \"commandLine\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"elevationToken\": \"Default\",\r\n \"creationTimeUtc\": \"2020-05-04T13:28:28.6861627Z\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_19\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_18\"\r\n },\r\n \"parentProcess\": {\r\n \"$ref\": \"westeurope_17\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_15\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_21\",\r\n \"sessionId\": \"0x3e7\",\r\n \"startTimeUtc\": \"2020-05-04T13:28:28.6861627Z\",\r\n \"endTimeUtc\": \"2020-05-04T13:28:28.6861627Z\",\r\n \"type\": \"host-logon-session\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_15\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_18\"\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Security/locations/westeurope/alerts/2518137018913138372_93d99441-2eff-436e-ab25-0307b3484bb4\",\r\n \"name\": \"2518137018913138372_93d99441-2eff-436e-ab25-0307b3484bb4\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\"\r\n },\r\n {\r\n \"properties\": {\r\n \"detectedTimeUtc\": \"2020-05-04T13:00:33.4661745Z\",\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft\",\r\n \"alertDisplayName\": \"Azure Security Center test alert (not a threat)\",\r\n \"alertName\": \"VM_EICAR\",\r\n \"description\": \"This is a test alert generated by Azure Security Center. No further action is needed.\",\r\n \"remediationSteps\": \"No further action is needed.\",\r\n \"actionTaken\": \"Undefined\",\r\n \"reportedSeverity\": \"High\",\r\n \"compromisedEntity\": \"ALERTSTEST\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"a345cb85-18aa-4d14-9293-e4d2ba15cb9d\",\r\n \"extendedProperties\": {\r\n \"compromised Host\": \"ALERTSTEST\",\r\n \"user Name\": \"WORKGROUP\\\\alertsTest$\",\r\n \"account Session Id\": \"0x3e7\",\r\n \"suspicious Process\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe\",\r\n \"suspicious Command Line\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"parent Process\": \"c:\\\\windows\\\\system32\\\\svchost.exe\",\r\n \"suspicious Process Id\": \"0xe38\",\r\n \"arguments Auditing Enabled\": \"true\",\r\n \"enrichment_tas_threat__reports\": \"{\\\"Kind\\\":\\\"MultiLink\\\",\\\"DisplayValueToUrlDictionary\\\":{\\\"Report: EICAR File\\\":\\\"https://interflowwebportalext.trafficmanager.net/reports/DisplayReport?callerIdentity=ddd5443d-e6f4-441c-b52b-5278d2f21dfa&reportCreateDateTime=2020-05-04T09%3a13%3a05&reportName=MSTI-TS-EICAR-File.pdf&tenantId=387eb67f-0039-43ad-81b9-b66c6c0b1951&urlCreateDateTime=2020-05-04T09%3a13%3a05&token=aRLLv1q8UI%20eVn54OVy%20WbqcH7H9dSGDUOuWywymCrQ=\\\"}}\",\r\n \"resourceType\": \"Virtual Machine\"\r\n },\r\n \"state\": \"Dismissed\",\r\n \"reportedTimeUtc\": \"2020-05-04T13:00:37.889087Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/mainws/providers/microsoft.operationalinsights/workspaces/securityuserws\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": [\r\n {\r\n \"$id\": \"westeurope_22\",\r\n \"dnsDomain\": \"\",\r\n \"ntDomain\": \"\",\r\n \"hostName\": \"ALERTSTEST\",\r\n \"netBiosName\": \"ALERTSTEST\",\r\n \"azureID\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"omsAgentID\": \"6bc4f1df-17e1-40f0-8227-f1635aea54dd\",\r\n \"osFamily\": \"Windows\",\r\n \"osVersion\": \"Windows\",\r\n \"isDomainJoined\": false,\r\n \"type\": \"host\"\r\n },\r\n {\r\n \"$id\": \"westeurope_23\",\r\n \"directory\": \"c:\\\\windows\\\\system32\",\r\n \"name\": \"svchost.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_24\",\r\n \"processId\": \"0x6ec\",\r\n \"commandLine\": \"\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_23\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_22\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_25\",\r\n \"name\": \"alertsTest$\",\r\n \"ntDomain\": \"WORKGROUP\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_22\"\r\n },\r\n \"sid\": \"S-1-5-18\",\r\n \"isDomainJoined\": true,\r\n \"type\": \"account\",\r\n \"LogonId\": \"0x3e7\"\r\n },\r\n {\r\n \"$id\": \"westeurope_26\",\r\n \"directory\": \"c:\\\\scripts\",\r\n \"name\": \"asc_alerttest_662jfi039n.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_27\",\r\n \"processId\": \"0xe38\",\r\n \"commandLine\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"elevationToken\": \"Default\",\r\n \"creationTimeUtc\": \"2020-05-04T13:00:33.4661745Z\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_26\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_25\"\r\n },\r\n \"parentProcess\": {\r\n \"$ref\": \"westeurope_24\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_22\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_28\",\r\n \"sessionId\": \"0x3e7\",\r\n \"startTimeUtc\": \"2020-05-04T13:00:33.4661745Z\",\r\n \"endTimeUtc\": \"2020-05-04T13:00:33.4661745Z\",\r\n \"type\": \"host-logon-session\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_22\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_25\"\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Security/locations/westeurope/alerts/2518137035665338254_a345cb85-18aa-4d14-9293-e4d2ba15cb9d\",\r\n \"name\": \"2518137035665338254_a345cb85-18aa-4d14-9293-e4d2ba15cb9d\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\"\r\n },\r\n {\r\n \"properties\": {\r\n \"detectedTimeUtc\": \"2020-05-04T12:59:14.1546616Z\",\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft\",\r\n \"alertDisplayName\": \"Azure Security Center test alert (not a threat)\",\r\n \"alertName\": \"VM_EICAR\",\r\n \"description\": \"This is a test alert generated by Azure Security Center. No further action is needed.\",\r\n \"remediationSteps\": \"No further action is needed.\",\r\n \"actionTaken\": \"Undefined\",\r\n \"reportedSeverity\": \"High\",\r\n \"compromisedEntity\": \"ALERTSTEST\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"d763b77f-129c-4e95-af39-5c4b4c411b5b\",\r\n \"extendedProperties\": {\r\n \"compromised Host\": \"ALERTSTEST\",\r\n \"user Name\": \"WORKGROUP\\\\alertsTest$\",\r\n \"account Session Id\": \"0x3e7\",\r\n \"suspicious Process\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe\",\r\n \"suspicious Command Line\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"parent Process\": \"c:\\\\windows\\\\system32\\\\svchost.exe\",\r\n \"suspicious Process Id\": \"0xe7c\",\r\n \"arguments Auditing Enabled\": \"true\",\r\n \"enrichment_tas_threat__reports\": \"{\\\"Kind\\\":\\\"MultiLink\\\",\\\"DisplayValueToUrlDictionary\\\":{\\\"Report: EICAR File\\\":\\\"https://interflowwebportalext.trafficmanager.net/reports/DisplayReport?callerIdentity=ddd5443d-e6f4-441c-b52b-5278d2f21dfa&reportCreateDateTime=2020-05-04T08%3a32%3a57&reportName=MSTI-TS-EICAR-File.pdf&tenantId=1c68e967-70a6-4cda-a34b-6d281cffe06e&urlCreateDateTime=2020-05-04T08%3a32%3a57&token=s7wyF62JLdEde8/SccnrGqIJxUOajFUpTETdhi3lCyY=\\\"}}\",\r\n \"resourceType\": \"Virtual Machine\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2020-05-04T12:59:35.6273663Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/mainws/providers/microsoft.operationalinsights/workspaces/securityuserws\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": [\r\n {\r\n \"$id\": \"westeurope_29\",\r\n \"dnsDomain\": \"\",\r\n \"ntDomain\": \"\",\r\n \"hostName\": \"ALERTSTEST\",\r\n \"netBiosName\": \"ALERTSTEST\",\r\n \"azureID\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"omsAgentID\": \"6bc4f1df-17e1-40f0-8227-f1635aea54dd\",\r\n \"osFamily\": \"Windows\",\r\n \"osVersion\": \"Windows\",\r\n \"isDomainJoined\": false,\r\n \"type\": \"host\"\r\n },\r\n {\r\n \"$id\": \"westeurope_30\",\r\n \"directory\": \"c:\\\\windows\\\\system32\",\r\n \"name\": \"svchost.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_31\",\r\n \"processId\": \"0x6ec\",\r\n \"commandLine\": \"\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_30\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_29\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_32\",\r\n \"name\": \"alertsTest$\",\r\n \"ntDomain\": \"WORKGROUP\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_29\"\r\n },\r\n \"sid\": \"S-1-5-18\",\r\n \"isDomainJoined\": true,\r\n \"type\": \"account\",\r\n \"LogonId\": \"0x3e7\"\r\n },\r\n {\r\n \"$id\": \"westeurope_33\",\r\n \"directory\": \"c:\\\\scripts\",\r\n \"name\": \"asc_alerttest_662jfi039n.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_34\",\r\n \"processId\": \"0xe7c\",\r\n \"commandLine\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"elevationToken\": \"Default\",\r\n \"creationTimeUtc\": \"2020-05-04T12:59:14.1546616Z\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_33\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_32\"\r\n },\r\n \"parentProcess\": {\r\n \"$ref\": \"westeurope_31\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_29\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_35\",\r\n \"sessionId\": \"0x3e7\",\r\n \"startTimeUtc\": \"2020-05-04T12:59:14.1546616Z\",\r\n \"endTimeUtc\": \"2020-05-04T12:59:14.1546616Z\",\r\n \"type\": \"host-logon-session\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_29\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_32\"\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Security/locations/westeurope/alerts/2518137036458453383_d763b77f-129c-4e95-af39-5c4b4c411b5b\",\r\n \"name\": \"2518137036458453383_d763b77f-129c-4e95-af39-5c4b4c411b5b\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\"\r\n },\r\n {\r\n \"properties\": {\r\n \"detectedTimeUtc\": \"2020-05-04T12:58:28.5855194Z\",\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft\",\r\n \"alertDisplayName\": \"Azure Security Center test alert (not a threat)\",\r\n \"alertName\": \"VM_EICAR\",\r\n \"description\": \"This is a test alert generated by Azure Security Center. No further action is needed.\",\r\n \"remediationSteps\": \"No further action is needed.\",\r\n \"actionTaken\": \"Undefined\",\r\n \"reportedSeverity\": \"High\",\r\n \"compromisedEntity\": \"ALERTSTEST\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"a3d0999b-cdfc-41d9-9d28-ee1335f03081\",\r\n \"extendedProperties\": {\r\n \"compromised Host\": \"ALERTSTEST\",\r\n \"user Name\": \"WORKGROUP\\\\alertsTest$\",\r\n \"account Session Id\": \"0x3e7\",\r\n \"suspicious Process\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe\",\r\n \"suspicious Command Line\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"parent Process\": \"c:\\\\windows\\\\system32\\\\svchost.exe\",\r\n \"suspicious Process Id\": \"0xfac\",\r\n \"arguments Auditing Enabled\": \"true\",\r\n \"enrichment_tas_threat__reports\": \"{\\\"Kind\\\":\\\"MultiLink\\\",\\\"DisplayValueToUrlDictionary\\\":{\\\"Report: EICAR File\\\":\\\"https://interflowwebportalext.trafficmanager.net/reports/DisplayReport?callerIdentity=ddd5443d-e6f4-441c-b52b-5278d2f21dfa&reportCreateDateTime=2020-05-04T09%3a23%3a00&reportName=MSTI-TS-EICAR-File.pdf&tenantId=b11492db-77a6-4ec0-9ff7-17b6ba420e1e&urlCreateDateTime=2020-05-04T09%3a23%3a00&token=XhSuWhrbEKAk2sXS1TcK0SVTLOehFDirzLCUSUoWPL4=\\\"}}\",\r\n \"resourceType\": \"Virtual Machine\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2020-05-04T12:58:46.4927078Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/mainws/providers/microsoft.operationalinsights/workspaces/securityuserws\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": [\r\n {\r\n \"$id\": \"westeurope_36\",\r\n \"dnsDomain\": \"\",\r\n \"ntDomain\": \"\",\r\n \"hostName\": \"ALERTSTEST\",\r\n \"netBiosName\": \"ALERTSTEST\",\r\n \"azureID\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"omsAgentID\": \"6bc4f1df-17e1-40f0-8227-f1635aea54dd\",\r\n \"osFamily\": \"Windows\",\r\n \"osVersion\": \"Windows\",\r\n \"isDomainJoined\": false,\r\n \"type\": \"host\"\r\n },\r\n {\r\n \"$id\": \"westeurope_37\",\r\n \"directory\": \"c:\\\\windows\\\\system32\",\r\n \"name\": \"svchost.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_38\",\r\n \"processId\": \"0x6ec\",\r\n \"commandLine\": \"\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_37\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_36\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_39\",\r\n \"name\": \"alertsTest$\",\r\n \"ntDomain\": \"WORKGROUP\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_36\"\r\n },\r\n \"sid\": \"S-1-5-18\",\r\n \"isDomainJoined\": true,\r\n \"type\": \"account\",\r\n \"LogonId\": \"0x3e7\"\r\n },\r\n {\r\n \"$id\": \"westeurope_40\",\r\n \"directory\": \"c:\\\\scripts\",\r\n \"name\": \"asc_alerttest_662jfi039n.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_41\",\r\n \"processId\": \"0xfac\",\r\n \"commandLine\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"elevationToken\": \"Default\",\r\n \"creationTimeUtc\": \"2020-05-04T12:58:28.5855194Z\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_40\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_39\"\r\n },\r\n \"parentProcess\": {\r\n \"$ref\": \"westeurope_38\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_36\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_42\",\r\n \"sessionId\": \"0x3e7\",\r\n \"startTimeUtc\": \"2020-05-04T12:58:28.5855194Z\",\r\n \"endTimeUtc\": \"2020-05-04T12:58:28.5855194Z\",\r\n \"type\": \"host-logon-session\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_36\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_39\"\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Security/locations/westeurope/alerts/2518137036914144805_a3d0999b-cdfc-41d9-9d28-ee1335f03081\",\r\n \"name\": \"2518137036914144805_a3d0999b-cdfc-41d9-9d28-ee1335f03081\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\"\r\n },\r\n {\r\n \"properties\": {\r\n \"detectedTimeUtc\": \"2020-05-04T12:57:47.8805382Z\",\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft\",\r\n \"alertDisplayName\": \"Azure Security Center test alert (not a threat)\",\r\n \"alertName\": \"VM_EICAR\",\r\n \"description\": \"This is a test alert generated by Azure Security Center. No further action is needed.\",\r\n \"remediationSteps\": \"No further action is needed.\",\r\n \"actionTaken\": \"Undefined\",\r\n \"reportedSeverity\": \"High\",\r\n \"compromisedEntity\": \"ALERTSTEST\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"adafe5f0-ade9-47b4-86f3-3155038827f6\",\r\n \"extendedProperties\": {\r\n \"compromised Host\": \"ALERTSTEST\",\r\n \"user Name\": \"WORKGROUP\\\\alertsTest$\",\r\n \"account Session Id\": \"0x3e7\",\r\n \"suspicious Process\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe\",\r\n \"suspicious Command Line\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"parent Process\": \"c:\\\\windows\\\\system32\\\\svchost.exe\",\r\n \"suspicious Process Id\": \"0x1d50\",\r\n \"arguments Auditing Enabled\": \"true\",\r\n \"enrichment_tas_threat__reports\": \"{\\\"Kind\\\":\\\"MultiLink\\\",\\\"DisplayValueToUrlDictionary\\\":{\\\"Report: EICAR File\\\":\\\"https://interflowwebportalext.trafficmanager.net/reports/DisplayReport?callerIdentity=ddd5443d-e6f4-441c-b52b-5278d2f21dfa&reportCreateDateTime=2020-05-04T08%3a32%3a57&reportName=MSTI-TS-EICAR-File.pdf&tenantId=1c68e967-70a6-4cda-a34b-6d281cffe06e&urlCreateDateTime=2020-05-04T08%3a32%3a57&token=s7wyF62JLdEde8/SccnrGqIJxUOajFUpTETdhi3lCyY=\\\"}}\",\r\n \"resourceType\": \"Virtual Machine\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2020-05-04T12:57:53.7990186Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/mainws/providers/microsoft.operationalinsights/workspaces/securityuserws\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": [\r\n {\r\n \"$id\": \"westeurope_43\",\r\n \"dnsDomain\": \"\",\r\n \"ntDomain\": \"\",\r\n \"hostName\": \"ALERTSTEST\",\r\n \"netBiosName\": \"ALERTSTEST\",\r\n \"azureID\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"omsAgentID\": \"6bc4f1df-17e1-40f0-8227-f1635aea54dd\",\r\n \"osFamily\": \"Windows\",\r\n \"osVersion\": \"Windows\",\r\n \"isDomainJoined\": false,\r\n \"type\": \"host\"\r\n },\r\n {\r\n \"$id\": \"westeurope_44\",\r\n \"directory\": \"c:\\\\windows\\\\system32\",\r\n \"name\": \"svchost.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_45\",\r\n \"processId\": \"0x6ec\",\r\n \"commandLine\": \"\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_44\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_43\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_46\",\r\n \"name\": \"alertsTest$\",\r\n \"ntDomain\": \"WORKGROUP\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_43\"\r\n },\r\n \"sid\": \"S-1-5-18\",\r\n \"isDomainJoined\": true,\r\n \"type\": \"account\",\r\n \"LogonId\": \"0x3e7\"\r\n },\r\n {\r\n \"$id\": \"westeurope_47\",\r\n \"directory\": \"c:\\\\scripts\",\r\n \"name\": \"asc_alerttest_662jfi039n.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_48\",\r\n \"processId\": \"0x1d50\",\r\n \"commandLine\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"elevationToken\": \"Default\",\r\n \"creationTimeUtc\": \"2020-05-04T12:57:47.8805382Z\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_47\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_46\"\r\n },\r\n \"parentProcess\": {\r\n \"$ref\": \"westeurope_45\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_43\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_49\",\r\n \"sessionId\": \"0x3e7\",\r\n \"startTimeUtc\": \"2020-05-04T12:57:47.8805382Z\",\r\n \"endTimeUtc\": \"2020-05-04T12:57:47.8805382Z\",\r\n \"type\": \"host-logon-session\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_43\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_46\"\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Security/locations/westeurope/alerts/2518137037321194617_adafe5f0-ade9-47b4-86f3-3155038827f6\",\r\n \"name\": \"2518137037321194617_adafe5f0-ade9-47b4-86f3-3155038827f6\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\"\r\n }\r\n ]\r\n}",
"StatusCode": 200
},
{
- "RequestUri": "/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/providers/Microsoft.Security/locations/centralus/alerts?api-version=2019-01-01",
- "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvNDg3YmI0ODUtYjViMC00NzFlLTljMGQtMTA3MTc2MTJmODY5L3Byb3ZpZGVycy9NaWNyb3NvZnQuU2VjdXJpdHkvbG9jYXRpb25zL2NlbnRyYWx1cy9hbGVydHM/YXBpLXZlcnNpb249MjAxOS0wMS0wMQ==",
+ "RequestUri": "/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/providers/Microsoft.Security/locations/westeurope/alerts?api-version=2019-01-01",
+ "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvNDg3YmI0ODUtYjViMC00NzFlLTljMGQtMTA3MTc2MTJmODY5L3Byb3ZpZGVycy9NaWNyb3NvZnQuU2VjdXJpdHkvbG9jYXRpb25zL3dlc3RldXJvcGUvYWxlcnRzP2FwaS12ZXJzaW9uPTIwMTktMDEtMDE=",
"RequestMethod": "GET",
"RequestBody": "",
"RequestHeaders": {
"x-ms-client-request-id": [
- "61156a87-2827-481a-b8e6-89a9e845d9da"
+ "e838d894-6df8-41ea-bbc2-6a1b68e91dce"
],
"accept-language": [
"en-US"
@@ -79,8 +79,8 @@
"User-Agent": [
"FxVersion/4.6.26614.01",
"OSName/Windows",
- "OSVersion/Microsoft.Windows.10.0.17763.",
- "Microsoft.Azure.Management.Security.SecurityCenterClient/0.11.0.0"
+ "OSVersion/Microsoft.Windows.10.0.18363.",
+ "Microsoft.Azure.Management.Security.SecurityCenterClient/1.1.3.0"
]
},
"ResponseHeaders": {
@@ -88,7 +88,7 @@
"no-cache"
],
"Date": [
- "Mon, 04 Mar 2019 16:02:03 GMT"
+ "Mon, 04 May 2020 14:43:04 GMT"
],
"Pragma": [
"no-cache"
@@ -100,22 +100,22 @@
"max-age=31536000; includeSubDomains"
],
"x-ms-request-id": [
- "c83c05cd-3b64-4550-93bd-76166e060d44"
+ "ec742a1c-5e9b-4297-be19-3ba38e42d5eb"
],
"x-ms-ratelimit-remaining-subscription-resource-requests": [
"749"
],
"x-ms-correlation-request-id": [
- "61dfc0e1-ec58-4bf8-9c67-0986130aae71"
+ "37e4365f-dd66-4f66-b822-0e3c5d7f8848"
],
"x-ms-routing-request-id": [
- "UKWEST:20190304T160203Z:61dfc0e1-ec58-4bf8-9c67-0986130aae71"
+ "GERMANYWESTCENTRAL:20200504T144305Z:37e4365f-dd66-4f66-b822-0e3c5d7f8848"
],
"X-Content-Type-Options": [
"nosniff"
],
"Content-Length": [
- "3795"
+ "25641"
],
"Content-Type": [
"application/json; charset=utf-8"
@@ -124,12 +124,10 @@
"-1"
]
},
- "ResponseBody": "{\r\n \"value\": [\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/rg/providers/Microsoft.Security/locations/centralus/alerts/2518532788749999999_66276b36-db2a-4b2c-84ad-9676fe753a01\",\r\n \"name\": \"2518532788749999999_66276b36-db2a-4b2c-84ad-9676fe753a01\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft\",\r\n \"alertDisplayName\": \"Web fingerprinting detected\",\r\n \"alertName\": \"APPS_Nmap\",\r\n \"detectedTimeUtc\": \"2019-03-03T17:40:43Z\",\r\n \"description\": \"Azure App Service activity log indicates a possible web fingerprinting activity on your App Service resource.The suspicious activity detected is associated with NMAP. Attackers often use this tool for probing the web application to find vulnerabilities.\",\r\n \"remediationSteps\": \"If only specific IP addresses should be allowed to access the web app, set IP restrictions (https://docs.microsoft.com/azure/app-service/app-service-ip-restrictions) for it.\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"High\",\r\n \"compromisedEntity\": \"sitename\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/rg/providers/Microsoft.Web/sites/sitename\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"b3d77198-6f95-40ed-9675-10001c2e93cc\",\r\n \"extendedProperties\": {\r\n \"last Event Time\": \"2/11/2019 5:40:46 PM\",\r\n \"sample URIs\": \"/sdk, /, /.git/HEAD, /favicon.ico, /evox/about, /robots.txt, /nmaplowercheck1549906843, /HNAP1\",\r\n \"sample User Agents\": \"Mozilla/5.0+(compatible;+Nmap+Scripting+Engine;+https://nmap.org/book/nse.html)\",\r\n \"sample Referer\": \"-\",\r\n \"resourceType\": \"App Service\"\r\n },\r\n \"state\": \"Dismissed\",\r\n \"reportedTimeUtc\": \"2019-03-03T20:41:03.846Z\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": [\r\n {\r\n \"$id\": \"centralus_1\",\r\n \"hostName\": \"sitename\",\r\n \"azureID\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/rg/providers/Microsoft.Web/sites/sitename\",\r\n \"type\": \"host\"\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/providers/Microsoft.Security/locations/centralus/alerts/2518532788749999999_66276b36-db2a-4b2c-84ad-9676fe753a02\",\r\n \"name\": \"2518532788749999999_66276b36-db2a-4b2c-84ad-9676fe753a02\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft\",\r\n \"alertDisplayName\": \"Web fingerprinting detected\",\r\n \"alertName\": \"APPS_Nmap\",\r\n \"detectedTimeUtc\": \"2019-03-03T17:40:43Z\",\r\n \"description\": \"Azure App Service activity log indicates a possible web fingerprinting activity on your App Service resource.The suspicious activity detected is associated with NMAP. Attackers often use this tool for probing the web application to find vulnerabilities.\",\r\n \"remediationSteps\": \"If only specific IP addresses should be allowed to access the web app, set IP restrictions (https://docs.microsoft.com/azure/app-service/app-service-ip-restrictions) for it.\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"High\",\r\n \"compromisedEntity\": \"sitename\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/providers/Microsoft.Web/sites/sitename\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"b3d77198-6f95-40ed-9675-10001c2e93cd\",\r\n \"extendedProperties\": {\r\n \"last Event Time\": \"2/11/2019 5:40:46 PM\",\r\n \"sample URIs\": \"/sdk, /, /.git/HEAD, /favicon.ico, /evox/about, /robots.txt, /nmaplowercheck1549906843, /HNAP1\",\r\n \"sample User Agents\": \"Mozilla/5.0+(compatible;+Nmap+Scripting+Engine;+https://nmap.org/book/nse.html)\",\r\n \"sample Referer\": \"-\",\r\n \"resourceType\": \"App Service\"\r\n },\r\n \"state\": \"Dismissed\",\r\n \"reportedTimeUtc\": \"2019-03-03T20:41:03.846Z\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": [\r\n {\r\n \"$id\": \"centralus_2\",\r\n \"hostName\": \"sitename\",\r\n \"azureID\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/providers/Microsoft.Web/sites/sitename\",\r\n \"type\": \"host\"\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n}",
+ "ResponseBody": "{\r\n \"value\": [\r\n {\r\n \"properties\": {\r\n \"detectedTimeUtc\": \"2020-05-04T14:28:27.6812319Z\",\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft\",\r\n \"alertDisplayName\": \"Azure Security Center test alert (not a threat)\",\r\n \"alertName\": \"VM_EICAR\",\r\n \"description\": \"This is a test alert generated by Azure Security Center. No further action is needed.\",\r\n \"remediationSteps\": \"No further action is needed.\",\r\n \"actionTaken\": \"Undefined\",\r\n \"reportedSeverity\": \"High\",\r\n \"compromisedEntity\": \"ALERTSTEST\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"ef6aa4e6-9c60-4405-8f08-f465e8e50cd2\",\r\n \"extendedProperties\": {\r\n \"compromised Host\": \"ALERTSTEST\",\r\n \"user Name\": \"WORKGROUP\\\\alertsTest$\",\r\n \"account Session Id\": \"0x3e7\",\r\n \"suspicious Process\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe\",\r\n \"suspicious Command Line\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"parent Process\": \"c:\\\\windows\\\\system32\\\\svchost.exe\",\r\n \"suspicious Process Id\": \"0x688\",\r\n \"arguments Auditing Enabled\": \"true\",\r\n \"enrichment_tas_threat__reports\": \"{\\\"Kind\\\":\\\"MultiLink\\\",\\\"DisplayValueToUrlDictionary\\\":{\\\"Report: EICAR File\\\":\\\"https://interflowwebportalext.trafficmanager.net/reports/DisplayReport?callerIdentity=ddd5443d-e6f4-441c-b52b-5278d2f21dfa&reportCreateDateTime=2020-05-04T09%3a13%3a05&reportName=MSTI-TS-EICAR-File.pdf&tenantId=387eb67f-0039-43ad-81b9-b66c6c0b1951&urlCreateDateTime=2020-05-04T09%3a13%3a05&token=aRLLv1q8UI%20eVn54OVy%20WbqcH7H9dSGDUOuWywymCrQ=\\\"}}\",\r\n \"resourceType\": \"Virtual Machine\"\r\n },\r\n \"state\": \"Dismissed\",\r\n \"reportedTimeUtc\": \"2020-05-04T14:29:05.5983077Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/mainws/providers/microsoft.operationalinsights/workspaces/securityuserws\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": [\r\n {\r\n \"$id\": \"westeurope_1\",\r\n \"dnsDomain\": \"\",\r\n \"ntDomain\": \"\",\r\n \"hostName\": \"ALERTSTEST\",\r\n \"netBiosName\": \"ALERTSTEST\",\r\n \"azureID\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"omsAgentID\": \"6bc4f1df-17e1-40f0-8227-f1635aea54dd\",\r\n \"osFamily\": \"Windows\",\r\n \"osVersion\": \"Windows\",\r\n \"isDomainJoined\": false,\r\n \"type\": \"host\"\r\n },\r\n {\r\n \"$id\": \"westeurope_2\",\r\n \"directory\": \"c:\\\\windows\\\\system32\",\r\n \"name\": \"svchost.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_3\",\r\n \"processId\": \"0x6ec\",\r\n \"commandLine\": \"\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_2\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_1\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_4\",\r\n \"name\": \"alertsTest$\",\r\n \"ntDomain\": \"WORKGROUP\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_1\"\r\n },\r\n \"sid\": \"S-1-5-18\",\r\n \"isDomainJoined\": true,\r\n \"type\": \"account\",\r\n \"LogonId\": \"0x3e7\"\r\n },\r\n {\r\n \"$id\": \"westeurope_5\",\r\n \"directory\": \"c:\\\\scripts\",\r\n \"name\": \"asc_alerttest_662jfi039n.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_6\",\r\n \"processId\": \"0x688\",\r\n \"commandLine\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"elevationToken\": \"Default\",\r\n \"creationTimeUtc\": \"2020-05-04T14:28:27.6812319Z\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_5\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_4\"\r\n },\r\n \"parentProcess\": {\r\n \"$ref\": \"westeurope_3\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_1\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_7\",\r\n \"sessionId\": \"0x3e7\",\r\n \"startTimeUtc\": \"2020-05-04T14:28:27.6812319Z\",\r\n \"endTimeUtc\": \"2020-05-04T14:28:27.6812319Z\",\r\n \"type\": \"host-logon-session\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_1\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_4\"\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Security/locations/westeurope/alerts/2518136982923187680_ef6aa4e6-9c60-4405-8f08-f465e8e50cd2\",\r\n \"name\": \"2518136982923187680_ef6aa4e6-9c60-4405-8f08-f465e8e50cd2\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\"\r\n },\r\n {\r\n \"properties\": {\r\n \"detectedTimeUtc\": \"2020-05-04T13:58:27.6787296Z\",\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft\",\r\n \"alertDisplayName\": \"Azure Security Center test alert (not a threat)\",\r\n \"alertName\": \"VM_EICAR\",\r\n \"description\": \"This is a test alert generated by Azure Security Center. No further action is needed.\",\r\n \"remediationSteps\": \"No further action is needed.\",\r\n \"actionTaken\": \"Undefined\",\r\n \"reportedSeverity\": \"High\",\r\n \"compromisedEntity\": \"ALERTSTEST\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"d25bac04-7492-4ece-9d75-7a377d74d833\",\r\n \"extendedProperties\": {\r\n \"compromised Host\": \"ALERTSTEST\",\r\n \"user Name\": \"WORKGROUP\\\\alertsTest$\",\r\n \"account Session Id\": \"0x3e7\",\r\n \"suspicious Process\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe\",\r\n \"suspicious Command Line\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"parent Process\": \"c:\\\\windows\\\\system32\\\\svchost.exe\",\r\n \"suspicious Process Id\": \"0x1c7c\",\r\n \"arguments Auditing Enabled\": \"true\",\r\n \"enrichment_tas_threat__reports\": \"{\\\"Kind\\\":\\\"MultiLink\\\",\\\"DisplayValueToUrlDictionary\\\":{\\\"Report: EICAR File\\\":\\\"https://interflowwebportalext.trafficmanager.net/reports/DisplayReport?callerIdentity=ddd5443d-e6f4-441c-b52b-5278d2f21dfa&reportCreateDateTime=2020-05-04T09%3a13%3a05&reportName=MSTI-TS-EICAR-File.pdf&tenantId=387eb67f-0039-43ad-81b9-b66c6c0b1951&urlCreateDateTime=2020-05-04T09%3a13%3a05&token=aRLLv1q8UI%20eVn54OVy%20WbqcH7H9dSGDUOuWywymCrQ=\\\"}}\",\r\n \"resourceType\": \"Virtual Machine\"\r\n },\r\n \"state\": \"Dismissed\",\r\n \"reportedTimeUtc\": \"2020-05-04T13:58:34.2198556Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/mainws/providers/microsoft.operationalinsights/workspaces/securityuserws\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": [\r\n {\r\n \"$id\": \"westeurope_8\",\r\n \"dnsDomain\": \"\",\r\n \"ntDomain\": \"\",\r\n \"hostName\": \"ALERTSTEST\",\r\n \"netBiosName\": \"ALERTSTEST\",\r\n \"azureID\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"omsAgentID\": \"6bc4f1df-17e1-40f0-8227-f1635aea54dd\",\r\n \"osFamily\": \"Windows\",\r\n \"osVersion\": \"Windows\",\r\n \"isDomainJoined\": false,\r\n \"type\": \"host\"\r\n },\r\n {\r\n \"$id\": \"westeurope_9\",\r\n \"directory\": \"c:\\\\windows\\\\system32\",\r\n \"name\": \"svchost.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_10\",\r\n \"processId\": \"0x6ec\",\r\n \"commandLine\": \"\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_9\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_8\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_11\",\r\n \"name\": \"alertsTest$\",\r\n \"ntDomain\": \"WORKGROUP\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_8\"\r\n },\r\n \"sid\": \"S-1-5-18\",\r\n \"isDomainJoined\": true,\r\n \"type\": \"account\",\r\n \"LogonId\": \"0x3e7\"\r\n },\r\n {\r\n \"$id\": \"westeurope_12\",\r\n \"directory\": \"c:\\\\scripts\",\r\n \"name\": \"asc_alerttest_662jfi039n.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_13\",\r\n \"processId\": \"0x1c7c\",\r\n \"commandLine\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"elevationToken\": \"Default\",\r\n \"creationTimeUtc\": \"2020-05-04T13:58:27.6787296Z\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_12\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_11\"\r\n },\r\n \"parentProcess\": {\r\n \"$ref\": \"westeurope_10\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_8\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_14\",\r\n \"sessionId\": \"0x3e7\",\r\n \"startTimeUtc\": \"2020-05-04T13:58:27.6787296Z\",\r\n \"endTimeUtc\": \"2020-05-04T13:58:27.6787296Z\",\r\n \"type\": \"host-logon-session\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_8\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_11\"\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Security/locations/westeurope/alerts/2518137000923212703_d25bac04-7492-4ece-9d75-7a377d74d833\",\r\n \"name\": \"2518137000923212703_d25bac04-7492-4ece-9d75-7a377d74d833\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\"\r\n },\r\n {\r\n \"properties\": {\r\n \"detectedTimeUtc\": \"2020-05-04T13:28:28.6861627Z\",\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft\",\r\n \"alertDisplayName\": \"Azure Security Center test alert (not a threat)\",\r\n \"alertName\": \"VM_EICAR\",\r\n \"description\": \"This is a test alert generated by Azure Security Center. No further action is needed.\",\r\n \"remediationSteps\": \"No further action is needed.\",\r\n \"actionTaken\": \"Undefined\",\r\n \"reportedSeverity\": \"High\",\r\n \"compromisedEntity\": \"ALERTSTEST\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"93d99441-2eff-436e-ab25-0307b3484bb4\",\r\n \"extendedProperties\": {\r\n \"compromised Host\": \"ALERTSTEST\",\r\n \"user Name\": \"WORKGROUP\\\\alertsTest$\",\r\n \"account Session Id\": \"0x3e7\",\r\n \"suspicious Process\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe\",\r\n \"suspicious Command Line\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"parent Process\": \"c:\\\\windows\\\\system32\\\\svchost.exe\",\r\n \"suspicious Process Id\": \"0x122c\",\r\n \"arguments Auditing Enabled\": \"true\",\r\n \"enrichment_tas_threat__reports\": \"{\\\"Kind\\\":\\\"MultiLink\\\",\\\"DisplayValueToUrlDictionary\\\":{\\\"Report: EICAR File\\\":\\\"https://interflowwebportalext.trafficmanager.net/reports/DisplayReport?callerIdentity=ddd5443d-e6f4-441c-b52b-5278d2f21dfa&reportCreateDateTime=2020-05-04T08%3a32%3a57&reportName=MSTI-TS-EICAR-File.pdf&tenantId=1c68e967-70a6-4cda-a34b-6d281cffe06e&urlCreateDateTime=2020-05-04T08%3a32%3a57&token=s7wyF62JLdEde8/SccnrGqIJxUOajFUpTETdhi3lCyY=\\\"}}\",\r\n \"resourceType\": \"Virtual Machine\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2020-05-04T13:28:59.9528247Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/mainws/providers/microsoft.operationalinsights/workspaces/securityuserws\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": [\r\n {\r\n \"$id\": \"westeurope_15\",\r\n \"dnsDomain\": \"\",\r\n \"ntDomain\": \"\",\r\n \"hostName\": \"ALERTSTEST\",\r\n \"netBiosName\": \"ALERTSTEST\",\r\n \"azureID\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"omsAgentID\": \"6bc4f1df-17e1-40f0-8227-f1635aea54dd\",\r\n \"osFamily\": \"Windows\",\r\n \"osVersion\": \"Windows\",\r\n \"isDomainJoined\": false,\r\n \"type\": \"host\"\r\n },\r\n {\r\n \"$id\": \"westeurope_16\",\r\n \"directory\": \"c:\\\\windows\\\\system32\",\r\n \"name\": \"svchost.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_17\",\r\n \"processId\": \"0x6ec\",\r\n \"commandLine\": \"\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_16\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_15\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_18\",\r\n \"name\": \"alertsTest$\",\r\n \"ntDomain\": \"WORKGROUP\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_15\"\r\n },\r\n \"sid\": \"S-1-5-18\",\r\n \"isDomainJoined\": true,\r\n \"type\": \"account\",\r\n \"LogonId\": \"0x3e7\"\r\n },\r\n {\r\n \"$id\": \"westeurope_19\",\r\n \"directory\": \"c:\\\\scripts\",\r\n \"name\": \"asc_alerttest_662jfi039n.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_20\",\r\n \"processId\": \"0x122c\",\r\n \"commandLine\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"elevationToken\": \"Default\",\r\n \"creationTimeUtc\": \"2020-05-04T13:28:28.6861627Z\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_19\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_18\"\r\n },\r\n \"parentProcess\": {\r\n \"$ref\": \"westeurope_17\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_15\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_21\",\r\n \"sessionId\": \"0x3e7\",\r\n \"startTimeUtc\": \"2020-05-04T13:28:28.6861627Z\",\r\n \"endTimeUtc\": \"2020-05-04T13:28:28.6861627Z\",\r\n \"type\": \"host-logon-session\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_15\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_18\"\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Security/locations/westeurope/alerts/2518137018913138372_93d99441-2eff-436e-ab25-0307b3484bb4\",\r\n \"name\": \"2518137018913138372_93d99441-2eff-436e-ab25-0307b3484bb4\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\"\r\n },\r\n {\r\n \"properties\": {\r\n \"detectedTimeUtc\": \"2020-05-04T13:00:33.4661745Z\",\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft\",\r\n \"alertDisplayName\": \"Azure Security Center test alert (not a threat)\",\r\n \"alertName\": \"VM_EICAR\",\r\n \"description\": \"This is a test alert generated by Azure Security Center. No further action is needed.\",\r\n \"remediationSteps\": \"No further action is needed.\",\r\n \"actionTaken\": \"Undefined\",\r\n \"reportedSeverity\": \"High\",\r\n \"compromisedEntity\": \"ALERTSTEST\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"a345cb85-18aa-4d14-9293-e4d2ba15cb9d\",\r\n \"extendedProperties\": {\r\n \"compromised Host\": \"ALERTSTEST\",\r\n \"user Name\": \"WORKGROUP\\\\alertsTest$\",\r\n \"account Session Id\": \"0x3e7\",\r\n \"suspicious Process\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe\",\r\n \"suspicious Command Line\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"parent Process\": \"c:\\\\windows\\\\system32\\\\svchost.exe\",\r\n \"suspicious Process Id\": \"0xe38\",\r\n \"arguments Auditing Enabled\": \"true\",\r\n \"enrichment_tas_threat__reports\": \"{\\\"Kind\\\":\\\"MultiLink\\\",\\\"DisplayValueToUrlDictionary\\\":{\\\"Report: EICAR File\\\":\\\"https://interflowwebportalext.trafficmanager.net/reports/DisplayReport?callerIdentity=ddd5443d-e6f4-441c-b52b-5278d2f21dfa&reportCreateDateTime=2020-05-04T09%3a13%3a05&reportName=MSTI-TS-EICAR-File.pdf&tenantId=387eb67f-0039-43ad-81b9-b66c6c0b1951&urlCreateDateTime=2020-05-04T09%3a13%3a05&token=aRLLv1q8UI%20eVn54OVy%20WbqcH7H9dSGDUOuWywymCrQ=\\\"}}\",\r\n \"resourceType\": \"Virtual Machine\"\r\n },\r\n \"state\": \"Dismissed\",\r\n \"reportedTimeUtc\": \"2020-05-04T13:00:37.889087Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/mainws/providers/microsoft.operationalinsights/workspaces/securityuserws\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": [\r\n {\r\n \"$id\": \"westeurope_22\",\r\n \"dnsDomain\": \"\",\r\n \"ntDomain\": \"\",\r\n \"hostName\": \"ALERTSTEST\",\r\n \"netBiosName\": \"ALERTSTEST\",\r\n \"azureID\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"omsAgentID\": \"6bc4f1df-17e1-40f0-8227-f1635aea54dd\",\r\n \"osFamily\": \"Windows\",\r\n \"osVersion\": \"Windows\",\r\n \"isDomainJoined\": false,\r\n \"type\": \"host\"\r\n },\r\n {\r\n \"$id\": \"westeurope_23\",\r\n \"directory\": \"c:\\\\windows\\\\system32\",\r\n \"name\": \"svchost.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_24\",\r\n \"processId\": \"0x6ec\",\r\n \"commandLine\": \"\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_23\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_22\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_25\",\r\n \"name\": \"alertsTest$\",\r\n \"ntDomain\": \"WORKGROUP\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_22\"\r\n },\r\n \"sid\": \"S-1-5-18\",\r\n \"isDomainJoined\": true,\r\n \"type\": \"account\",\r\n \"LogonId\": \"0x3e7\"\r\n },\r\n {\r\n \"$id\": \"westeurope_26\",\r\n \"directory\": \"c:\\\\scripts\",\r\n \"name\": \"asc_alerttest_662jfi039n.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_27\",\r\n \"processId\": \"0xe38\",\r\n \"commandLine\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"elevationToken\": \"Default\",\r\n \"creationTimeUtc\": \"2020-05-04T13:00:33.4661745Z\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_26\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_25\"\r\n },\r\n \"parentProcess\": {\r\n \"$ref\": \"westeurope_24\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_22\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_28\",\r\n \"sessionId\": \"0x3e7\",\r\n \"startTimeUtc\": \"2020-05-04T13:00:33.4661745Z\",\r\n \"endTimeUtc\": \"2020-05-04T13:00:33.4661745Z\",\r\n \"type\": \"host-logon-session\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_22\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_25\"\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Security/locations/westeurope/alerts/2518137035665338254_a345cb85-18aa-4d14-9293-e4d2ba15cb9d\",\r\n \"name\": \"2518137035665338254_a345cb85-18aa-4d14-9293-e4d2ba15cb9d\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\"\r\n },\r\n {\r\n \"properties\": {\r\n \"detectedTimeUtc\": \"2020-05-04T12:59:14.1546616Z\",\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft\",\r\n \"alertDisplayName\": \"Azure Security Center test alert (not a threat)\",\r\n \"alertName\": \"VM_EICAR\",\r\n \"description\": \"This is a test alert generated by Azure Security Center. No further action is needed.\",\r\n \"remediationSteps\": \"No further action is needed.\",\r\n \"actionTaken\": \"Undefined\",\r\n \"reportedSeverity\": \"High\",\r\n \"compromisedEntity\": \"ALERTSTEST\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"d763b77f-129c-4e95-af39-5c4b4c411b5b\",\r\n \"extendedProperties\": {\r\n \"compromised Host\": \"ALERTSTEST\",\r\n \"user Name\": \"WORKGROUP\\\\alertsTest$\",\r\n \"account Session Id\": \"0x3e7\",\r\n \"suspicious Process\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe\",\r\n \"suspicious Command Line\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"parent Process\": \"c:\\\\windows\\\\system32\\\\svchost.exe\",\r\n \"suspicious Process Id\": \"0xe7c\",\r\n \"arguments Auditing Enabled\": \"true\",\r\n \"enrichment_tas_threat__reports\": \"{\\\"Kind\\\":\\\"MultiLink\\\",\\\"DisplayValueToUrlDictionary\\\":{\\\"Report: EICAR File\\\":\\\"https://interflowwebportalext.trafficmanager.net/reports/DisplayReport?callerIdentity=ddd5443d-e6f4-441c-b52b-5278d2f21dfa&reportCreateDateTime=2020-05-04T08%3a32%3a57&reportName=MSTI-TS-EICAR-File.pdf&tenantId=1c68e967-70a6-4cda-a34b-6d281cffe06e&urlCreateDateTime=2020-05-04T08%3a32%3a57&token=s7wyF62JLdEde8/SccnrGqIJxUOajFUpTETdhi3lCyY=\\\"}}\",\r\n \"resourceType\": \"Virtual Machine\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2020-05-04T12:59:35.6273663Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/mainws/providers/microsoft.operationalinsights/workspaces/securityuserws\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": [\r\n {\r\n \"$id\": \"westeurope_29\",\r\n \"dnsDomain\": \"\",\r\n \"ntDomain\": \"\",\r\n \"hostName\": \"ALERTSTEST\",\r\n \"netBiosName\": \"ALERTSTEST\",\r\n \"azureID\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"omsAgentID\": \"6bc4f1df-17e1-40f0-8227-f1635aea54dd\",\r\n \"osFamily\": \"Windows\",\r\n \"osVersion\": \"Windows\",\r\n \"isDomainJoined\": false,\r\n \"type\": \"host\"\r\n },\r\n {\r\n \"$id\": \"westeurope_30\",\r\n \"directory\": \"c:\\\\windows\\\\system32\",\r\n \"name\": \"svchost.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_31\",\r\n \"processId\": \"0x6ec\",\r\n \"commandLine\": \"\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_30\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_29\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_32\",\r\n \"name\": \"alertsTest$\",\r\n \"ntDomain\": \"WORKGROUP\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_29\"\r\n },\r\n \"sid\": \"S-1-5-18\",\r\n \"isDomainJoined\": true,\r\n \"type\": \"account\",\r\n \"LogonId\": \"0x3e7\"\r\n },\r\n {\r\n \"$id\": \"westeurope_33\",\r\n \"directory\": \"c:\\\\scripts\",\r\n \"name\": \"asc_alerttest_662jfi039n.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_34\",\r\n \"processId\": \"0xe7c\",\r\n \"commandLine\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"elevationToken\": \"Default\",\r\n \"creationTimeUtc\": \"2020-05-04T12:59:14.1546616Z\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_33\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_32\"\r\n },\r\n \"parentProcess\": {\r\n \"$ref\": \"westeurope_31\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_29\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_35\",\r\n \"sessionId\": \"0x3e7\",\r\n \"startTimeUtc\": \"2020-05-04T12:59:14.1546616Z\",\r\n \"endTimeUtc\": \"2020-05-04T12:59:14.1546616Z\",\r\n \"type\": \"host-logon-session\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_29\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_32\"\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Security/locations/westeurope/alerts/2518137036458453383_d763b77f-129c-4e95-af39-5c4b4c411b5b\",\r\n \"name\": \"2518137036458453383_d763b77f-129c-4e95-af39-5c4b4c411b5b\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\"\r\n },\r\n {\r\n \"properties\": {\r\n \"detectedTimeUtc\": \"2020-05-04T12:58:28.5855194Z\",\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft\",\r\n \"alertDisplayName\": \"Azure Security Center test alert (not a threat)\",\r\n \"alertName\": \"VM_EICAR\",\r\n \"description\": \"This is a test alert generated by Azure Security Center. No further action is needed.\",\r\n \"remediationSteps\": \"No further action is needed.\",\r\n \"actionTaken\": \"Undefined\",\r\n \"reportedSeverity\": \"High\",\r\n \"compromisedEntity\": \"ALERTSTEST\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"a3d0999b-cdfc-41d9-9d28-ee1335f03081\",\r\n \"extendedProperties\": {\r\n \"compromised Host\": \"ALERTSTEST\",\r\n \"user Name\": \"WORKGROUP\\\\alertsTest$\",\r\n \"account Session Id\": \"0x3e7\",\r\n \"suspicious Process\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe\",\r\n \"suspicious Command Line\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"parent Process\": \"c:\\\\windows\\\\system32\\\\svchost.exe\",\r\n \"suspicious Process Id\": \"0xfac\",\r\n \"arguments Auditing Enabled\": \"true\",\r\n \"enrichment_tas_threat__reports\": \"{\\\"Kind\\\":\\\"MultiLink\\\",\\\"DisplayValueToUrlDictionary\\\":{\\\"Report: EICAR File\\\":\\\"https://interflowwebportalext.trafficmanager.net/reports/DisplayReport?callerIdentity=ddd5443d-e6f4-441c-b52b-5278d2f21dfa&reportCreateDateTime=2020-05-04T09%3a23%3a00&reportName=MSTI-TS-EICAR-File.pdf&tenantId=b11492db-77a6-4ec0-9ff7-17b6ba420e1e&urlCreateDateTime=2020-05-04T09%3a23%3a00&token=XhSuWhrbEKAk2sXS1TcK0SVTLOehFDirzLCUSUoWPL4=\\\"}}\",\r\n \"resourceType\": \"Virtual Machine\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2020-05-04T12:58:46.4927078Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/mainws/providers/microsoft.operationalinsights/workspaces/securityuserws\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": [\r\n {\r\n \"$id\": \"westeurope_36\",\r\n \"dnsDomain\": \"\",\r\n \"ntDomain\": \"\",\r\n \"hostName\": \"ALERTSTEST\",\r\n \"netBiosName\": \"ALERTSTEST\",\r\n \"azureID\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"omsAgentID\": \"6bc4f1df-17e1-40f0-8227-f1635aea54dd\",\r\n \"osFamily\": \"Windows\",\r\n \"osVersion\": \"Windows\",\r\n \"isDomainJoined\": false,\r\n \"type\": \"host\"\r\n },\r\n {\r\n \"$id\": \"westeurope_37\",\r\n \"directory\": \"c:\\\\windows\\\\system32\",\r\n \"name\": \"svchost.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_38\",\r\n \"processId\": \"0x6ec\",\r\n \"commandLine\": \"\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_37\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_36\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_39\",\r\n \"name\": \"alertsTest$\",\r\n \"ntDomain\": \"WORKGROUP\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_36\"\r\n },\r\n \"sid\": \"S-1-5-18\",\r\n \"isDomainJoined\": true,\r\n \"type\": \"account\",\r\n \"LogonId\": \"0x3e7\"\r\n },\r\n {\r\n \"$id\": \"westeurope_40\",\r\n \"directory\": \"c:\\\\scripts\",\r\n \"name\": \"asc_alerttest_662jfi039n.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_41\",\r\n \"processId\": \"0xfac\",\r\n \"commandLine\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"elevationToken\": \"Default\",\r\n \"creationTimeUtc\": \"2020-05-04T12:58:28.5855194Z\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_40\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_39\"\r\n },\r\n \"parentProcess\": {\r\n \"$ref\": \"westeurope_38\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_36\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_42\",\r\n \"sessionId\": \"0x3e7\",\r\n \"startTimeUtc\": \"2020-05-04T12:58:28.5855194Z\",\r\n \"endTimeUtc\": \"2020-05-04T12:58:28.5855194Z\",\r\n \"type\": \"host-logon-session\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_36\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_39\"\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Security/locations/westeurope/alerts/2518137036914144805_a3d0999b-cdfc-41d9-9d28-ee1335f03081\",\r\n \"name\": \"2518137036914144805_a3d0999b-cdfc-41d9-9d28-ee1335f03081\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\"\r\n },\r\n {\r\n \"properties\": {\r\n \"detectedTimeUtc\": \"2020-05-04T12:57:47.8805382Z\",\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft\",\r\n \"alertDisplayName\": \"Azure Security Center test alert (not a threat)\",\r\n \"alertName\": \"VM_EICAR\",\r\n \"description\": \"This is a test alert generated by Azure Security Center. No further action is needed.\",\r\n \"remediationSteps\": \"No further action is needed.\",\r\n \"actionTaken\": \"Undefined\",\r\n \"reportedSeverity\": \"High\",\r\n \"compromisedEntity\": \"ALERTSTEST\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"adafe5f0-ade9-47b4-86f3-3155038827f6\",\r\n \"extendedProperties\": {\r\n \"compromised Host\": \"ALERTSTEST\",\r\n \"user Name\": \"WORKGROUP\\\\alertsTest$\",\r\n \"account Session Id\": \"0x3e7\",\r\n \"suspicious Process\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe\",\r\n \"suspicious Command Line\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"parent Process\": \"c:\\\\windows\\\\system32\\\\svchost.exe\",\r\n \"suspicious Process Id\": \"0x1d50\",\r\n \"arguments Auditing Enabled\": \"true\",\r\n \"enrichment_tas_threat__reports\": \"{\\\"Kind\\\":\\\"MultiLink\\\",\\\"DisplayValueToUrlDictionary\\\":{\\\"Report: EICAR File\\\":\\\"https://interflowwebportalext.trafficmanager.net/reports/DisplayReport?callerIdentity=ddd5443d-e6f4-441c-b52b-5278d2f21dfa&reportCreateDateTime=2020-05-04T08%3a32%3a57&reportName=MSTI-TS-EICAR-File.pdf&tenantId=1c68e967-70a6-4cda-a34b-6d281cffe06e&urlCreateDateTime=2020-05-04T08%3a32%3a57&token=s7wyF62JLdEde8/SccnrGqIJxUOajFUpTETdhi3lCyY=\\\"}}\",\r\n \"resourceType\": \"Virtual Machine\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2020-05-04T12:57:53.7990186Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/mainws/providers/microsoft.operationalinsights/workspaces/securityuserws\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": [\r\n {\r\n \"$id\": \"westeurope_43\",\r\n \"dnsDomain\": \"\",\r\n \"ntDomain\": \"\",\r\n \"hostName\": \"ALERTSTEST\",\r\n \"netBiosName\": \"ALERTSTEST\",\r\n \"azureID\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"omsAgentID\": \"6bc4f1df-17e1-40f0-8227-f1635aea54dd\",\r\n \"osFamily\": \"Windows\",\r\n \"osVersion\": \"Windows\",\r\n \"isDomainJoined\": false,\r\n \"type\": \"host\"\r\n },\r\n {\r\n \"$id\": \"westeurope_44\",\r\n \"directory\": \"c:\\\\windows\\\\system32\",\r\n \"name\": \"svchost.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_45\",\r\n \"processId\": \"0x6ec\",\r\n \"commandLine\": \"\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_44\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_43\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_46\",\r\n \"name\": \"alertsTest$\",\r\n \"ntDomain\": \"WORKGROUP\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_43\"\r\n },\r\n \"sid\": \"S-1-5-18\",\r\n \"isDomainJoined\": true,\r\n \"type\": \"account\",\r\n \"LogonId\": \"0x3e7\"\r\n },\r\n {\r\n \"$id\": \"westeurope_47\",\r\n \"directory\": \"c:\\\\scripts\",\r\n \"name\": \"asc_alerttest_662jfi039n.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_48\",\r\n \"processId\": \"0x1d50\",\r\n \"commandLine\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"elevationToken\": \"Default\",\r\n \"creationTimeUtc\": \"2020-05-04T12:57:47.8805382Z\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_47\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_46\"\r\n },\r\n \"parentProcess\": {\r\n \"$ref\": \"westeurope_45\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_43\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_49\",\r\n \"sessionId\": \"0x3e7\",\r\n \"startTimeUtc\": \"2020-05-04T12:57:47.8805382Z\",\r\n \"endTimeUtc\": \"2020-05-04T12:57:47.8805382Z\",\r\n \"type\": \"host-logon-session\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_43\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_46\"\r\n }\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Security/locations/westeurope/alerts/2518137037321194617_adafe5f0-ade9-47b4-86f3-3155038827f6\",\r\n \"name\": \"2518137037321194617_adafe5f0-ade9-47b4-86f3-3155038827f6\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\"\r\n }\r\n ]\r\n}",
"StatusCode": 200
}
],
"Names": {},
- "Variables": {
- "SubscriptionId": "487bb485-b5b0-471e-9c0d-10717612f869"
- }
+ "Variables": {}
}
\ No newline at end of file
diff --git a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/SecurityAlertsTests/SecurityAlerts_UpdateResourceGroupLevelAlertState.json b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/SecurityAlertsTests/SecurityAlerts_UpdateResourceGroupLevelAlertState.json
index 08a2115bdfe0..c38f3340fc8a 100644
--- a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/SecurityAlertsTests/SecurityAlerts_UpdateResourceGroupLevelAlertState.json
+++ b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/SecurityAlertsTests/SecurityAlerts_UpdateResourceGroupLevelAlertState.json
@@ -7,7 +7,7 @@
"RequestBody": "",
"RequestHeaders": {
"x-ms-client-request-id": [
- "32d8f3d0-c563-4832-baff-fc9d146fea62"
+ "e7974f7e-d5a6-40a6-af64-fd775324395f"
],
"accept-language": [
"en-US"
@@ -15,8 +15,8 @@
"User-Agent": [
"FxVersion/4.6.26614.01",
"OSName/Windows",
- "OSVersion/Microsoft.Windows.10.0.17763.",
- "Microsoft.Azure.Management.Security.SecurityCenterClient/0.11.0.0"
+ "OSVersion/Microsoft.Windows.10.0.18363.",
+ "Microsoft.Azure.Management.Security.SecurityCenterClient/1.1.3.0"
]
},
"ResponseHeaders": {
@@ -24,26 +24,26 @@
"no-cache"
],
"Date": [
- "Mon, 04 Mar 2019 16:01:55 GMT"
+ "Mon, 04 May 2020 14:42:58 GMT"
],
"Pragma": [
"no-cache"
],
"x-ms-original-request-ids": [
- "762a6440-ebe1-429b-b45d-ed4bc228c2c9",
- "5d0055cf-fe03-44f7-83df-da2dea41e094"
+ "c81f4298-920d-4b3c-9420-7795fd7e5c5e",
+ "042c46a0-b285-47ad-97f6-b9b84b4475ad"
],
"x-ms-ratelimit-remaining-subscription-resource-requests": [
"749"
],
"x-ms-request-id": [
- "d00e0fb3-6d6f-4418-94a4-a7db616d37b5"
+ "88032b70-0f23-471e-b6e7-d13e58985497"
],
"x-ms-correlation-request-id": [
- "d00e0fb3-6d6f-4418-94a4-a7db616d37b5"
+ "88032b70-0f23-471e-b6e7-d13e58985497"
],
"x-ms-routing-request-id": [
- "UKWEST:20190304T160156Z:d00e0fb3-6d6f-4418-94a4-a7db616d37b5"
+ "GERMANYWESTCENTRAL:20200504T144258Z:88032b70-0f23-471e-b6e7-d13e58985497"
],
"Strict-Transport-Security": [
"max-age=31536000; includeSubDomains"
@@ -52,7 +52,7 @@
"nosniff"
],
"Content-Length": [
- "169158"
+ "25638"
],
"Content-Type": [
"application/json; charset=utf-8"
@@ -65,13 +65,13 @@
"StatusCode": 200
},
{
- "RequestUri": "/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/rg/providers/Microsoft.Security/locations/centralus/alerts/2518532788749999999_66276b36-db2a-4b2c-84ad-9676fe753a01/Dismiss?api-version=2019-01-01",
- "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvNDg3YmI0ODUtYjViMC00NzFlLTljMGQtMTA3MTc2MTJmODY5L3Jlc291cmNlR3JvdXBzL3JnL3Byb3ZpZGVycy9NaWNyb3NvZnQuU2VjdXJpdHkvbG9jYXRpb25zL2NlbnRyYWx1cy9hbGVydHMvMjUxODUzMjc4ODc0OTk5OTk5OV82NjI3NmIzNi1kYjJhLTRiMmMtODRhZC05Njc2ZmU3NTNhMDEvRGlzbWlzcz9hcGktdmVyc2lvbj0yMDE5LTAxLTAx",
+ "RequestUri": "/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/rg/providers/Microsoft.Security/locations/centralus/alerts/2518532788749999999_66276b36-db2a-4b2c-84ad-9676fe753a01/dismiss?api-version=2019-01-01",
+ "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvNDg3YmI0ODUtYjViMC00NzFlLTljMGQtMTA3MTc2MTJmODY5L3Jlc291cmNlR3JvdXBzL3JnL3Byb3ZpZGVycy9NaWNyb3NvZnQuU2VjdXJpdHkvbG9jYXRpb25zL2NlbnRyYWx1cy9hbGVydHMvMjUxODUzMjc4ODc0OTk5OTk5OV82NjI3NmIzNi1kYjJhLTRiMmMtODRhZC05Njc2ZmU3NTNhMDEvZGlzbWlzcz9hcGktdmVyc2lvbj0yMDE5LTAxLTAx",
"RequestMethod": "POST",
"RequestBody": "",
"RequestHeaders": {
"x-ms-client-request-id": [
- "41b76c23-1bec-4267-bf1b-7fd75877cc29"
+ "45999d3b-c1bf-4327-a6b4-9685732f38c6"
],
"accept-language": [
"en-US"
@@ -79,8 +79,8 @@
"User-Agent": [
"FxVersion/4.6.26614.01",
"OSName/Windows",
- "OSVersion/Microsoft.Windows.10.0.17763.",
- "Microsoft.Azure.Management.Security.SecurityCenterClient/0.11.0.0"
+ "OSVersion/Microsoft.Windows.10.0.18363.",
+ "Microsoft.Azure.Management.Security.SecurityCenterClient/1.1.3.0"
]
},
"ResponseHeaders": {
@@ -88,7 +88,7 @@
"no-cache"
],
"Date": [
- "Mon, 04 Mar 2019 16:01:56 GMT"
+ "Mon, 04 May 2020 14:42:58 GMT"
],
"Pragma": [
"no-cache"
@@ -103,13 +103,13 @@
"1199"
],
"x-ms-request-id": [
- "fba02794-17f1-4841-845f-865b44961f77"
+ "d3d3ecb7-ceb8-4f6f-b4e0-b85afd84c5e3"
],
"x-ms-correlation-request-id": [
- "fba02794-17f1-4841-845f-865b44961f77"
+ "d3d3ecb7-ceb8-4f6f-b4e0-b85afd84c5e3"
],
"x-ms-routing-request-id": [
- "UKWEST:20190304T160157Z:fba02794-17f1-4841-845f-865b44961f77"
+ "GERMANYWESTCENTRAL:20200504T144259Z:d3d3ecb7-ceb8-4f6f-b4e0-b85afd84c5e3"
],
"X-Content-Type-Options": [
"nosniff"
diff --git a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/SecurityAlertsTests/SecurityAlerts_UpdateSubscriptionLevelAlertState.json b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/SecurityAlertsTests/SecurityAlerts_UpdateSubscriptionLevelAlertState.json
index 0f9c4c20f844..2764524317a9 100644
--- a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/SecurityAlertsTests/SecurityAlerts_UpdateSubscriptionLevelAlertState.json
+++ b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/SecurityAlertsTests/SecurityAlerts_UpdateSubscriptionLevelAlertState.json
@@ -7,7 +7,7 @@
"RequestBody": "",
"RequestHeaders": {
"x-ms-client-request-id": [
- "84299c44-ca38-437a-b07a-5166d70ccb18"
+ "e2d24959-88fd-4239-86d5-098fceab6697"
],
"accept-language": [
"en-US"
@@ -15,8 +15,8 @@
"User-Agent": [
"FxVersion/4.6.26614.01",
"OSName/Windows",
- "OSVersion/Microsoft.Windows.10.0.17763.",
- "Microsoft.Azure.Management.Security.SecurityCenterClient/0.11.0.0"
+ "OSVersion/Microsoft.Windows.10.0.18363.",
+ "Microsoft.Azure.Management.Security.SecurityCenterClient/1.1.3.0"
]
},
"ResponseHeaders": {
@@ -24,26 +24,26 @@
"no-cache"
],
"Date": [
- "Mon, 04 Mar 2019 16:02:05 GMT"
+ "Mon, 04 May 2020 14:43:07 GMT"
],
"Pragma": [
"no-cache"
],
"x-ms-original-request-ids": [
- "2ead2736-677a-4ca0-9b86-dc87ceed7952",
- "0316fdfe-2dcd-4259-8fb3-d275110c1530"
+ "3e8e1a3b-6c76-4a9a-875b-e46e29de7784",
+ "ca7cd4a0-c86d-4e27-aead-8ed71bb7765a"
],
"x-ms-ratelimit-remaining-subscription-resource-requests": [
- "748"
+ "749"
],
"x-ms-request-id": [
- "632d7ae8-3d9f-438a-bb40-8ce54cb91a6e"
+ "b759ad08-ae5f-4f73-a048-2f3bd9730af6"
],
"x-ms-correlation-request-id": [
- "632d7ae8-3d9f-438a-bb40-8ce54cb91a6e"
+ "b759ad08-ae5f-4f73-a048-2f3bd9730af6"
],
"x-ms-routing-request-id": [
- "UKWEST:20190304T160205Z:632d7ae8-3d9f-438a-bb40-8ce54cb91a6e"
+ "GERMANYWESTCENTRAL:20200504T144307Z:b759ad08-ae5f-4f73-a048-2f3bd9730af6"
],
"Strict-Transport-Security": [
"max-age=31536000; includeSubDomains"
@@ -52,7 +52,7 @@
"nosniff"
],
"Content-Length": [
- "169158"
+ "25641"
],
"Content-Type": [
"application/json; charset=utf-8"
@@ -61,17 +61,17 @@
"-1"
]
},
- "ResponseBody": "{\r\n \"value\": [\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/rg/providers/Microsoft.Security/locations/centralus/alerts/2518532788749999999_66276b36-db2a-4b2c-84ad-9676fe753a01\",\r\n \"name\": \"2518532788749999999_66276b36-db2a-4b2c-84ad-9676fe753a01\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft\",\r\n \"alertDisplayName\": \"Web fingerprinting detected\",\r\n \"alertName\": \"APPS_Nmap\",\r\n \"detectedTimeUtc\": \"2019-03-03T17:40:43Z\",\r\n \"description\": \"Azure App Service activity log indicates a possible web fingerprinting activity on your App Service resource.The suspicious activity detected is associated with NMAP. Attackers often use this tool for probing the web application to find vulnerabilities.\",\r\n \"remediationSteps\": \"If only specific IP addresses should be allowed to access the web app, set IP restrictions (https://docs.microsoft.com/azure/app-service/app-service-ip-restrictions) for it.\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"High\",\r\n \"compromisedEntity\": \"sitename\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/rg/providers/Microsoft.Web/sites/sitename\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"b3d77198-6f95-40ed-9675-10001c2e93cc\",\r\n \"extendedProperties\": {\r\n \"last Event Time\": \"2/11/2019 5:40:46 PM\",\r\n \"sample URIs\": \"/sdk, /, /.git/HEAD, /favicon.ico, /evox/about, /robots.txt, /nmaplowercheck1549906843, /HNAP1\",\r\n \"sample User Agents\": \"Mozilla/5.0+(compatible;+Nmap+Scripting+Engine;+https://nmap.org/book/nse.html)\",\r\n \"sample Referer\": \"-\",\r\n \"resourceType\": \"App Service\"\r\n },\r\n \"state\": \"Dismissed\",\r\n \"reportedTimeUtc\": \"2019-03-03T20:41:03.846Z\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": [\r\n {\r\n \"$id\": \"centralus_1\",\r\n \"hostName\": \"sitename\",\r\n \"azureID\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/rg/providers/Microsoft.Web/sites/sitename\",\r\n \"type\": \"host\"\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/providers/Microsoft.Security/locations/centralus/alerts/2518532788749999999_66276b36-db2a-4b2c-84ad-9676fe753a02\",\r\n \"name\": \"2518532788749999999_66276b36-db2a-4b2c-84ad-9676fe753a02\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft\",\r\n \"alertDisplayName\": \"Web fingerprinting detected\",\r\n \"alertName\": \"APPS_Nmap\",\r\n \"detectedTimeUtc\": \"2019-03-03T17:40:43Z\",\r\n \"description\": \"Azure App Service activity log indicates a possible web fingerprinting activity on your App Service resource.The suspicious activity detected is associated with NMAP. Attackers often use this tool for probing the web application to find vulnerabilities.\",\r\n \"remediationSteps\": \"If only specific IP addresses should be allowed to access the web app, set IP restrictions (https://docs.microsoft.com/azure/app-service/app-service-ip-restrictions) for it.\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"High\",\r\n \"compromisedEntity\": \"sitename\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/providers/Microsoft.Web/sites/sitename\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"b3d77198-6f95-40ed-9675-10001c2e93cd\",\r\n \"extendedProperties\": {\r\n \"last Event Time\": \"2/11/2019 5:40:46 PM\",\r\n \"sample URIs\": \"/sdk, /, /.git/HEAD, /favicon.ico, /evox/about, /robots.txt, /nmaplowercheck1549906843, /HNAP1\",\r\n \"sample User Agents\": \"Mozilla/5.0+(compatible;+Nmap+Scripting+Engine;+https://nmap.org/book/nse.html)\",\r\n \"sample Referer\": \"-\",\r\n \"resourceType\": \"App Service\"\r\n },\r\n \"state\": \"Dismissed\",\r\n \"reportedTimeUtc\": \"2019-03-03T20:41:03.846Z\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": [\r\n {\r\n \"$id\": \"centralus_2\",\r\n \"hostName\": \"sitename\",\r\n \"azureID\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/providers/Microsoft.Web/sites/sitename\",\r\n \"type\": \"host\"\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518505891999999999_c908c4ae-9a04-4d98-bb7e-18c82dfd9a81\",\r\n \"name\": \"2518505891999999999_c908c4ae-9a04-4d98-bb7e-18c82dfd9a81\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-04T15:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"c908c4ae-9a04-4d98-bb7e-18c82dfd9a81\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"159.192.218.25\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T16:00:11.489254Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518505927999999999_38e859b9-60eb-406d-aa42-a54dc5be9b17\",\r\n \"name\": \"2518505927999999999_38e859b9-60eb-406d-aa42-a54dc5be9b17\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-04T14:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"38e859b9-60eb-406d-aa42-a54dc5be9b17\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T15:00:56.8950851Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518505927999999999_3c3f8a61-1245-4e92-be38-ac054249f4a2\",\r\n \"name\": \"2518505927999999999_3c3f8a61-1245-4e92-be38-ac054249f4a2\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-04T14:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with scripting/generic HTTP client Matched Data: python-requests found within REQUEST_HEADERS:User-Agent: python-requests/2.6.0 CPython/2.7.5 Linux/3.10.0-957.1.3.el7.x86_64\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"3c3f8a61-1245-4e92-be38-ac054249f4a2\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T15:00:56.8950851Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518505927999999999_f646ad4c-8a5d-4355-9dfc-56a3f2521310\",\r\n \"name\": \"2518505927999999999_f646ad4c-8a5d-4355-9dfc-56a3f2521310\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-04T14:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 8)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"f646ad4c-8a5d-4355-9dfc-56a3f2521310\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T15:00:56.4081088Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518505963999999999_7e0b842e-b80f-4544-979d-952ed3b60db6\",\r\n \"name\": \"2518505963999999999_7e0b842e-b80f-4544-979d-952ed3b60db6\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-04T13:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"7e0b842e-b80f-4544-979d-952ed3b60db6\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"103.94.170.218,113.161.130.251\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T14:00:41.0033381Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506035999999999_4316a00c-7ac8-4b34-8b74-cf73e2a91b70\",\r\n \"name\": \"2518506035999999999_4316a00c-7ac8-4b34-8b74-cf73e2a91b70\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-04T11:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with scripting/generic HTTP client Matched Data: python-requests found within REQUEST_HEADERS:User-Agent: python-requests/2.6.0 CPython/2.7.5 Linux/3.10.0-957.1.3.el7.x86_64\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"4316a00c-7ac8-4b34-8b74-cf73e2a91b70\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T12:00:02.3651318Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506035999999999_553a1004-ff2f-4d39-9baf-cdb764aa6a1e\",\r\n \"name\": \"2518506035999999999_553a1004-ff2f-4d39-9baf-cdb764aa6a1e\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-04T11:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 8)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"553a1004-ff2f-4d39-9baf-cdb764aa6a1e\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T12:00:01.7153581Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506035999999999_d91570aa-65a5-46de-aee7-98b41a8027e4\",\r\n \"name\": \"2518506035999999999_d91570aa-65a5-46de-aee7-98b41a8027e4\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-04T11:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"d91570aa-65a5-46de-aee7-98b41a8027e4\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"176.32.33.80,103.212.90.36\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T12:00:02.3651318Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506071999999999_129ec79b-c7a6-4082-91af-c6733ce46447\",\r\n \"name\": \"2518506071999999999_129ec79b-c7a6-4082-91af-c6733ce46447\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-04T10:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"129ec79b-c7a6-4082-91af-c6733ce46447\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"51.83.15.87\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T11:00:48.0270644Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506071999999999_784f1ab8-ec53-4216-a522-52669e63bcde\",\r\n \"name\": \"2518506071999999999_784f1ab8-ec53-4216-a522-52669e63bcde\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-04T10:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"784f1ab8-ec53-4216-a522-52669e63bcde\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"45.115.6.194\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T11:00:48.4809846Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506179999999999_a4b834f3-2e4b-406c-bc49-1dc4339732e6\",\r\n \"name\": \"2518506179999999999_a4b834f3-2e4b-406c-bc49-1dc4339732e6\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-04T07:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 8)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"a4b834f3-2e4b-406c-bc49-1dc4339732e6\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T08:00:01.2466784Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506179999999999_e2dfaff2-872b-479b-8ead-f3473da44a88\",\r\n \"name\": \"2518506179999999999_e2dfaff2-872b-479b-8ead-f3473da44a88\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-04T07:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"e2dfaff2-872b-479b-8ead-f3473da44a88\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"179.110.123.218,176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T08:00:02.116777Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506179999999999_e67879f8-55f1-49a0-bfde-d8d076fae90e\",\r\n \"name\": \"2518506179999999999_e67879f8-55f1-49a0-bfde-d8d076fae90e\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-04T07:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with scripting/generic HTTP client Matched Data: python-requests found within REQUEST_HEADERS:User-Agent: python-requests/2.6.0 CPython/2.7.5 Linux/3.10.0-957.1.3.el7.x86_64\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"e67879f8-55f1-49a0-bfde-d8d076fae90e\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T08:00:02.116777Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506215999999999_137fc371-1c41-4da3-9f32-61dbf0c876b3\",\r\n \"name\": \"2518506215999999999_137fc371-1c41-4da3-9f32-61dbf0c876b3\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-04T06:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"137fc371-1c41-4da3-9f32-61dbf0c876b3\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"186.226.218.121,191.37.250.231\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T07:00:47.1096409Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506215999999999_d1922f41-45da-4c89-b3f0-ae2ee97ca464\",\r\n \"name\": \"2518506215999999999_d1922f41-45da-4c89-b3f0-ae2ee97ca464\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-04T06:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"d1922f41-45da-4c89-b3f0-ae2ee97ca464\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"109.73.182.157\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T07:00:46.5853915Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506251999999999_8ad58304-6c26-4379-89fc-b89fcfa1e747\",\r\n \"name\": \"2518506251999999999_8ad58304-6c26-4379-89fc-b89fcfa1e747\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-04T05:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"8ad58304-6c26-4379-89fc-b89fcfa1e747\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"185.123.233.160\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T06:00:33.4180269Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506287999999999_1ed08eec-64cc-4d93-9eea-ea73822c2320\",\r\n \"name\": \"2518506287999999999_1ed08eec-64cc-4d93-9eea-ea73822c2320\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-04T04:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"1ed08eec-64cc-4d93-9eea-ea73822c2320\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T05:00:20.5069656Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506287999999999_8f8d4f63-d98c-4e11-aa94-d1f3886b6afb\",\r\n \"name\": \"2518506287999999999_8f8d4f63-d98c-4e11-aa94-d1f3886b6afb\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-04T04:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with scripting/generic HTTP client Matched Data: python-requests found within REQUEST_HEADERS:User-Agent: python-requests/2.6.0 CPython/2.7.5 Linux/3.10.0-957.1.3.el7.x86_64\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"8f8d4f63-d98c-4e11-aa94-d1f3886b6afb\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T05:00:20.5069656Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506287999999999_e84d6d25-d3fd-4198-a9ea-8d1a695a8a0e\",\r\n \"name\": \"2518506287999999999_e84d6d25-d3fd-4198-a9ea-8d1a695a8a0e\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-04T04:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 8)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"e84d6d25-d3fd-4198-a9ea-8d1a695a8a0e\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T05:00:20.5069656Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506395999999999_025841f9-9581-450c-8349-b96da379d72c\",\r\n \"name\": \"2518506395999999999_025841f9-9581-450c-8349-b96da379d72c\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-04T01:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 8)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"025841f9-9581-450c-8349-b96da379d72c\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T02:00:39.9205038Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506395999999999_21099c91-d37e-4843-966e-55f53d3fe657\",\r\n \"name\": \"2518506395999999999_21099c91-d37e-4843-966e-55f53d3fe657\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-04T01:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with scripting/generic HTTP client Matched Data: python-requests found within REQUEST_HEADERS:User-Agent: python-requests/2.6.0 CPython/2.7.5 Linux/3.10.0-957.1.3.el7.x86_64\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"21099c91-d37e-4843-966e-55f53d3fe657\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T02:00:40.4337488Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506395999999999_997886ee-adcc-4233-b389-4f349a4e4f19\",\r\n \"name\": \"2518506395999999999_997886ee-adcc-4233-b389-4f349a4e4f19\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-04T01:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"997886ee-adcc-4233-b389-4f349a4e4f19\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T02:00:40.4337488Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506431999999999_3628cfac-0858-4075-873e-cb45feafc2d8\",\r\n \"name\": \"2518506431999999999_3628cfac-0858-4075-873e-cb45feafc2d8\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"METHOD-ENFORCEMENT\",\r\n \"alertName\": \"METHOD-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-04T00:00:00Z\",\r\n \"description\": \"Detail:Method is not allowed by policy PROPFIND\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"3628cfac-0858-4075-873e-cb45feafc2d8\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"123.206.22.203\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T01:00:24.1988577Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506431999999999_65048fd9-87b9-4d11-9570-f3ea77419866\",\r\n \"name\": \"2518506431999999999_65048fd9-87b9-4d11-9570-f3ea77419866\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-04T00:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"65048fd9-87b9-4d11-9570-f3ea77419866\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"108\",\r\n \"source IPs\": \"45.170.220.47,123.206.22.203,183.89.68.95\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T01:00:24.1988577Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506431999999999_a8a29940-e0bd-4742-95cc-c6d01e1afe48\",\r\n \"name\": \"2518506431999999999_a8a29940-e0bd-4742-95cc-c6d01e1afe48\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"APPLICATION-ATTACK-SQLI\",\r\n \"alertName\": \"APPLICATION-ATTACK-SQLI\",\r\n \"detectedTimeUtc\": \"2019-03-04T00:00:00Z\",\r\n \"description\": \"Detail:SQL Injection Attack Matched Data: md5 found within ARGS:h: die(@md5(M4rch));\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"a8a29940-e0bd-4742-95cc-c6d01e1afe48\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"16\",\r\n \"source IPs\": \"123.206.22.203\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T01:00:24.1988577Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506431999999999_b41572ea-083b-4743-ab2f-f653b504c3c3\",\r\n \"name\": \"2518506431999999999_b41572ea-083b-4743-ab2f-f653b504c3c3\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-04T00:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 5)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"b41572ea-083b-4743-ab2f-f653b504c3c3\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"41\",\r\n \"source IPs\": \"123.206.22.203\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T01:00:24.1988577Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506431999999999_b463a506-46aa-4a9d-8468-40e2ed74fae2\",\r\n \"name\": \"2518506431999999999_b463a506-46aa-4a9d-8468-40e2ed74fae2\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"APPLICATION-ATTACK-SQLI\",\r\n \"alertName\": \"APPLICATION-ATTACK-SQLI\",\r\n \"detectedTimeUtc\": \"2019-03-04T00:00:00Z\",\r\n \"description\": \"Detail:SQL Injection Attack Matched Data: md5 found within ARGS:h: die(@md5(M4rch));\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"b463a506-46aa-4a9d-8468-40e2ed74fae2\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"24\",\r\n \"source IPs\": \"123.206.22.203\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T01:00:23.6287102Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506431999999999_da18a55d-358d-499b-97e2-d4a9169d6d79\",\r\n \"name\": \"2518506431999999999_da18a55d-358d-499b-97e2-d4a9169d6d79\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-04T00:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 12)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"da18a55d-358d-499b-97e2-d4a9169d6d79\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"43\",\r\n \"source IPs\": \"123.206.22.203\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T01:00:24.1988577Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506431999999999_e188c598-6c5a-4b88-b062-53a84c8e5866\",\r\n \"name\": \"2518506431999999999_e188c598-6c5a-4b88-b062-53a84c8e5866\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-04T00:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"e188c598-6c5a-4b88-b062-53a84c8e5866\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"98\",\r\n \"source IPs\": \"123.206.22.203\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T01:00:24.1988577Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506431999999999_f3759b4d-98d9-4133-820f-c53404075381\",\r\n \"name\": \"2518506431999999999_f3759b4d-98d9-4133-820f-c53404075381\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"APPLICATION-ATTACK-LFI\",\r\n \"alertName\": \"APPLICATION-ATTACK-LFI\",\r\n \"detectedTimeUtc\": \"2019-03-04T00:00:00Z\",\r\n \"description\": \"Detail:Restricted File Access Attempt Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"f3759b4d-98d9-4133-820f-c53404075381\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"123.206.22.203\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T01:00:24.1988577Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506467999999999_e16ffb83-a733-495b-b767-56079cca194b\",\r\n \"name\": \"2518506467999999999_e16ffb83-a733-495b-b767-56079cca194b\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T23:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"e16ffb83-a733-495b-b767-56079cca194b\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"37.57.97.61\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T00:00:05.2118352Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506539999999999_96264969-2f25-4495-8e4a-26d705da8fa9\",\r\n \"name\": \"2518506539999999999_96264969-2f25-4495-8e4a-26d705da8fa9\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-03T21:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with scripting/generic HTTP client Matched Data: python-requests found within REQUEST_HEADERS:User-Agent: python-requests/2.6.0 CPython/2.7.5 Linux/3.10.0-957.1.3.el7.x86_64\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"96264969-2f25-4495-8e4a-26d705da8fa9\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T22:00:34.1747263Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506539999999999_dd92cb6e-f129-4405-9e18-11fa5c1252c2\",\r\n \"name\": \"2518506539999999999_dd92cb6e-f129-4405-9e18-11fa5c1252c2\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T21:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 8)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"dd92cb6e-f129-4405-9e18-11fa5c1252c2\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T22:00:33.6975993Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506539999999999_ecdf89d6-b2a2-4d32-9e16-f7cd67984891\",\r\n \"name\": \"2518506539999999999_ecdf89d6-b2a2-4d32-9e16-f7cd67984891\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T21:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"ecdf89d6-b2a2-4d32-9e16-f7cd67984891\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"41.50.83.103,176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T22:00:34.1747263Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506575999999999_5aee1028-31b6-4d35-93cc-569793a2d3a2\",\r\n \"name\": \"2518506575999999999_5aee1028-31b6-4d35-93cc-569793a2d3a2\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T20:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"5aee1028-31b6-4d35-93cc-569793a2d3a2\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"181.166.19.204\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T21:00:19.3291561Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506611999999999_3c7cfa09-e213-4490-ba8d-a11b72b6d000\",\r\n \"name\": \"2518506611999999999_3c7cfa09-e213-4490-ba8d-a11b72b6d000\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T19:00:00Z\",\r\n \"description\": \"Detail:Request Missing a Host Header\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"3c7cfa09-e213-4490-ba8d-a11b72b6d000\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"178.73.215.171\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T20:00:05.4039046Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506611999999999_af8a5586-7eae-4aba-bb14-5a0d9f18bb97\",\r\n \"name\": \"2518506611999999999_af8a5586-7eae-4aba-bb14-5a0d9f18bb97\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T19:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"af8a5586-7eae-4aba-bb14-5a0d9f18bb97\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"39.96.43.158,200.207.20.30\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T20:00:05.4039046Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506611999999999_ea4eb36f-4b5c-4b3d-a52e-b06a0a8634ac\",\r\n \"name\": \"2518506611999999999_ea4eb36f-4b5c-4b3d-a52e-b06a0a8634ac\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T19:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 5)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"ea4eb36f-4b5c-4b3d-a52e-b06a0a8634ac\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"178.73.215.171\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T20:00:04.9007841Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506647999999999_2049cf22-f78e-45c4-8c8d-620175ea9b67\",\r\n \"name\": \"2518506647999999999_2049cf22-f78e-45c4-8c8d-620175ea9b67\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"APPLICATION-ATTACK-SQLI\",\r\n \"alertName\": \"APPLICATION-ATTACK-SQLI\",\r\n \"detectedTimeUtc\": \"2019-03-03T18:00:00Z\",\r\n \"description\": \"Detail:SQL Injection Attack: SQL Tautology Detected. Matched Data: methodName>system found within ARGS_NAMES: system.listMethods : system.listMethods \",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"2049cf22-f78e-45c4-8c8d-620175ea9b67\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"52.183.58.122\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T19:00:51.2707099Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506647999999999_5dd2d179-737e-47de-a37d-c6b6731c149a\",\r\n \"name\": \"2518506647999999999_5dd2d179-737e-47de-a37d-c6b6731c149a\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-03T18:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with security scanner Matched Data: nmap scripting engine found within REQUEST_HEADERS:User-Agent: Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"5dd2d179-737e-47de-a37d-c6b6731c149a\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"16\",\r\n \"source IPs\": \"52.183.58.122\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T19:00:51.2707099Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506647999999999_7bc4f2d4-49d2-4e83-801e-18e5f7288546\",\r\n \"name\": \"2518506647999999999_7bc4f2d4-49d2-4e83-801e-18e5f7288546\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T18:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 5)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"7bc4f2d4-49d2-4e83-801e-18e5f7288546\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"17\",\r\n \"source IPs\": \"52.183.58.122\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T19:00:51.2707099Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506647999999999_7db374f1-b737-40f9-9801-427d6ded6631\",\r\n \"name\": \"2518506647999999999_7db374f1-b737-40f9-9801-427d6ded6631\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T18:00:00Z\",\r\n \"description\": \"Detail:Request Missing a Host Header\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"7db374f1-b737-40f9-9801-427d6ded6631\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"29\",\r\n \"source IPs\": \"52.183.58.122\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T19:00:51.2707099Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506647999999999_7fdd74ca-ecdc-47c7-8ede-237604683d32\",\r\n \"name\": \"2518506647999999999_7fdd74ca-ecdc-47c7-8ede-237604683d32\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T18:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 10)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"7fdd74ca-ecdc-47c7-8ede-237604683d32\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"18\",\r\n \"source IPs\": \"52.183.58.122\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T19:00:51.2707099Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506647999999999_8a49395c-6a4a-44c1-ada6-5d9e25ad2cb4\",\r\n \"name\": \"2518506647999999999_8a49395c-6a4a-44c1-ada6-5d9e25ad2cb4\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-03T18:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with security scanner Matched Data: nmap scripting engine found within REQUEST_HEADERS:User-Agent: Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"8a49395c-6a4a-44c1-ada6-5d9e25ad2cb4\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"16\",\r\n \"source IPs\": \"52.183.58.122\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T19:00:51.2707099Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506647999999999_9aa674cd-3d5a-44d0-ae78-26bb404bb9cd\",\r\n \"name\": \"2518506647999999999_9aa674cd-3d5a-44d0-ae78-26bb404bb9cd\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"APPLICATION-ATTACK-LFI\",\r\n \"alertName\": \"APPLICATION-ATTACK-LFI\",\r\n \"detectedTimeUtc\": \"2019-03-03T18:00:00Z\",\r\n \"description\": \"Detail:Restricted File Access Attempt Matched Data: /.git/ found within REQUEST_FILENAME: /.git/HEAD\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"9aa674cd-3d5a-44d0-ae78-26bb404bb9cd\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"52.183.58.122\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T19:00:50.6994998Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506647999999999_a1d6f3b7-f990-4f60-aa51-f9dedb286a93\",\r\n \"name\": \"2518506647999999999_a1d6f3b7-f990-4f60-aa51-f9dedb286a93\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"METHOD-ENFORCEMENT\",\r\n \"alertName\": \"METHOD-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T18:00:00Z\",\r\n \"description\": \"Detail:Method is not allowed by policy PROPFIND\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"a1d6f3b7-f990-4f60-aa51-f9dedb286a93\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"4\",\r\n \"source IPs\": \"52.183.58.122\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T19:00:51.2707099Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506647999999999_e88f0966-faba-4c11-806c-1dd3d0f02349\",\r\n \"name\": \"2518506647999999999_e88f0966-faba-4c11-806c-1dd3d0f02349\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T18:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"e88f0966-faba-4c11-806c-1dd3d0f02349\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"30\",\r\n \"source IPs\": \"52.183.58.122\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T19:00:51.2707099Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506683999999999_3ffd1f5a-8a43-42dd-950f-94a708c4eccf\",\r\n \"name\": \"2518506683999999999_3ffd1f5a-8a43-42dd-950f-94a708c4eccf\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-03T17:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with scripting/generic HTTP client Matched Data: Python-urllib found within REQUEST_HEADERS:User-Agent: Python-urllib/2.7\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"3ffd1f5a-8a43-42dd-950f-94a708c4eccf\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"5.189.188.237\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T18:00:33.544093Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506683999999999_45daf153-e9c2-4943-aa00-60a4d57dfe57\",\r\n \"name\": \"2518506683999999999_45daf153-e9c2-4943-aa00-60a4d57dfe57\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T17:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 5)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"45daf153-e9c2-4943-aa00-60a4d57dfe57\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"185\",\r\n \"source IPs\": \"153.37.197.94\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T18:00:34.0159991Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506683999999999_5f021722-537d-490c-bdfd-ac6fc510da5c\",\r\n \"name\": \"2518506683999999999_5f021722-537d-490c-bdfd-ac6fc510da5c\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T17:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"5f021722-537d-490c-bdfd-ac6fc510da5c\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"241\",\r\n \"source IPs\": \"153.37.197.94\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T18:00:34.0159991Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506683999999999_6a5df300-a1b4-4403-a419-eb6688efdf7b\",\r\n \"name\": \"2518506683999999999_6a5df300-a1b4-4403-a419-eb6688efdf7b\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"APPLICATION-ATTACK-SQLI\",\r\n \"alertName\": \"APPLICATION-ATTACK-SQLI\",\r\n \"detectedTimeUtc\": \"2019-03-03T17:00:00Z\",\r\n \"description\": \"Detail:SQL Injection Attack Matched Data: md5 found within ARGS:h: die(@md5(M4rch));\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"6a5df300-a1b4-4403-a419-eb6688efdf7b\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"258\",\r\n \"source IPs\": \"153.37.197.94\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T18:00:34.0159991Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506683999999999_874c6ebd-1e67-4774-a5ce-0d731c1c27db\",\r\n \"name\": \"2518506683999999999_874c6ebd-1e67-4774-a5ce-0d731c1c27db\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T17:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 12)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"874c6ebd-1e67-4774-a5ce-0d731c1c27db\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"187\",\r\n \"source IPs\": \"153.37.197.94,5.189.188.237\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T18:00:34.0159991Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506683999999999_96f96063-0f51-4b5a-8548-a58f55a126bb\",\r\n \"name\": \"2518506683999999999_96f96063-0f51-4b5a-8548-a58f55a126bb\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"APPLICATION-ATTACK-LFI\",\r\n \"alertName\": \"APPLICATION-ATTACK-LFI\",\r\n \"detectedTimeUtc\": \"2019-03-03T17:00:00Z\",\r\n \"description\": \"Detail:Restricted File Access Attempt Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"96f96063-0f51-4b5a-8548-a58f55a126bb\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"153.37.197.94\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T18:00:34.0159991Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506683999999999_a1fd9cb6-278c-4fa8-8378-b88d15b68e37\",\r\n \"name\": \"2518506683999999999_a1fd9cb6-278c-4fa8-8378-b88d15b68e37\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"APPLICATION-ATTACK-SQLI\",\r\n \"alertName\": \"APPLICATION-ATTACK-SQLI\",\r\n \"detectedTimeUtc\": \"2019-03-03T17:00:00Z\",\r\n \"description\": \"Detail:SQL Injection Attack Matched Data: md5 found within ARGS:h: die(@md5(M4rch));\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"a1fd9cb6-278c-4fa8-8378-b88d15b68e37\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"242\",\r\n \"source IPs\": \"153.37.197.94\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T18:00:34.0159991Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506683999999999_e4985ba6-3474-4f25-8d0e-0d29bb6b38c9\",\r\n \"name\": \"2518506683999999999_e4985ba6-3474-4f25-8d0e-0d29bb6b38c9\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T17:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"e4985ba6-3474-4f25-8d0e-0d29bb6b38c9\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"254\",\r\n \"source IPs\": \"143.255.242.186,153.37.197.94,5.189.188.237\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T18:00:34.0159991Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506683999999999_e6988005-220a-4136-82fd-14ef12b4ddf1\",\r\n \"name\": \"2518506683999999999_e6988005-220a-4136-82fd-14ef12b4ddf1\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"METHOD-ENFORCEMENT\",\r\n \"alertName\": \"METHOD-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T17:00:00Z\",\r\n \"description\": \"Detail:Method is not allowed by policy PROPFIND\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"e6988005-220a-4136-82fd-14ef12b4ddf1\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"153.37.197.94\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T18:00:34.0159991Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506719999999999_13a28970-6f30-4c49-8db1-bbeb8c53f358\",\r\n \"name\": \"2518506719999999999_13a28970-6f30-4c49-8db1-bbeb8c53f358\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-03T16:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with scripting/generic HTTP client Matched Data: python-requests found within REQUEST_HEADERS:User-Agent: python-requests/2.6.0 CPython/2.7.5 Linux/3.10.0-957.1.3.el7.x86_64\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"13a28970-6f30-4c49-8db1-bbeb8c53f358\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T17:00:20.7167821Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506719999999999_3dd7d880-0612-484b-9352-47cbe5e955c0\",\r\n \"name\": \"2518506719999999999_3dd7d880-0612-484b-9352-47cbe5e955c0\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T16:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"3dd7d880-0612-484b-9352-47cbe5e955c0\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"4\",\r\n \"source IPs\": \"151.14.49.82,106.12.205.48,176.32.33.80,27.112.69.69\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T17:00:20.7167821Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506719999999999_45ad41ef-a52a-4383-b5a0-cf77d0f52769\",\r\n \"name\": \"2518506719999999999_45ad41ef-a52a-4383-b5a0-cf77d0f52769\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T16:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 8)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"45ad41ef-a52a-4383-b5a0-cf77d0f52769\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T17:00:20.7167821Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506755999999999_08c7bb21-5ce6-4a29-8559-e0f681637727\",\r\n \"name\": \"2518506755999999999_08c7bb21-5ce6-4a29-8559-e0f681637727\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T15:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"08c7bb21-5ce6-4a29-8559-e0f681637727\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"112.109.90.7\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T16:00:13.9856128Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506791999999999_a4f72ed5-04a4-4396-a55f-6c1e53f5de88\",\r\n \"name\": \"2518506791999999999_a4f72ed5-04a4-4396-a55f-6c1e53f5de88\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T14:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"a4f72ed5-04a4-4396-a55f-6c1e53f5de88\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"191.19.156.211\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T15:00:53.1284306Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506791999999999_d7624e51-e813-4e82-9d24-b0c7d1ee54a2\",\r\n \"name\": \"2518506791999999999_d7624e51-e813-4e82-9d24-b0c7d1ee54a2\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T14:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"d7624e51-e813-4e82-9d24-b0c7d1ee54a2\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"191.19.156.211\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T15:00:53.5907512Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506827999999999_5d48c911-b79f-4a9c-adf7-b1f7b542e139\",\r\n \"name\": \"2518506827999999999_5d48c911-b79f-4a9c-adf7-b1f7b542e139\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T13:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"5d48c911-b79f-4a9c-adf7-b1f7b542e139\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"47.44.40.236\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T14:00:40.9369659Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506827999999999_6705b59f-aa53-4b22-a799-0ec168f16554\",\r\n \"name\": \"2518506827999999999_6705b59f-aa53-4b22-a799-0ec168f16554\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T13:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 5)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"6705b59f-aa53-4b22-a799-0ec168f16554\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"86.101.76.223\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T14:00:41.4313385Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506827999999999_8ef4d78a-8e10-42c2-809c-b06a1dbac6ff\",\r\n \"name\": \"2518506827999999999_8ef4d78a-8e10-42c2-809c-b06a1dbac6ff\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T13:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"8ef4d78a-8e10-42c2-809c-b06a1dbac6ff\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"3\",\r\n \"source IPs\": \"86.101.76.223,37.112.145.247\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T14:00:41.4313385Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506863999999999_0a57514d-bfbb-40de-945f-edab4061fa9f\",\r\n \"name\": \"2518506863999999999_0a57514d-bfbb-40de-945f-edab4061fa9f\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-03T12:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with scripting/generic HTTP client Matched Data: python-requests found within REQUEST_HEADERS:User-Agent: python-requests/2.6.0 CPython/2.7.5 Linux/3.10.0-957.1.3.el7.x86_64\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"0a57514d-bfbb-40de-945f-edab4061fa9f\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T13:00:27.4966084Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506863999999999_2aec0c06-933a-4981-bd34-59809b81bdcf\",\r\n \"name\": \"2518506863999999999_2aec0c06-933a-4981-bd34-59809b81bdcf\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T12:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"2aec0c06-933a-4981-bd34-59809b81bdcf\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"3\",\r\n \"source IPs\": \"139.162.106.181,176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T13:00:27.9629747Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506863999999999_3906c573-8bb4-47b5-922d-3a93dacb999a\",\r\n \"name\": \"2518506863999999999_3906c573-8bb4-47b5-922d-3a93dacb999a\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T12:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 5)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"3906c573-8bb4-47b5-922d-3a93dacb999a\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"139.162.106.181,176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T13:00:27.9629747Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506863999999999_ccc614e5-38e9-4794-a4a7-b084779313b2\",\r\n \"name\": \"2518506863999999999_ccc614e5-38e9-4794-a4a7-b084779313b2\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T12:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"ccc614e5-38e9-4794-a4a7-b084779313b2\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"189.79.106.13,175.106.10.226\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T13:00:27.9629747Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506899999999999_0628b610-6b29-45ec-a08c-2561f6201681\",\r\n \"name\": \"2518506899999999999_0628b610-6b29-45ec-a08c-2561f6201681\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T11:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"0628b610-6b29-45ec-a08c-2561f6201681\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"4\",\r\n \"source IPs\": \"170.233.47.249,149.71.160.254,125.64.94.200\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T12:00:05.3305889Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506899999999999_7008ba75-4cc8-4291-93bc-ea17eba8f37c\",\r\n \"name\": \"2518506899999999999_7008ba75-4cc8-4291-93bc-ea17eba8f37c\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T11:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 5)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"7008ba75-4cc8-4291-93bc-ea17eba8f37c\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"125.64.94.200\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T12:00:04.8798965Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506935999999999_6f663a4f-982b-4818-8ef1-f87730e40dcc\",\r\n \"name\": \"2518506935999999999_6f663a4f-982b-4818-8ef1-f87730e40dcc\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T10:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"6f663a4f-982b-4818-8ef1-f87730e40dcc\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"177.190.65.151\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T11:00:50.1566901Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506971999999999_205da57b-4636-44f8-894e-3a78c60e78be\",\r\n \"name\": \"2518506971999999999_205da57b-4636-44f8-894e-3a78c60e78be\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-03T09:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with security scanner Matched Data: zmeu found within REQUEST_HEADERS:User-Agent: ZmEu\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"205da57b-4636-44f8-894e-3a78c60e78be\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"5\",\r\n \"source IPs\": \"202.111.175.134\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T10:00:37.6036112Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506971999999999_36d74c57-219a-48dd-9d85-8edf5dad9605\",\r\n \"name\": \"2518506971999999999_36d74c57-219a-48dd-9d85-8edf5dad9605\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T09:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 8)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"36d74c57-219a-48dd-9d85-8edf5dad9605\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"3\",\r\n \"source IPs\": \"176.32.33.80,202.111.175.134\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T10:00:37.6036112Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506971999999999_51794aa7-6274-4156-b321-a8404ec2c8a1\",\r\n \"name\": \"2518506971999999999_51794aa7-6274-4156-b321-a8404ec2c8a1\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T09:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 13)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"51794aa7-6274-4156-b321-a8404ec2c8a1\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"4\",\r\n \"source IPs\": \"202.111.175.134\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T10:00:36.6754928Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506971999999999_8fd280c9-d229-4ab0-b7c2-a1e6ed13d475\",\r\n \"name\": \"2518506971999999999_8fd280c9-d229-4ab0-b7c2-a1e6ed13d475\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T09:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"8fd280c9-d229-4ab0-b7c2-a1e6ed13d475\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"4\",\r\n \"source IPs\": \"202.111.175.134\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T10:00:37.6036112Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506971999999999_c5f9f5ef-e626-494f-af62-296e9a3aae90\",\r\n \"name\": \"2518506971999999999_c5f9f5ef-e626-494f-af62-296e9a3aae90\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T09:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"c5f9f5ef-e626-494f-af62-296e9a3aae90\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"3\",\r\n \"source IPs\": \"176.32.33.80,202.111.175.134\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T10:00:37.6036112Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506971999999999_f2c8d1c4-1673-484b-a6dd-83ba0f631030\",\r\n \"name\": \"2518506971999999999_f2c8d1c4-1673-484b-a6dd-83ba0f631030\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-03T09:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with scripting/generic HTTP client Matched Data: python-requests found within REQUEST_HEADERS:User-Agent: python-requests/2.6.0 CPython/2.7.5 Linux/3.10.0-957.1.3.el7.x86_64\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"f2c8d1c4-1673-484b-a6dd-83ba0f631030\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"3\",\r\n \"source IPs\": \"176.32.33.80,202.111.175.134\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T10:00:37.6036112Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507007999999999_d08f4e21-7e7a-4f55-8d05-c262b6ea7296\",\r\n \"name\": \"2518507007999999999_d08f4e21-7e7a-4f55-8d05-c262b6ea7296\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T08:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"d08f4e21-7e7a-4f55-8d05-c262b6ea7296\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"200.170.107.213\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T09:00:23.6177593Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507043999999999_4113b94b-e345-435c-9860-319263f7dd62\",\r\n \"name\": \"2518507043999999999_4113b94b-e345-435c-9860-319263f7dd62\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T07:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"4113b94b-e345-435c-9860-319263f7dd62\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"3\",\r\n \"source IPs\": \"185.53.88.120,177.95.121.11\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T08:00:08.812839Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507043999999999_61e42d8a-87ae-4aad-909c-c68cf39040d4\",\r\n \"name\": \"2518507043999999999_61e42d8a-87ae-4aad-909c-c68cf39040d4\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T07:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 5)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"61e42d8a-87ae-4aad-909c-c68cf39040d4\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"185.53.88.120\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T08:00:08.812839Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507043999999999_61fd9c97-c980-48c2-b39a-defed87af2a2\",\r\n \"name\": \"2518507043999999999_61fd9c97-c980-48c2-b39a-defed87af2a2\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T07:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"61fd9c97-c980-48c2-b39a-defed87af2a2\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"189.211.124.220\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T08:00:08.812839Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507079999999999_1b89d7cb-b586-4a38-ad61-75bbaebf2170\",\r\n \"name\": \"2518507079999999999_1b89d7cb-b586-4a38-ad61-75bbaebf2170\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-03T06:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with security scanner Matched Data: masscan found within REQUEST_HEADERS:User-Agent: masscan/1.0 (https://github.com/robertdavidgraham/masscan)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"1b89d7cb-b586-4a38-ad61-75bbaebf2170\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"185.165.169.28\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T07:00:54.0188006Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507079999999999_c2c1230a-f1d5-4fe1-9aa3-0a77e7299186\",\r\n \"name\": \"2518507079999999999_c2c1230a-f1d5-4fe1-9aa3-0a77e7299186\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T06:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 8)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"c2c1230a-f1d5-4fe1-9aa3-0a77e7299186\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"185.165.169.28\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T07:00:53.5777047Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507079999999999_eac52c76-659b-498e-91f5-525511b48ded\",\r\n \"name\": \"2518507079999999999_eac52c76-659b-498e-91f5-525511b48ded\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T06:00:00Z\",\r\n \"description\": \"Detail:Request Missing a Host Header\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"eac52c76-659b-498e-91f5-525511b48ded\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"185.165.169.28\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T07:00:54.0188006Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507115999999999_3f4c572d-c6c7-440c-84e7-7a3f4cd866af\",\r\n \"name\": \"2518507115999999999_3f4c572d-c6c7-440c-84e7-7a3f4cd866af\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T05:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"3f4c572d-c6c7-440c-84e7-7a3f4cd866af\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"191.19.210.54\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T06:00:38.331985Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507115999999999_537e6f2f-d393-4cdf-a530-3255b9cc34c9\",\r\n \"name\": \"2518507115999999999_537e6f2f-d393-4cdf-a530-3255b9cc34c9\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T05:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 8)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"537e6f2f-d393-4cdf-a530-3255b9cc34c9\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"176.32.33.80,106.75.63.218\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T06:00:38.8618086Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507115999999999_b291073d-47ad-4563-b5be-d3cc4955e3db\",\r\n \"name\": \"2518507115999999999_b291073d-47ad-4563-b5be-d3cc4955e3db\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-03T05:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with scripting/generic HTTP client Matched Data: python-requests found within REQUEST_HEADERS:User-Agent: python-requests/2.6.0 CPython/2.7.5 Linux/3.10.0-957.1.3.el7.x86_64\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"b291073d-47ad-4563-b5be-d3cc4955e3db\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T06:00:38.8618086Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507115999999999_c9b1c4e8-589e-4c7e-945f-ef107e422d0e\",\r\n \"name\": \"2518507115999999999_c9b1c4e8-589e-4c7e-945f-ef107e422d0e\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T05:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"c9b1c4e8-589e-4c7e-945f-ef107e422d0e\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"3\",\r\n \"source IPs\": \"176.32.33.80,106.75.63.218\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T06:00:38.8618086Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507151999999999_395b050b-039c-42ac-84eb-93d3e7faea3e\",\r\n \"name\": \"2518507151999999999_395b050b-039c-42ac-84eb-93d3e7faea3e\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T04:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"395b050b-039c-42ac-84eb-93d3e7faea3e\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"82.227.32.4\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T05:00:24.7267003Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507151999999999_6db5bd58-9d70-42c8-b0c1-723f6cd5b8e7\",\r\n \"name\": \"2518507151999999999_6db5bd58-9d70-42c8-b0c1-723f6cd5b8e7\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T04:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 5)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"6db5bd58-9d70-42c8-b0c1-723f6cd5b8e7\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"82.227.32.4\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T05:00:24.2392146Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507223999999999_ee9ccd4a-9ffe-4674-93a3-8dce991f38ab\",\r\n \"name\": \"2518507223999999999_ee9ccd4a-9ffe-4674-93a3-8dce991f38ab\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T02:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"ee9ccd4a-9ffe-4674-93a3-8dce991f38ab\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"3\",\r\n \"source IPs\": \"46.201.249.7,91.192.33.145,95.133.40.164\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T03:00:56.5825657Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507295999999999_4fe4d5bf-6672-490d-b840-051c7f68b697\",\r\n \"name\": \"2518507295999999999_4fe4d5bf-6672-490d-b840-051c7f68b697\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T00:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 5)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"4fe4d5bf-6672-490d-b840-051c7f68b697\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"61.62.156.174\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T01:00:28.5948373Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507295999999999_863f36fb-20ad-45d2-9063-2a07be7f4d5f\",\r\n \"name\": \"2518507295999999999_863f36fb-20ad-45d2-9063-2a07be7f4d5f\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T00:00:00Z\",\r\n \"description\": \"Detail:Request Missing a Host Header\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"863f36fb-20ad-45d2-9063-2a07be7f4d5f\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"61.62.156.174\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T01:00:29.0871558Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507331999999999_3462bbf4-9200-4fdc-871c-01f2eb234c84\",\r\n \"name\": \"2518507331999999999_3462bbf4-9200-4fdc-871c-01f2eb234c84\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-02T23:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"3462bbf4-9200-4fdc-871c-01f2eb234c84\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"3\",\r\n \"source IPs\": \"179.110.96.144,95.85.11.140,185.219.135.195\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T00:00:16.354891Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507331999999999_99ba6c6b-501a-41df-a80a-d3c5fddff4e1\",\r\n \"name\": \"2518507331999999999_99ba6c6b-501a-41df-a80a-d3c5fddff4e1\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-02T23:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"99ba6c6b-501a-41df-a80a-d3c5fddff4e1\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"185.219.135.195\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T00:00:15.8819814Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507403999999999_7f0e0ee0-50f0-4f6d-87f6-3a386629e3ee\",\r\n \"name\": \"2518507403999999999_7f0e0ee0-50f0-4f6d-87f6-3a386629e3ee\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-02T21:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"7f0e0ee0-50f0-4f6d-87f6-3a386629e3ee\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"1.245.46.34,200.207.141.250\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-02T22:00:38.1461713Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507403999999999_b8d1e867-333f-4776-bfb1-23dc9d0f3883\",\r\n \"name\": \"2518507403999999999_b8d1e867-333f-4776-bfb1-23dc9d0f3883\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-02T21:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"b8d1e867-333f-4776-bfb1-23dc9d0f3883\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"42.51.32.9,200.207.141.250\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-02T22:00:38.6594318Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507439999999999_1b54ab81-5ca3-4ea0-a706-38112361afaa\",\r\n \"name\": \"2518507439999999999_1b54ab81-5ca3-4ea0-a706-38112361afaa\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-02T20:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with security scanner Matched Data: nmap scripting engine found within REQUEST_HEADERS:User-Agent: Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"bc09060f-3280-4734-a595-310679b63b8f.cloudapp.net\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"1b54ab81-5ca3-4ea0-a706-38112361afaa\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"16\",\r\n \"source IPs\": \"52.183.32.182\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-02T21:00:26.0576367Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507439999999999_3e947bdc-233d-4de1-8031-2038a4d74620\",\r\n \"name\": \"2518507439999999999_3e947bdc-233d-4de1-8031-2038a4d74620\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-02T20:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with security scanner Matched Data: nmap scripting engine found within REQUEST_HEADERS:User-Agent: Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"bc09060f-3280-4734-a595-310679b63b8f.cloudapp.net\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"3e947bdc-233d-4de1-8031-2038a4d74620\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"17\",\r\n \"source IPs\": \"52.183.32.182\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-02T21:00:26.0576367Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n }\r\n ],\r\n \"nextLink\": \"https://management.azure.com/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/providers/Microsoft.Security/alerts?api-version=2019-01-01&%24skiptoken=TY%2fLbqMwAEX%2fhcXsCDYBEkeqRmpqmKQFUmMbys482jjhNdhpIFX%2ffTLSLEa6u3N1ru6X0dWTfpHdWRmbLyPFCcWMxAdsbIyj1oPaWFYrOvFRt3WnF%2bJ2GetF2bcbx1la6lKocpSDln2nLGe9Kgpn7ZqFWwDTWcHaRCWoTAhWcOVB%2b33tIWsY%2b09Z1aOyQlmOverf9SKpy8so9WyJph61%2bikGaX7eK3frgw0gMgG854c6y4H257p7qOd9nGdHwAJ%2froIGiBRdEpu7u1MvwwSDeOvHJChvaQr3IUaYZyQXTT5QFl5D7HqknUIeTL8pq0iFIXulUcSDcKacPBcM4ZQy%2bbL9t9Gi5X%2fuZST9SDTcoYDwCrgey4YDDxSkkIwRQ0zc%2bIGfPmaaDWfxl9N9%2fHrze9pUzwJPjLUwFo0PUk6U4MNT%2bPQYccxA2pB9yNAv1uqI%2b0zv5FXSljuVT45v7dTQ1td5svOKjqtie5X8%2fj23OaABOr1lZChsR8anR2R8f%2f8B\"\r\n}",
+ "ResponseBody": "{\r\n \"value\": [\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Security/locations/westeurope/alerts/2518136982923187680_ef6aa4e6-9c60-4405-8f08-f465e8e50cd2\",\r\n \"name\": \"2518136982923187680_ef6aa4e6-9c60-4405-8f08-f465e8e50cd2\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft\",\r\n \"alertDisplayName\": \"Azure Security Center test alert (not a threat)\",\r\n \"alertName\": \"VM_EICAR\",\r\n \"detectedTimeUtc\": \"2020-05-04T14:28:27.6812319Z\",\r\n \"description\": \"This is a test alert generated by Azure Security Center. No further action is needed.\",\r\n \"remediationSteps\": \"No further action is needed.\",\r\n \"actionTaken\": \"Undefined\",\r\n \"reportedSeverity\": \"High\",\r\n \"compromisedEntity\": \"ALERTSTEST\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"ef6aa4e6-9c60-4405-8f08-f465e8e50cd2\",\r\n \"extendedProperties\": {\r\n \"compromised Host\": \"ALERTSTEST\",\r\n \"user Name\": \"WORKGROUP\\\\alertsTest$\",\r\n \"account Session Id\": \"0x3e7\",\r\n \"suspicious Process\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe\",\r\n \"suspicious Command Line\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"parent Process\": \"c:\\\\windows\\\\system32\\\\svchost.exe\",\r\n \"suspicious Process Id\": \"0x688\",\r\n \"arguments Auditing Enabled\": \"true\",\r\n \"enrichment_tas_threat__reports\": \"{\\\"Kind\\\":\\\"MultiLink\\\",\\\"DisplayValueToUrlDictionary\\\":{\\\"Report: EICAR File\\\":\\\"https://interflowwebportalext.trafficmanager.net/reports/DisplayReport?callerIdentity=ddd5443d-e6f4-441c-b52b-5278d2f21dfa&reportCreateDateTime=2020-05-04T09%3a13%3a05&reportName=MSTI-TS-EICAR-File.pdf&tenantId=387eb67f-0039-43ad-81b9-b66c6c0b1951&urlCreateDateTime=2020-05-04T09%3a13%3a05&token=aRLLv1q8UI%20eVn54OVy%20WbqcH7H9dSGDUOuWywymCrQ=\\\"}}\",\r\n \"resourceType\": \"Virtual Machine\"\r\n },\r\n \"state\": \"Dismissed\",\r\n \"reportedTimeUtc\": \"2020-05-04T14:29:05.5983077Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/mainws/providers/microsoft.operationalinsights/workspaces/securityuserws\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": [\r\n {\r\n \"$id\": \"westeurope_1\",\r\n \"dnsDomain\": \"\",\r\n \"ntDomain\": \"\",\r\n \"hostName\": \"ALERTSTEST\",\r\n \"netBiosName\": \"ALERTSTEST\",\r\n \"azureID\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"omsAgentID\": \"6bc4f1df-17e1-40f0-8227-f1635aea54dd\",\r\n \"osFamily\": \"Windows\",\r\n \"osVersion\": \"Windows\",\r\n \"isDomainJoined\": false,\r\n \"type\": \"host\"\r\n },\r\n {\r\n \"$id\": \"westeurope_2\",\r\n \"directory\": \"c:\\\\windows\\\\system32\",\r\n \"name\": \"svchost.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_3\",\r\n \"processId\": \"0x6ec\",\r\n \"commandLine\": \"\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_2\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_1\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_4\",\r\n \"name\": \"alertsTest$\",\r\n \"ntDomain\": \"WORKGROUP\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_1\"\r\n },\r\n \"sid\": \"S-1-5-18\",\r\n \"isDomainJoined\": true,\r\n \"type\": \"account\",\r\n \"LogonId\": \"0x3e7\"\r\n },\r\n {\r\n \"$id\": \"westeurope_5\",\r\n \"directory\": \"c:\\\\scripts\",\r\n \"name\": \"asc_alerttest_662jfi039n.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_6\",\r\n \"processId\": \"0x688\",\r\n \"commandLine\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"elevationToken\": \"Default\",\r\n \"creationTimeUtc\": \"2020-05-04T14:28:27.6812319Z\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_5\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_4\"\r\n },\r\n \"parentProcess\": {\r\n \"$ref\": \"westeurope_3\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_1\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_7\",\r\n \"sessionId\": \"0x3e7\",\r\n \"startTimeUtc\": \"2020-05-04T14:28:27.6812319Z\",\r\n \"endTimeUtc\": \"2020-05-04T14:28:27.6812319Z\",\r\n \"type\": \"host-logon-session\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_1\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_4\"\r\n }\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Security/locations/westeurope/alerts/2518137000923212703_d25bac04-7492-4ece-9d75-7a377d74d833\",\r\n \"name\": \"2518137000923212703_d25bac04-7492-4ece-9d75-7a377d74d833\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft\",\r\n \"alertDisplayName\": \"Azure Security Center test alert (not a threat)\",\r\n \"alertName\": \"VM_EICAR\",\r\n \"detectedTimeUtc\": \"2020-05-04T13:58:27.6787296Z\",\r\n \"description\": \"This is a test alert generated by Azure Security Center. No further action is needed.\",\r\n \"remediationSteps\": \"No further action is needed.\",\r\n \"actionTaken\": \"Undefined\",\r\n \"reportedSeverity\": \"High\",\r\n \"compromisedEntity\": \"ALERTSTEST\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"d25bac04-7492-4ece-9d75-7a377d74d833\",\r\n \"extendedProperties\": {\r\n \"compromised Host\": \"ALERTSTEST\",\r\n \"user Name\": \"WORKGROUP\\\\alertsTest$\",\r\n \"account Session Id\": \"0x3e7\",\r\n \"suspicious Process\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe\",\r\n \"suspicious Command Line\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"parent Process\": \"c:\\\\windows\\\\system32\\\\svchost.exe\",\r\n \"suspicious Process Id\": \"0x1c7c\",\r\n \"arguments Auditing Enabled\": \"true\",\r\n \"enrichment_tas_threat__reports\": \"{\\\"Kind\\\":\\\"MultiLink\\\",\\\"DisplayValueToUrlDictionary\\\":{\\\"Report: EICAR File\\\":\\\"https://interflowwebportalext.trafficmanager.net/reports/DisplayReport?callerIdentity=ddd5443d-e6f4-441c-b52b-5278d2f21dfa&reportCreateDateTime=2020-05-04T09%3a13%3a05&reportName=MSTI-TS-EICAR-File.pdf&tenantId=387eb67f-0039-43ad-81b9-b66c6c0b1951&urlCreateDateTime=2020-05-04T09%3a13%3a05&token=aRLLv1q8UI%20eVn54OVy%20WbqcH7H9dSGDUOuWywymCrQ=\\\"}}\",\r\n \"resourceType\": \"Virtual Machine\"\r\n },\r\n \"state\": \"Dismissed\",\r\n \"reportedTimeUtc\": \"2020-05-04T13:58:34.2198556Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/mainws/providers/microsoft.operationalinsights/workspaces/securityuserws\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": [\r\n {\r\n \"$id\": \"westeurope_8\",\r\n \"dnsDomain\": \"\",\r\n \"ntDomain\": \"\",\r\n \"hostName\": \"ALERTSTEST\",\r\n \"netBiosName\": \"ALERTSTEST\",\r\n \"azureID\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"omsAgentID\": \"6bc4f1df-17e1-40f0-8227-f1635aea54dd\",\r\n \"osFamily\": \"Windows\",\r\n \"osVersion\": \"Windows\",\r\n \"isDomainJoined\": false,\r\n \"type\": \"host\"\r\n },\r\n {\r\n \"$id\": \"westeurope_9\",\r\n \"directory\": \"c:\\\\windows\\\\system32\",\r\n \"name\": \"svchost.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_10\",\r\n \"processId\": \"0x6ec\",\r\n \"commandLine\": \"\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_9\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_8\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_11\",\r\n \"name\": \"alertsTest$\",\r\n \"ntDomain\": \"WORKGROUP\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_8\"\r\n },\r\n \"sid\": \"S-1-5-18\",\r\n \"isDomainJoined\": true,\r\n \"type\": \"account\",\r\n \"LogonId\": \"0x3e7\"\r\n },\r\n {\r\n \"$id\": \"westeurope_12\",\r\n \"directory\": \"c:\\\\scripts\",\r\n \"name\": \"asc_alerttest_662jfi039n.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_13\",\r\n \"processId\": \"0x1c7c\",\r\n \"commandLine\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"elevationToken\": \"Default\",\r\n \"creationTimeUtc\": \"2020-05-04T13:58:27.6787296Z\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_12\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_11\"\r\n },\r\n \"parentProcess\": {\r\n \"$ref\": \"westeurope_10\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_8\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_14\",\r\n \"sessionId\": \"0x3e7\",\r\n \"startTimeUtc\": \"2020-05-04T13:58:27.6787296Z\",\r\n \"endTimeUtc\": \"2020-05-04T13:58:27.6787296Z\",\r\n \"type\": \"host-logon-session\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_8\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_11\"\r\n }\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Security/locations/westeurope/alerts/2518137018913138372_93d99441-2eff-436e-ab25-0307b3484bb4\",\r\n \"name\": \"2518137018913138372_93d99441-2eff-436e-ab25-0307b3484bb4\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft\",\r\n \"alertDisplayName\": \"Azure Security Center test alert (not a threat)\",\r\n \"alertName\": \"VM_EICAR\",\r\n \"detectedTimeUtc\": \"2020-05-04T13:28:28.6861627Z\",\r\n \"description\": \"This is a test alert generated by Azure Security Center. No further action is needed.\",\r\n \"remediationSteps\": \"No further action is needed.\",\r\n \"actionTaken\": \"Undefined\",\r\n \"reportedSeverity\": \"High\",\r\n \"compromisedEntity\": \"ALERTSTEST\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"93d99441-2eff-436e-ab25-0307b3484bb4\",\r\n \"extendedProperties\": {\r\n \"compromised Host\": \"ALERTSTEST\",\r\n \"user Name\": \"WORKGROUP\\\\alertsTest$\",\r\n \"account Session Id\": \"0x3e7\",\r\n \"suspicious Process\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe\",\r\n \"suspicious Command Line\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"parent Process\": \"c:\\\\windows\\\\system32\\\\svchost.exe\",\r\n \"suspicious Process Id\": \"0x122c\",\r\n \"arguments Auditing Enabled\": \"true\",\r\n \"enrichment_tas_threat__reports\": \"{\\\"Kind\\\":\\\"MultiLink\\\",\\\"DisplayValueToUrlDictionary\\\":{\\\"Report: EICAR File\\\":\\\"https://interflowwebportalext.trafficmanager.net/reports/DisplayReport?callerIdentity=ddd5443d-e6f4-441c-b52b-5278d2f21dfa&reportCreateDateTime=2020-05-04T08%3a32%3a57&reportName=MSTI-TS-EICAR-File.pdf&tenantId=1c68e967-70a6-4cda-a34b-6d281cffe06e&urlCreateDateTime=2020-05-04T08%3a32%3a57&token=s7wyF62JLdEde8/SccnrGqIJxUOajFUpTETdhi3lCyY=\\\"}}\",\r\n \"resourceType\": \"Virtual Machine\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2020-05-04T13:28:59.9528247Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/mainws/providers/microsoft.operationalinsights/workspaces/securityuserws\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": [\r\n {\r\n \"$id\": \"westeurope_15\",\r\n \"dnsDomain\": \"\",\r\n \"ntDomain\": \"\",\r\n \"hostName\": \"ALERTSTEST\",\r\n \"netBiosName\": \"ALERTSTEST\",\r\n \"azureID\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"omsAgentID\": \"6bc4f1df-17e1-40f0-8227-f1635aea54dd\",\r\n \"osFamily\": \"Windows\",\r\n \"osVersion\": \"Windows\",\r\n \"isDomainJoined\": false,\r\n \"type\": \"host\"\r\n },\r\n {\r\n \"$id\": \"westeurope_16\",\r\n \"directory\": \"c:\\\\windows\\\\system32\",\r\n \"name\": \"svchost.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_17\",\r\n \"processId\": \"0x6ec\",\r\n \"commandLine\": \"\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_16\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_15\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_18\",\r\n \"name\": \"alertsTest$\",\r\n \"ntDomain\": \"WORKGROUP\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_15\"\r\n },\r\n \"sid\": \"S-1-5-18\",\r\n \"isDomainJoined\": true,\r\n \"type\": \"account\",\r\n \"LogonId\": \"0x3e7\"\r\n },\r\n {\r\n \"$id\": \"westeurope_19\",\r\n \"directory\": \"c:\\\\scripts\",\r\n \"name\": \"asc_alerttest_662jfi039n.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_20\",\r\n \"processId\": \"0x122c\",\r\n \"commandLine\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"elevationToken\": \"Default\",\r\n \"creationTimeUtc\": \"2020-05-04T13:28:28.6861627Z\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_19\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_18\"\r\n },\r\n \"parentProcess\": {\r\n \"$ref\": \"westeurope_17\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_15\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_21\",\r\n \"sessionId\": \"0x3e7\",\r\n \"startTimeUtc\": \"2020-05-04T13:28:28.6861627Z\",\r\n \"endTimeUtc\": \"2020-05-04T13:28:28.6861627Z\",\r\n \"type\": \"host-logon-session\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_15\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_18\"\r\n }\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Security/locations/westeurope/alerts/2518137035665338254_a345cb85-18aa-4d14-9293-e4d2ba15cb9d\",\r\n \"name\": \"2518137035665338254_a345cb85-18aa-4d14-9293-e4d2ba15cb9d\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft\",\r\n \"alertDisplayName\": \"Azure Security Center test alert (not a threat)\",\r\n \"alertName\": \"VM_EICAR\",\r\n \"detectedTimeUtc\": \"2020-05-04T13:00:33.4661745Z\",\r\n \"description\": \"This is a test alert generated by Azure Security Center. No further action is needed.\",\r\n \"remediationSteps\": \"No further action is needed.\",\r\n \"actionTaken\": \"Undefined\",\r\n \"reportedSeverity\": \"High\",\r\n \"compromisedEntity\": \"ALERTSTEST\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"a345cb85-18aa-4d14-9293-e4d2ba15cb9d\",\r\n \"extendedProperties\": {\r\n \"compromised Host\": \"ALERTSTEST\",\r\n \"user Name\": \"WORKGROUP\\\\alertsTest$\",\r\n \"account Session Id\": \"0x3e7\",\r\n \"suspicious Process\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe\",\r\n \"suspicious Command Line\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"parent Process\": \"c:\\\\windows\\\\system32\\\\svchost.exe\",\r\n \"suspicious Process Id\": \"0xe38\",\r\n \"arguments Auditing Enabled\": \"true\",\r\n \"enrichment_tas_threat__reports\": \"{\\\"Kind\\\":\\\"MultiLink\\\",\\\"DisplayValueToUrlDictionary\\\":{\\\"Report: EICAR File\\\":\\\"https://interflowwebportalext.trafficmanager.net/reports/DisplayReport?callerIdentity=ddd5443d-e6f4-441c-b52b-5278d2f21dfa&reportCreateDateTime=2020-05-04T09%3a13%3a05&reportName=MSTI-TS-EICAR-File.pdf&tenantId=387eb67f-0039-43ad-81b9-b66c6c0b1951&urlCreateDateTime=2020-05-04T09%3a13%3a05&token=aRLLv1q8UI%20eVn54OVy%20WbqcH7H9dSGDUOuWywymCrQ=\\\"}}\",\r\n \"resourceType\": \"Virtual Machine\"\r\n },\r\n \"state\": \"Dismissed\",\r\n \"reportedTimeUtc\": \"2020-05-04T13:00:37.889087Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/mainws/providers/microsoft.operationalinsights/workspaces/securityuserws\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": [\r\n {\r\n \"$id\": \"westeurope_22\",\r\n \"dnsDomain\": \"\",\r\n \"ntDomain\": \"\",\r\n \"hostName\": \"ALERTSTEST\",\r\n \"netBiosName\": \"ALERTSTEST\",\r\n \"azureID\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"omsAgentID\": \"6bc4f1df-17e1-40f0-8227-f1635aea54dd\",\r\n \"osFamily\": \"Windows\",\r\n \"osVersion\": \"Windows\",\r\n \"isDomainJoined\": false,\r\n \"type\": \"host\"\r\n },\r\n {\r\n \"$id\": \"westeurope_23\",\r\n \"directory\": \"c:\\\\windows\\\\system32\",\r\n \"name\": \"svchost.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_24\",\r\n \"processId\": \"0x6ec\",\r\n \"commandLine\": \"\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_23\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_22\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_25\",\r\n \"name\": \"alertsTest$\",\r\n \"ntDomain\": \"WORKGROUP\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_22\"\r\n },\r\n \"sid\": \"S-1-5-18\",\r\n \"isDomainJoined\": true,\r\n \"type\": \"account\",\r\n \"LogonId\": \"0x3e7\"\r\n },\r\n {\r\n \"$id\": \"westeurope_26\",\r\n \"directory\": \"c:\\\\scripts\",\r\n \"name\": \"asc_alerttest_662jfi039n.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_27\",\r\n \"processId\": \"0xe38\",\r\n \"commandLine\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"elevationToken\": \"Default\",\r\n \"creationTimeUtc\": \"2020-05-04T13:00:33.4661745Z\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_26\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_25\"\r\n },\r\n \"parentProcess\": {\r\n \"$ref\": \"westeurope_24\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_22\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_28\",\r\n \"sessionId\": \"0x3e7\",\r\n \"startTimeUtc\": \"2020-05-04T13:00:33.4661745Z\",\r\n \"endTimeUtc\": \"2020-05-04T13:00:33.4661745Z\",\r\n \"type\": \"host-logon-session\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_22\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_25\"\r\n }\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Security/locations/westeurope/alerts/2518137036458453383_d763b77f-129c-4e95-af39-5c4b4c411b5b\",\r\n \"name\": \"2518137036458453383_d763b77f-129c-4e95-af39-5c4b4c411b5b\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft\",\r\n \"alertDisplayName\": \"Azure Security Center test alert (not a threat)\",\r\n \"alertName\": \"VM_EICAR\",\r\n \"detectedTimeUtc\": \"2020-05-04T12:59:14.1546616Z\",\r\n \"description\": \"This is a test alert generated by Azure Security Center. No further action is needed.\",\r\n \"remediationSteps\": \"No further action is needed.\",\r\n \"actionTaken\": \"Undefined\",\r\n \"reportedSeverity\": \"High\",\r\n \"compromisedEntity\": \"ALERTSTEST\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"d763b77f-129c-4e95-af39-5c4b4c411b5b\",\r\n \"extendedProperties\": {\r\n \"compromised Host\": \"ALERTSTEST\",\r\n \"user Name\": \"WORKGROUP\\\\alertsTest$\",\r\n \"account Session Id\": \"0x3e7\",\r\n \"suspicious Process\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe\",\r\n \"suspicious Command Line\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"parent Process\": \"c:\\\\windows\\\\system32\\\\svchost.exe\",\r\n \"suspicious Process Id\": \"0xe7c\",\r\n \"arguments Auditing Enabled\": \"true\",\r\n \"enrichment_tas_threat__reports\": \"{\\\"Kind\\\":\\\"MultiLink\\\",\\\"DisplayValueToUrlDictionary\\\":{\\\"Report: EICAR File\\\":\\\"https://interflowwebportalext.trafficmanager.net/reports/DisplayReport?callerIdentity=ddd5443d-e6f4-441c-b52b-5278d2f21dfa&reportCreateDateTime=2020-05-04T08%3a32%3a57&reportName=MSTI-TS-EICAR-File.pdf&tenantId=1c68e967-70a6-4cda-a34b-6d281cffe06e&urlCreateDateTime=2020-05-04T08%3a32%3a57&token=s7wyF62JLdEde8/SccnrGqIJxUOajFUpTETdhi3lCyY=\\\"}}\",\r\n \"resourceType\": \"Virtual Machine\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2020-05-04T12:59:35.6273663Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/mainws/providers/microsoft.operationalinsights/workspaces/securityuserws\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": [\r\n {\r\n \"$id\": \"westeurope_29\",\r\n \"dnsDomain\": \"\",\r\n \"ntDomain\": \"\",\r\n \"hostName\": \"ALERTSTEST\",\r\n \"netBiosName\": \"ALERTSTEST\",\r\n \"azureID\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"omsAgentID\": \"6bc4f1df-17e1-40f0-8227-f1635aea54dd\",\r\n \"osFamily\": \"Windows\",\r\n \"osVersion\": \"Windows\",\r\n \"isDomainJoined\": false,\r\n \"type\": \"host\"\r\n },\r\n {\r\n \"$id\": \"westeurope_30\",\r\n \"directory\": \"c:\\\\windows\\\\system32\",\r\n \"name\": \"svchost.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_31\",\r\n \"processId\": \"0x6ec\",\r\n \"commandLine\": \"\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_30\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_29\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_32\",\r\n \"name\": \"alertsTest$\",\r\n \"ntDomain\": \"WORKGROUP\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_29\"\r\n },\r\n \"sid\": \"S-1-5-18\",\r\n \"isDomainJoined\": true,\r\n \"type\": \"account\",\r\n \"LogonId\": \"0x3e7\"\r\n },\r\n {\r\n \"$id\": \"westeurope_33\",\r\n \"directory\": \"c:\\\\scripts\",\r\n \"name\": \"asc_alerttest_662jfi039n.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_34\",\r\n \"processId\": \"0xe7c\",\r\n \"commandLine\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"elevationToken\": \"Default\",\r\n \"creationTimeUtc\": \"2020-05-04T12:59:14.1546616Z\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_33\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_32\"\r\n },\r\n \"parentProcess\": {\r\n \"$ref\": \"westeurope_31\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_29\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_35\",\r\n \"sessionId\": \"0x3e7\",\r\n \"startTimeUtc\": \"2020-05-04T12:59:14.1546616Z\",\r\n \"endTimeUtc\": \"2020-05-04T12:59:14.1546616Z\",\r\n \"type\": \"host-logon-session\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_29\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_32\"\r\n }\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Security/locations/westeurope/alerts/2518137036914144805_a3d0999b-cdfc-41d9-9d28-ee1335f03081\",\r\n \"name\": \"2518137036914144805_a3d0999b-cdfc-41d9-9d28-ee1335f03081\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft\",\r\n \"alertDisplayName\": \"Azure Security Center test alert (not a threat)\",\r\n \"alertName\": \"VM_EICAR\",\r\n \"detectedTimeUtc\": \"2020-05-04T12:58:28.5855194Z\",\r\n \"description\": \"This is a test alert generated by Azure Security Center. No further action is needed.\",\r\n \"remediationSteps\": \"No further action is needed.\",\r\n \"actionTaken\": \"Undefined\",\r\n \"reportedSeverity\": \"High\",\r\n \"compromisedEntity\": \"ALERTSTEST\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"a3d0999b-cdfc-41d9-9d28-ee1335f03081\",\r\n \"extendedProperties\": {\r\n \"compromised Host\": \"ALERTSTEST\",\r\n \"user Name\": \"WORKGROUP\\\\alertsTest$\",\r\n \"account Session Id\": \"0x3e7\",\r\n \"suspicious Process\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe\",\r\n \"suspicious Command Line\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"parent Process\": \"c:\\\\windows\\\\system32\\\\svchost.exe\",\r\n \"suspicious Process Id\": \"0xfac\",\r\n \"arguments Auditing Enabled\": \"true\",\r\n \"enrichment_tas_threat__reports\": \"{\\\"Kind\\\":\\\"MultiLink\\\",\\\"DisplayValueToUrlDictionary\\\":{\\\"Report: EICAR File\\\":\\\"https://interflowwebportalext.trafficmanager.net/reports/DisplayReport?callerIdentity=ddd5443d-e6f4-441c-b52b-5278d2f21dfa&reportCreateDateTime=2020-05-04T09%3a23%3a00&reportName=MSTI-TS-EICAR-File.pdf&tenantId=b11492db-77a6-4ec0-9ff7-17b6ba420e1e&urlCreateDateTime=2020-05-04T09%3a23%3a00&token=XhSuWhrbEKAk2sXS1TcK0SVTLOehFDirzLCUSUoWPL4=\\\"}}\",\r\n \"resourceType\": \"Virtual Machine\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2020-05-04T12:58:46.4927078Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/mainws/providers/microsoft.operationalinsights/workspaces/securityuserws\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": [\r\n {\r\n \"$id\": \"westeurope_36\",\r\n \"dnsDomain\": \"\",\r\n \"ntDomain\": \"\",\r\n \"hostName\": \"ALERTSTEST\",\r\n \"netBiosName\": \"ALERTSTEST\",\r\n \"azureID\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"omsAgentID\": \"6bc4f1df-17e1-40f0-8227-f1635aea54dd\",\r\n \"osFamily\": \"Windows\",\r\n \"osVersion\": \"Windows\",\r\n \"isDomainJoined\": false,\r\n \"type\": \"host\"\r\n },\r\n {\r\n \"$id\": \"westeurope_37\",\r\n \"directory\": \"c:\\\\windows\\\\system32\",\r\n \"name\": \"svchost.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_38\",\r\n \"processId\": \"0x6ec\",\r\n \"commandLine\": \"\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_37\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_36\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_39\",\r\n \"name\": \"alertsTest$\",\r\n \"ntDomain\": \"WORKGROUP\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_36\"\r\n },\r\n \"sid\": \"S-1-5-18\",\r\n \"isDomainJoined\": true,\r\n \"type\": \"account\",\r\n \"LogonId\": \"0x3e7\"\r\n },\r\n {\r\n \"$id\": \"westeurope_40\",\r\n \"directory\": \"c:\\\\scripts\",\r\n \"name\": \"asc_alerttest_662jfi039n.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_41\",\r\n \"processId\": \"0xfac\",\r\n \"commandLine\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"elevationToken\": \"Default\",\r\n \"creationTimeUtc\": \"2020-05-04T12:58:28.5855194Z\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_40\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_39\"\r\n },\r\n \"parentProcess\": {\r\n \"$ref\": \"westeurope_38\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_36\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_42\",\r\n \"sessionId\": \"0x3e7\",\r\n \"startTimeUtc\": \"2020-05-04T12:58:28.5855194Z\",\r\n \"endTimeUtc\": \"2020-05-04T12:58:28.5855194Z\",\r\n \"type\": \"host-logon-session\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_36\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_39\"\r\n }\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Security/locations/westeurope/alerts/2518137037321194617_adafe5f0-ade9-47b4-86f3-3155038827f6\",\r\n \"name\": \"2518137037321194617_adafe5f0-ade9-47b4-86f3-3155038827f6\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft\",\r\n \"alertDisplayName\": \"Azure Security Center test alert (not a threat)\",\r\n \"alertName\": \"VM_EICAR\",\r\n \"detectedTimeUtc\": \"2020-05-04T12:57:47.8805382Z\",\r\n \"description\": \"This is a test alert generated by Azure Security Center. No further action is needed.\",\r\n \"remediationSteps\": \"No further action is needed.\",\r\n \"actionTaken\": \"Undefined\",\r\n \"reportedSeverity\": \"High\",\r\n \"compromisedEntity\": \"ALERTSTEST\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"adafe5f0-ade9-47b4-86f3-3155038827f6\",\r\n \"extendedProperties\": {\r\n \"compromised Host\": \"ALERTSTEST\",\r\n \"user Name\": \"WORKGROUP\\\\alertsTest$\",\r\n \"account Session Id\": \"0x3e7\",\r\n \"suspicious Process\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe\",\r\n \"suspicious Command Line\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"parent Process\": \"c:\\\\windows\\\\system32\\\\svchost.exe\",\r\n \"suspicious Process Id\": \"0x1d50\",\r\n \"arguments Auditing Enabled\": \"true\",\r\n \"enrichment_tas_threat__reports\": \"{\\\"Kind\\\":\\\"MultiLink\\\",\\\"DisplayValueToUrlDictionary\\\":{\\\"Report: EICAR File\\\":\\\"https://interflowwebportalext.trafficmanager.net/reports/DisplayReport?callerIdentity=ddd5443d-e6f4-441c-b52b-5278d2f21dfa&reportCreateDateTime=2020-05-04T08%3a32%3a57&reportName=MSTI-TS-EICAR-File.pdf&tenantId=1c68e967-70a6-4cda-a34b-6d281cffe06e&urlCreateDateTime=2020-05-04T08%3a32%3a57&token=s7wyF62JLdEde8/SccnrGqIJxUOajFUpTETdhi3lCyY=\\\"}}\",\r\n \"resourceType\": \"Virtual Machine\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2020-05-04T12:57:53.7990186Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/mainws/providers/microsoft.operationalinsights/workspaces/securityuserws\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": [\r\n {\r\n \"$id\": \"westeurope_43\",\r\n \"dnsDomain\": \"\",\r\n \"ntDomain\": \"\",\r\n \"hostName\": \"ALERTSTEST\",\r\n \"netBiosName\": \"ALERTSTEST\",\r\n \"azureID\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"omsAgentID\": \"6bc4f1df-17e1-40f0-8227-f1635aea54dd\",\r\n \"osFamily\": \"Windows\",\r\n \"osVersion\": \"Windows\",\r\n \"isDomainJoined\": false,\r\n \"type\": \"host\"\r\n },\r\n {\r\n \"$id\": \"westeurope_44\",\r\n \"directory\": \"c:\\\\windows\\\\system32\",\r\n \"name\": \"svchost.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_45\",\r\n \"processId\": \"0x6ec\",\r\n \"commandLine\": \"\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_44\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_43\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_46\",\r\n \"name\": \"alertsTest$\",\r\n \"ntDomain\": \"WORKGROUP\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_43\"\r\n },\r\n \"sid\": \"S-1-5-18\",\r\n \"isDomainJoined\": true,\r\n \"type\": \"account\",\r\n \"LogonId\": \"0x3e7\"\r\n },\r\n {\r\n \"$id\": \"westeurope_47\",\r\n \"directory\": \"c:\\\\scripts\",\r\n \"name\": \"asc_alerttest_662jfi039n.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_48\",\r\n \"processId\": \"0x1d50\",\r\n \"commandLine\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"elevationToken\": \"Default\",\r\n \"creationTimeUtc\": \"2020-05-04T12:57:47.8805382Z\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_47\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_46\"\r\n },\r\n \"parentProcess\": {\r\n \"$ref\": \"westeurope_45\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_43\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_49\",\r\n \"sessionId\": \"0x3e7\",\r\n \"startTimeUtc\": \"2020-05-04T12:57:47.8805382Z\",\r\n \"endTimeUtc\": \"2020-05-04T12:57:47.8805382Z\",\r\n \"type\": \"host-logon-session\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_43\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_46\"\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n}",
"StatusCode": 200
},
{
- "RequestUri": "/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/providers/Microsoft.Security/locations/centralus/alerts/2518532788749999999_66276b36-db2a-4b2c-84ad-9676fe753a02/Dismiss?api-version=2019-01-01",
- "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvNDg3YmI0ODUtYjViMC00NzFlLTljMGQtMTA3MTc2MTJmODY5L3Byb3ZpZGVycy9NaWNyb3NvZnQuU2VjdXJpdHkvbG9jYXRpb25zL2NlbnRyYWx1cy9hbGVydHMvMjUxODUzMjc4ODc0OTk5OTk5OV82NjI3NmIzNi1kYjJhLTRiMmMtODRhZC05Njc2ZmU3NTNhMDIvRGlzbWlzcz9hcGktdmVyc2lvbj0yMDE5LTAxLTAx",
+ "RequestUri": "/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/providers/Microsoft.Security/locations/westeurope/alerts/2518136982923187680_ef6aa4e6-9c60-4405-8f08-f465e8e50cd2/dismiss?api-version=2019-01-01",
+ "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvNDg3YmI0ODUtYjViMC00NzFlLTljMGQtMTA3MTc2MTJmODY5L3Byb3ZpZGVycy9NaWNyb3NvZnQuU2VjdXJpdHkvbG9jYXRpb25zL3dlc3RldXJvcGUvYWxlcnRzLzI1MTgxMzY5ODI5MjMxODc2ODBfZWY2YWE0ZTYtOWM2MC00NDA1LThmMDgtZjQ2NWU4ZTUwY2QyL2Rpc21pc3M/YXBpLXZlcnNpb249MjAxOS0wMS0wMQ==",
"RequestMethod": "POST",
"RequestBody": "",
"RequestHeaders": {
"x-ms-client-request-id": [
- "5954dc51-7da6-4ecb-a3e5-5f9f0b154b1d"
+ "0eafd666-0fd0-4f93-bdda-1c6a6eb7ee17"
],
"accept-language": [
"en-US"
@@ -79,8 +79,8 @@
"User-Agent": [
"FxVersion/4.6.26614.01",
"OSName/Windows",
- "OSVersion/Microsoft.Windows.10.0.17763.",
- "Microsoft.Azure.Management.Security.SecurityCenterClient/0.11.0.0"
+ "OSVersion/Microsoft.Windows.10.0.18363.",
+ "Microsoft.Azure.Management.Security.SecurityCenterClient/1.1.3.0"
]
},
"ResponseHeaders": {
@@ -88,7 +88,7 @@
"no-cache"
],
"Date": [
- "Mon, 04 Mar 2019 16:02:05 GMT"
+ "Mon, 04 May 2020 14:43:08 GMT"
],
"Pragma": [
"no-cache"
@@ -100,16 +100,16 @@
"max-age=31536000; includeSubDomains"
],
"x-ms-ratelimit-remaining-subscription-writes": [
- "1198"
+ "1199"
],
"x-ms-request-id": [
- "3088ced6-081a-4c03-949e-b1c8853180ef"
+ "898ad9fc-9083-457b-a1c7-4bda14abb93f"
],
"x-ms-correlation-request-id": [
- "3088ced6-081a-4c03-949e-b1c8853180ef"
+ "898ad9fc-9083-457b-a1c7-4bda14abb93f"
],
"x-ms-routing-request-id": [
- "UKWEST:20190304T160206Z:3088ced6-081a-4c03-949e-b1c8853180ef"
+ "GERMANYWESTCENTRAL:20200504T144308Z:898ad9fc-9083-457b-a1c7-4bda14abb93f"
],
"X-Content-Type-Options": [
"nosniff"
@@ -123,7 +123,5 @@
}
],
"Names": {},
- "Variables": {
- "SubscriptionId": "487bb485-b5b0-471e-9c0d-10717612f869"
- }
+ "Variables": {}
}
\ No newline at end of file
diff --git a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/SettingsTests/Settings_Get.json b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/SettingsTests/Settings_Get.json
index 6e1823366ae1..9a71739e7b73 100644
--- a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/SettingsTests/Settings_Get.json
+++ b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/SettingsTests/Settings_Get.json
@@ -1,13 +1,13 @@
{
"Entries": [
{
- "RequestUri": "/subscriptions/81de6a21-8799-4bb5-a28c-cbc292f8e023/providers/Microsoft.Security/settings/MCAS?api-version=2019-01-01",
- "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvODFkZTZhMjEtODc5OS00YmI1LWEyOGMtY2JjMjkyZjhlMDIzL3Byb3ZpZGVycy9NaWNyb3NvZnQuU2VjdXJpdHkvc2V0dGluZ3MvTUNBUz9hcGktdmVyc2lvbj0yMDE5LTAxLTAx",
+ "RequestUri": "/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/providers/Microsoft.Security/settings/MCAS?api-version=2019-01-01",
+ "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvNDg3YmI0ODUtYjViMC00NzFlLTljMGQtMTA3MTc2MTJmODY5L3Byb3ZpZGVycy9NaWNyb3NvZnQuU2VjdXJpdHkvc2V0dGluZ3MvTUNBUz9hcGktdmVyc2lvbj0yMDE5LTAxLTAx",
"RequestMethod": "GET",
"RequestBody": "",
"RequestHeaders": {
"x-ms-client-request-id": [
- "230243ea-2f05-4431-802a-e1943d0bd632"
+ "6b81261e-759c-4216-a910-7562dcfb3dd3"
],
"accept-language": [
"en-US"
@@ -15,8 +15,8 @@
"User-Agent": [
"FxVersion/4.6.26614.01",
"OSName/Windows",
- "OSVersion/Microsoft.Windows.10.0.18362.",
- "Microsoft.Azure.Management.Security.SecurityCenterClient/1.0.0.0"
+ "OSVersion/Microsoft.Windows.10.0.18363.",
+ "Microsoft.Azure.Management.Security.SecurityCenterClient/1.1.3.0"
]
},
"ResponseHeaders": {
@@ -24,7 +24,7 @@
"no-cache"
],
"Date": [
- "Wed, 04 Sep 2019 12:01:40 GMT"
+ "Sun, 03 May 2020 15:46:01 GMT"
],
"Pragma": [
"no-cache"
@@ -33,16 +33,16 @@
"Microsoft-HTTPAPI/2.0"
],
"x-ms-request-id": [
- "c01d4788-5a80-4dcb-874c-a303f104b100"
+ "0f45c96f-ffe5-4c67-91e8-ecf7d44d572a"
],
"x-ms-ratelimit-remaining-subscription-resource-requests": [
"749"
],
"x-ms-correlation-request-id": [
- "f86c19d4-57b2-45b1-bec0-fc62f7840b6c"
+ "01f9ca2c-382d-43ee-aac4-7bc2ea840fea"
],
"x-ms-routing-request-id": [
- "UKSOUTH2:20190904T120140Z:f86c19d4-57b2-45b1-bec0-fc62f7840b6c"
+ "GERMANYWESTCENTRAL:20200503T154602Z:01f9ca2c-382d-43ee-aac4-7bc2ea840fea"
],
"Strict-Transport-Security": [
"max-age=31536000; includeSubDomains"
@@ -60,12 +60,10 @@
"-1"
]
},
- "ResponseBody": "{\r\n \"id\": \"/subscriptions/81de6a21-8799-4bb5-a28c-cbc292f8e023/providers/Microsoft.Security/settings/MCAS\",\r\n \"name\": \"MCAS\",\r\n \"type\": \"Microsoft.Security/settings\",\r\n \"kind\": \"DataExportSettings\",\r\n \"properties\": {\r\n \"enabled\": true\r\n }\r\n}",
+ "ResponseBody": "{\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/providers/Microsoft.Security/settings/MCAS\",\r\n \"name\": \"MCAS\",\r\n \"type\": \"Microsoft.Security/settings\",\r\n \"kind\": \"DataExportSettings\",\r\n \"properties\": {\r\n \"enabled\": true\r\n }\r\n}",
"StatusCode": 200
}
],
"Names": {},
- "Variables": {
- "SubscriptionId": "81de6a21-8799-4bb5-a28c-cbc292f8e023"
- }
+ "Variables": {}
}
\ No newline at end of file
diff --git a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/SettingsTests/Settings_List.json b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/SettingsTests/Settings_List.json
index 2d6654a4eef9..b0d16ad890c5 100644
--- a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/SettingsTests/Settings_List.json
+++ b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/SettingsTests/Settings_List.json
@@ -1,13 +1,13 @@
{
"Entries": [
{
- "RequestUri": "/subscriptions/81de6a21-8799-4bb5-a28c-cbc292f8e023/providers/Microsoft.Security/settings?api-version=2019-01-01",
- "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvODFkZTZhMjEtODc5OS00YmI1LWEyOGMtY2JjMjkyZjhlMDIzL3Byb3ZpZGVycy9NaWNyb3NvZnQuU2VjdXJpdHkvc2V0dGluZ3M/YXBpLXZlcnNpb249MjAxOS0wMS0wMQ==",
+ "RequestUri": "/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/providers/Microsoft.Security/settings?api-version=2019-01-01",
+ "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvNDg3YmI0ODUtYjViMC00NzFlLTljMGQtMTA3MTc2MTJmODY5L3Byb3ZpZGVycy9NaWNyb3NvZnQuU2VjdXJpdHkvc2V0dGluZ3M/YXBpLXZlcnNpb249MjAxOS0wMS0wMQ==",
"RequestMethod": "GET",
"RequestBody": "",
"RequestHeaders": {
"x-ms-client-request-id": [
- "eebd6e12-3b4a-4fbb-bc81-1dfcefccd538"
+ "0764eea4-0f3d-4101-8fdd-a04877da967e"
],
"accept-language": [
"en-US"
@@ -15,8 +15,8 @@
"User-Agent": [
"FxVersion/4.6.26614.01",
"OSName/Windows",
- "OSVersion/Microsoft.Windows.10.0.18362.",
- "Microsoft.Azure.Management.Security.SecurityCenterClient/1.0.0.0"
+ "OSVersion/Microsoft.Windows.10.0.18363.",
+ "Microsoft.Azure.Management.Security.SecurityCenterClient/1.1.3.0"
]
},
"ResponseHeaders": {
@@ -24,7 +24,7 @@
"no-cache"
],
"Date": [
- "Wed, 04 Sep 2019 12:01:40 GMT"
+ "Sun, 03 May 2020 15:46:02 GMT"
],
"Pragma": [
"no-cache"
@@ -33,16 +33,16 @@
"Microsoft-HTTPAPI/2.0"
],
"x-ms-request-id": [
- "df2d4775-9b7a-4961-a243-40b3f480e3fd"
+ "bc4f9695-12dd-414a-a57d-9f272182857b"
],
"x-ms-ratelimit-remaining-subscription-resource-requests": [
"749"
],
"x-ms-correlation-request-id": [
- "dd97767c-cad7-45cf-86ed-f9cf2b4c3add"
+ "e2e2312f-3cf0-4ed1-9da3-d0e12dbf1ba8"
],
"x-ms-routing-request-id": [
- "UKSOUTH2:20190904T120141Z:dd97767c-cad7-45cf-86ed-f9cf2b4c3add"
+ "GERMANYWESTCENTRAL:20200503T154602Z:e2e2312f-3cf0-4ed1-9da3-d0e12dbf1ba8"
],
"Strict-Transport-Security": [
"max-age=31536000; includeSubDomains"
@@ -60,12 +60,10 @@
"-1"
]
},
- "ResponseBody": "{\r\n \"value\": [\r\n {\r\n \"id\": \"/subscriptions/81de6a21-8799-4bb5-a28c-cbc292f8e023/providers/Microsoft.Security/settings/MCAS\",\r\n \"name\": \"MCAS\",\r\n \"type\": \"Microsoft.Security/settings\",\r\n \"kind\": \"DataExportSettings\",\r\n \"properties\": {\r\n \"enabled\": true\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/81de6a21-8799-4bb5-a28c-cbc292f8e023/providers/Microsoft.Security/settings/WDATP\",\r\n \"name\": \"WDATP\",\r\n \"type\": \"Microsoft.Security/settings\",\r\n \"kind\": \"DataExportSettings\",\r\n \"properties\": {\r\n \"enabled\": true\r\n }\r\n }\r\n ]\r\n}",
+ "ResponseBody": "{\r\n \"value\": [\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/providers/Microsoft.Security/settings/MCAS\",\r\n \"name\": \"MCAS\",\r\n \"type\": \"Microsoft.Security/settings\",\r\n \"kind\": \"DataExportSettings\",\r\n \"properties\": {\r\n \"enabled\": true\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/providers/Microsoft.Security/settings/WDATP\",\r\n \"name\": \"WDATP\",\r\n \"type\": \"Microsoft.Security/settings\",\r\n \"kind\": \"DataExportSettings\",\r\n \"properties\": {\r\n \"enabled\": true\r\n }\r\n }\r\n ]\r\n}",
"StatusCode": 200
}
],
"Names": {},
- "Variables": {
- "SubscriptionId": "81de6a21-8799-4bb5-a28c-cbc292f8e023"
- }
+ "Variables": {}
}
\ No newline at end of file
diff --git a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/SettingsTests/Settings_Update.json b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/SettingsTests/Settings_Update.json
new file mode 100644
index 000000000000..6a663ec1c4de
--- /dev/null
+++ b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/SettingsTests/Settings_Update.json
@@ -0,0 +1,140 @@
+{
+ "Entries": [
+ {
+ "RequestUri": "/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/providers/Microsoft.Security/settings/MCAS?api-version=2019-01-01",
+ "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvNDg3YmI0ODUtYjViMC00NzFlLTljMGQtMTA3MTc2MTJmODY5L3Byb3ZpZGVycy9NaWNyb3NvZnQuU2VjdXJpdHkvc2V0dGluZ3MvTUNBUz9hcGktdmVyc2lvbj0yMDE5LTAxLTAx",
+ "RequestMethod": "GET",
+ "RequestBody": "",
+ "RequestHeaders": {
+ "x-ms-client-request-id": [
+ "80957c61-fca0-40e5-9c1b-23629aec0f75"
+ ],
+ "accept-language": [
+ "en-US"
+ ],
+ "User-Agent": [
+ "FxVersion/4.6.26614.01",
+ "OSName/Windows",
+ "OSVersion/Microsoft.Windows.10.0.18363.",
+ "Microsoft.Azure.Management.Security.SecurityCenterClient/1.1.3.0"
+ ]
+ },
+ "ResponseHeaders": {
+ "Cache-Control": [
+ "no-cache"
+ ],
+ "Date": [
+ "Sun, 03 May 2020 15:45:59 GMT"
+ ],
+ "Pragma": [
+ "no-cache"
+ ],
+ "Server": [
+ "Microsoft-HTTPAPI/2.0"
+ ],
+ "x-ms-request-id": [
+ "e7d35aa5-435a-4d77-82e6-ac0f03a5efe7"
+ ],
+ "x-ms-ratelimit-remaining-subscription-resource-requests": [
+ "749"
+ ],
+ "x-ms-correlation-request-id": [
+ "0b0ffe6a-076a-494f-a0de-f9d778caab09"
+ ],
+ "x-ms-routing-request-id": [
+ "GERMANYWESTCENTRAL:20200503T154600Z:0b0ffe6a-076a-494f-a0de-f9d778caab09"
+ ],
+ "Strict-Transport-Security": [
+ "max-age=31536000; includeSubDomains"
+ ],
+ "X-Content-Type-Options": [
+ "nosniff"
+ ],
+ "Content-Length": [
+ "212"
+ ],
+ "Content-Type": [
+ "application/json; charset=utf-8"
+ ],
+ "Expires": [
+ "-1"
+ ]
+ },
+ "ResponseBody": "{\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/providers/Microsoft.Security/settings/MCAS\",\r\n \"name\": \"MCAS\",\r\n \"type\": \"Microsoft.Security/settings\",\r\n \"kind\": \"DataExportSettings\",\r\n \"properties\": {\r\n \"enabled\": true\r\n }\r\n}",
+ "StatusCode": 200
+ },
+ {
+ "RequestUri": "/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/providers/Microsoft.Security/settings/MCAS?api-version=2019-01-01",
+ "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvNDg3YmI0ODUtYjViMC00NzFlLTljMGQtMTA3MTc2MTJmODY5L3Byb3ZpZGVycy9NaWNyb3NvZnQuU2VjdXJpdHkvc2V0dGluZ3MvTUNBUz9hcGktdmVyc2lvbj0yMDE5LTAxLTAx",
+ "RequestMethod": "PUT",
+ "RequestBody": "{\r\n \"kind\": \"DataExportSettings\",\r\n \"properties\": {\r\n \"enabled\": true\r\n }\r\n}",
+ "RequestHeaders": {
+ "x-ms-client-request-id": [
+ "5a7b7a18-0992-4161-8e66-cb8fe44c970b"
+ ],
+ "accept-language": [
+ "en-US"
+ ],
+ "User-Agent": [
+ "FxVersion/4.6.26614.01",
+ "OSName/Windows",
+ "OSVersion/Microsoft.Windows.10.0.18363.",
+ "Microsoft.Azure.Management.Security.SecurityCenterClient/1.1.3.0"
+ ],
+ "Content-Type": [
+ "application/json; charset=utf-8"
+ ],
+ "Content-Length": [
+ "82"
+ ]
+ },
+ "ResponseHeaders": {
+ "Cache-Control": [
+ "no-cache"
+ ],
+ "Date": [
+ "Sun, 03 May 2020 15:46:00 GMT"
+ ],
+ "Pragma": [
+ "no-cache"
+ ],
+ "Server": [
+ "Microsoft-HTTPAPI/2.0"
+ ],
+ "x-ms-request-id": [
+ "61998c33-ac81-45c6-8cb3-906d7a4688e5"
+ ],
+ "x-ms-ratelimit-remaining-subscription-resource-requests": [
+ "249"
+ ],
+ "x-ms-correlation-request-id": [
+ "002cff54-3f34-462b-b0a9-08d287eb5615"
+ ],
+ "x-ms-routing-request-id": [
+ "GERMANYWESTCENTRAL:20200503T154601Z:002cff54-3f34-462b-b0a9-08d287eb5615"
+ ],
+ "Strict-Transport-Security": [
+ "max-age=31536000; includeSubDomains"
+ ],
+ "X-Content-Type-Options": [
+ "nosniff"
+ ],
+ "Content-Length": [
+ "212"
+ ],
+ "Content-Type": [
+ "application/json; charset=utf-8"
+ ],
+ "Expires": [
+ "-1"
+ ]
+ },
+ "ResponseBody": "{\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/providers/Microsoft.Security/settings/MCAS\",\r\n \"name\": \"MCAS\",\r\n \"type\": \"Microsoft.Security/settings\",\r\n \"kind\": \"DataExportSettings\",\r\n \"properties\": {\r\n \"enabled\": true\r\n }\r\n}",
+ "StatusCode": 200
+ }
+ ],
+ "Names": {},
+ "Variables": {
+ "SubscriptionId": "487bb485-b5b0-471e-9c0d-10717612f869"
+ }
+}
\ No newline at end of file
diff --git a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/TopologyTests/Topology_Get.json b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/TopologyTests/Topology_Get.json
new file mode 100644
index 000000000000..5bf999a956aa
--- /dev/null
+++ b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/TopologyTests/Topology_Get.json
@@ -0,0 +1,71 @@
+{
+ "Entries": [
+ {
+ "RequestUri": "/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/MyResourceGroup/providers/Microsoft.Security/locations/westcentralus/topologies/virtualNetworks?api-version=2020-01-01",
+ "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvNDg3YmI0ODUtYjViMC00NzFlLTljMGQtMTA3MTc2MTJmODY5L3Jlc291cmNlR3JvdXBzL015UmVzb3VyY2VHcm91cC9wcm92aWRlcnMvTWljcm9zb2Z0LlNlY3VyaXR5L2xvY2F0aW9ucy93ZXN0Y2VudHJhbHVzL3RvcG9sb2dpZXMvdmlydHVhbE5ldHdvcmtzP2FwaS12ZXJzaW9uPTIwMjAtMDEtMDE=",
+ "RequestMethod": "GET",
+ "RequestBody": "",
+ "RequestHeaders": {
+ "x-ms-client-request-id": [
+ "7fde219e-6962-465c-a220-29d076108854"
+ ],
+ "accept-language": [
+ "en-US"
+ ],
+ "User-Agent": [
+ "FxVersion/4.6.26614.01",
+ "OSName/Windows",
+ "OSVersion/Microsoft.Windows.10.0.18363.",
+ "Microsoft.Azure.Management.Security.SecurityCenterClient/1.1.2.0"
+ ]
+ },
+ "ResponseHeaders": {
+ "Cache-Control": [
+ "no-cache"
+ ],
+ "Date": [
+ "Tue, 21 Apr 2020 13:19:46 GMT"
+ ],
+ "Pragma": [
+ "no-cache"
+ ],
+ "Server": [
+ "Microsoft-HTTPAPI/2.0"
+ ],
+ "x-ms-request-id": [
+ "a7d0145a-4cc0-441a-971c-40f362854203"
+ ],
+ "x-ms-ratelimit-remaining-subscription-resource-requests": [
+ "749"
+ ],
+ "x-ms-correlation-request-id": [
+ "b20950e0-91fe-451e-8450-5e85e9472c68"
+ ],
+ "x-ms-routing-request-id": [
+ "GERMANYWESTCENTRAL:20200421T131947Z:b20950e0-91fe-451e-8450-5e85e9472c68"
+ ],
+ "Strict-Transport-Security": [
+ "max-age=31536000; includeSubDomains"
+ ],
+ "X-Content-Type-Options": [
+ "nosniff"
+ ],
+ "Content-Length": [
+ "1241"
+ ],
+ "Content-Type": [
+ "application/json; charset=utf-8"
+ ],
+ "Expires": [
+ "-1"
+ ]
+ },
+ "ResponseBody": "{\r\n \"type\": \"Microsoft.Security/locations/topologies\",\r\n \"properties\": {\r\n \"calculatedDateTime\": \"2020-04-21T13:18:14.3309894Z\",\r\n \"topologyResources\": [\r\n {\r\n \"resourceId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/MyResourceGroup/providers/Microsoft.Network/virtualNetworks/MyVnet\",\r\n \"severity\": \"Healthy\",\r\n \"networkZones\": \"Internal\",\r\n \"recommendationsExist\": false,\r\n \"topologyScore\": 0,\r\n \"location\": \"westus\",\r\n \"children\": [\r\n {\r\n \"resourceId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/MyResourceGroup/providers/Microsoft.Network/virtualNetworks/MyVnet/subnets/MySubnet\"\r\n }\r\n ]\r\n },\r\n {\r\n \"resourceId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/MyResourceGroup/providers/Microsoft.Network/virtualNetworks/MyVnet2\",\r\n \"severity\": \"Healthy\",\r\n \"networkZones\": \"Internal\",\r\n \"recommendationsExist\": false,\r\n \"topologyScore\": 60,\r\n \"location\": \"eastus\",\r\n \"children\": [\r\n {\r\n \"resourceId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/MyResourceGroup/providers/Microsoft.Network/virtualNetworks/MyVnet2/subnets/default\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/MyResourceGroup/providers/Microsoft.Security/locations/westcentralus/topologies/virtualNetworks\",\r\n \"name\": \"virtualNetworks\",\r\n \"location\": \"westcentralus\"\r\n}",
+ "StatusCode": 200
+ }
+ ],
+ "Names": {},
+ "Variables": {
+ "SubscriptionId": "487bb485-b5b0-471e-9c0d-10717612f869"
+ }
+}
\ No newline at end of file
diff --git a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/TopologyTests/Topology_List.json b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/TopologyTests/Topology_List.json
new file mode 100644
index 000000000000..a89c4938f65d
--- /dev/null
+++ b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/TopologyTests/Topology_List.json
@@ -0,0 +1,71 @@
+{
+ "Entries": [
+ {
+ "RequestUri": "/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/providers/Microsoft.Security/topologies?api-version=2020-01-01",
+ "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvNDg3YmI0ODUtYjViMC00NzFlLTljMGQtMTA3MTc2MTJmODY5L3Byb3ZpZGVycy9NaWNyb3NvZnQuU2VjdXJpdHkvdG9wb2xvZ2llcz9hcGktdmVyc2lvbj0yMDIwLTAxLTAx",
+ "RequestMethod": "GET",
+ "RequestBody": "",
+ "RequestHeaders": {
+ "x-ms-client-request-id": [
+ "fc67e0b0-5cc7-4502-9d7f-196861275f50"
+ ],
+ "accept-language": [
+ "en-US"
+ ],
+ "User-Agent": [
+ "FxVersion/4.6.26614.01",
+ "OSName/Windows",
+ "OSVersion/Microsoft.Windows.10.0.18363.",
+ "Microsoft.Azure.Management.Security.SecurityCenterClient/1.1.2.0"
+ ]
+ },
+ "ResponseHeaders": {
+ "Cache-Control": [
+ "no-cache"
+ ],
+ "Date": [
+ "Tue, 21 Apr 2020 13:19:48 GMT"
+ ],
+ "Pragma": [
+ "no-cache"
+ ],
+ "x-ms-original-request-ids": [
+ "",
+ "",
+ "3dd0d0a1-1bf1-47d4-9eec-4f56ca9d2817"
+ ],
+ "x-ms-ratelimit-remaining-subscription-resource-requests": [
+ "749"
+ ],
+ "x-ms-request-id": [
+ "064bf0d4-afc8-4e14-9b89-b41bb1b7b080"
+ ],
+ "x-ms-correlation-request-id": [
+ "064bf0d4-afc8-4e14-9b89-b41bb1b7b080"
+ ],
+ "x-ms-routing-request-id": [
+ "GERMANYWESTCENTRAL:20200421T131948Z:064bf0d4-afc8-4e14-9b89-b41bb1b7b080"
+ ],
+ "Strict-Transport-Security": [
+ "max-age=31536000; includeSubDomains"
+ ],
+ "X-Content-Type-Options": [
+ "nosniff"
+ ],
+ "Content-Length": [
+ "345081"
+ ],
+ "Content-Type": [
+ "application/json; charset=utf-8"
+ ],
+ "Expires": [
+ "-1"
+ ]
+ },
+ "ResponseBody": "{\r\n \"value\": [\r\n {\r\n \"type\": \"Microsoft.Security\/locations\/topologies\",\r\n \"properties\": {\r\n \"calculatedDateTime\": \"2020-04-21T13:18:14.3309894Z\",\r\n \"topologyResources\": [\r\n {\r\n \"resourceId\": \"\/subscriptions\/487bb485-b5b0-471e-9c0d-10717612f869\/resourceGroups\/MyResourceGroup\/providers\/Microsoft.Network\/virtualNetworks\/MyVnet\",\r\n \"severity\": \"Healthy\",\r\n \"networkZones\": \"Internal\",\r\n \"recommendationsExist\": false,\r\n \"topologyScore\": 0,\r\n \"location\": \"westus\",\r\n \"children\": [\r\n {\r\n \"resourceId\": \"\/subscriptions\/487bb485-b5b0-471e-9c0d-10717612f869\/resourceGroups\/MyResourceGroup\/providers\/Microsoft.Network\/virtualNetworks\/MyVnet\/subnets\/MySubnet\"\r\n }\r\n ]\r\n },\r\n {\r\n \"resourceId\": \"\/subscriptions\/487bb485-b5b0-471e-9c0d-10717612f869\/resourceGroups\/MyResourceGroup\/providers\/Microsoft.Network\/virtualNetworks\/MyVnet2\",\r\n \"severity\": \"Healthy\",\r\n \"networkZones\": \"Internal\",\r\n \"recommendationsExist\": false,\r\n \"topologyScore\": 60,\r\n \"location\": \"eastus\",\r\n \"children\": [\r\n {\r\n \"resourceId\": \"\/subscriptions\/487bb485-b5b0-471e-9c0d-10717612f869\/resourceGroups\/MyResourceGroup\/providers\/Microsoft.Network\/virtualNetworks\/MyVnet2\/subnets\/default\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"id\": \"\/subscriptions\/487bb485-b5b0-471e-9c0d-10717612f869\/resourceGroups\/MyResourceGroup\/providers\/Microsoft.Security\/locations\/westcentralus\/topologies\/virtualNetworks\",\r\n \"name\": \"virtualNetworks\",\r\n \"location\": \"westcentralus\"\r\n },\r\n {\r\n \"type\": \"Microsoft.Security\/locations\/topologies\",\r\n \"properties\": {\r\n \"calculatedDateTime\": \"2020-04-21T13:18:14.3309894Z\",\r\n \"topologyResources\": [\r\n {\r\n \"resourceId\": \"\/subscriptions\/487bb485-b5b0-471e-9c0d-10717612f869\/resourceGroups\/MyResourceGroup\/providers\/Microsoft.Network\/virtualNetworks\/MyVnet\/subnets\/MySubnet\",\r\n \"severity\": \"Healthy\",\r\n \"networkZones\": \"Internal\",\r\n \"recommendationsExist\": false,\r\n \"topologyScore\": 0,\r\n \"parents\": [\r\n {\r\n \"resourceId\": \"\/subscriptions\/487bb485-b5b0-471e-9c0d-10717612f869\/resourceGroups\/MyResourceGroup\/providers\/Microsoft.Network\/virtualNetworks\/MyVnet\"\r\n }\r\n ]\r\n },\r\n {\r\n \"resourceId\": \"\/subscriptions\/487bb485-b5b0-471e-9c0d-10717612f869\/resourceGroups\/MyResourceGroup\/providers\/Microsoft.Network\/virtualNetworks\/MyVnet2\/subnets\/default\",\r\n \"severity\": \"High\",\r\n \"networkZones\": \"Internal\",\r\n \"recommendationsExist\": true,\r\n \"topologyScore\": 60,\r\n \"parents\": [\r\n {\r\n \"resourceId\": \"\/subscriptions\/487bb485-b5b0-471e-9c0d-10717612f869\/resourceGroups\/MyResourceGroup\/providers\/Microsoft.Network\/virtualNetworks\/MyVnet2\"\r\n }\r\n ],\r\n \"children\": [\r\n {\r\n \"resourceId\": \"\/subscriptions\/487bb485-b5b0-471e-9c0d-10717612f869\/resourceGroups\/MyResourceGroup\/providers\/Microsoft.Compute\/virtualMachines\/MyVm2\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"id\": \"\/subscriptions\/487bb485-b5b0-471e-9c0d-10717612f869\/resourceGroups\/MyResourceGroup\/providers\/Microsoft.Security\/locations\/westcentralus\/topologies\/subnets\",\r\n \"name\": \"subnets\",\r\n \"location\": \"westcentralus\"\r\n },\r\n {\r\n \"type\": \"Microsoft.Security\/locations\/topologies\",\r\n \"properties\": {\r\n \"calculatedDateTime\": \"2020-04-21T13:18:14.3309894Z\",\r\n \"topologyResources\": [\r\n {\r\n \"resourceId\": \"\/subscriptions\/487bb485-b5b0-471e-9c0d-10717612f869\/resourceGroups\/MyResourceGroup2\/providers\/Microsoft.Network\/virtualNetworks\/MyVnet3\",\r\n \"severity\": \"Healthy\",\r\n \"networkZones\": \"Internal\",\r\n \"recommendationsExist\": false,\r\n \"topologyScore\": 0,\r\n \"location\": \"westus\",\r\n \"children\": [\r\n {\r\n \"resourceId\": \"\/subscriptions\/487bb485-b5b0-471e-9c0d-10717612f869\/resourceGroups\/MyResourceGroup2\/providers\/Microsoft.Network\/virtualNetworks\/MyVnet3\/subnets\/MySubnet3\"\r\n },\r\n {\r\n \"resourceId\": \"\/subscriptions\/487bb485-b5b0-471e-9c0d-10717612f869\/resourceGroups\/MyResourceGroup2\/providers\/Microsoft.Network\/virtualNetworks\/MyVnet3\/subnets\/private-subnet\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"id\": \"\/subscriptions\/487bb485-b5b0-471e-9c0d-10717612f869\/resourceGroups\/MyResourceGroup2\/providers\/Microsoft.Security\/locations\/westcentralus\/topologies\/virtualNetworks\",\r\n \"name\": \"virtualNetworks\",\r\n \"location\": \"westcentralus\"\r\n }\r\n ]\r\n }",
+ "StatusCode": 200
+ }
+ ],
+ "Names": {},
+ "Variables": {}
+}
\ No newline at end of file
diff --git a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/Settings/SettingsTests.cs b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/Settings/SettingsTests.cs
index 0d97d75e6da7..f7f3793c70d8 100644
--- a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/Settings/SettingsTests.cs
+++ b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/Settings/SettingsTests.cs
@@ -16,7 +16,7 @@ public class SettingsTests : TestBase
{
#region Test setup
- private static string SubscriptionId = "81de6a21-8799-4bb5-a28c-cbc292f8e023";
+ private static string SubscriptionId = "487bb485-b5b0-471e-9c0d-10717612f869";
private static string SettingName = "MCAS";
public static TestEnvironment TestEnvironment { get; private set; }
@@ -67,6 +67,20 @@ public void Settings_Get()
}
}
+ [Fact]
+ public void Settings_Update()
+ {
+ using (var context = MockContext.Start(this.GetType()))
+ {
+ var securityCenterClient = GetSecurityCenterClient(context);
+ var setting = securityCenterClient.Settings.Get(SettingName);
+ ValidateSetting(setting);
+
+ var updatedSetting = securityCenterClient.Settings.Update(SettingName, setting);
+ ValidateSetting(updatedSetting);
+ }
+ }
+
#endregion
#region Validations
diff --git a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/Topology/TopologyTests.cs b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/Topology/TopologyTests.cs
new file mode 100644
index 000000000000..dd696b347658
--- /dev/null
+++ b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/Topology/TopologyTests.cs
@@ -0,0 +1,88 @@
+using System.Net;
+using Microsoft.Azure.Management.Security;
+using Microsoft.Azure.Management.Security.Models;
+using Microsoft.Azure.Test.HttpRecorder;
+using Microsoft.Rest.Azure;
+using Microsoft.Rest.ClientRuntime.Azure.TestFramework;
+using SecurityCenter.Tests.Helpers;
+using Xunit;
+
+namespace SecurityCenter.Tests
+{
+ public class TopologyTests : TestBase
+ {
+ #region Test setup
+
+ public static TestEnvironment TestEnvironment { get; private set; }
+
+ private static SecurityCenterClient GetSecurityCenterClient(MockContext context)
+ {
+ if (TestEnvironment == null && HttpMockServer.Mode == HttpRecorderMode.Record)
+ {
+ TestEnvironment = TestEnvironmentFactory.GetTestEnvironment();
+ }
+
+ var handler = new RecordedDelegatingHandler { StatusCodeToReturn = HttpStatusCode.OK, IsPassThrough = true };
+
+ var securityCenterClient = HttpMockServer.Mode == HttpRecorderMode.Record
+ ? context.GetServiceClient(TestEnvironment, handlers: handler)
+ : context.GetServiceClient(handlers: handler);
+
+ securityCenterClient.AscLocation = "westcentralus";
+
+ return securityCenterClient;
+ }
+
+ #endregion
+
+ #region Topology Tests
+ [Fact]
+ public void Topology_List()
+ {
+ using (var context = MockContext.Start(this.GetType()))
+ {
+ var securityCenterClient = GetSecurityCenterClient(context);
+ var topologiesResources = securityCenterClient.Topology.List();
+ ValidateTopologiesResources(topologiesResources);
+ }
+ }
+
+ [Fact]
+ public void Topology_Get()
+ {
+ using (var context = MockContext.Start(this.GetType()))
+ {
+ var securityCenterClient = GetSecurityCenterClient(context);
+ var topologyResource = securityCenterClient.Topology.Get("MyResourceGroup", "virtualNetworks");
+ ValidateTopologyResource(topologyResource);
+ }
+ }
+
+ #endregion
+
+ #region Validations
+
+ private void ValidateTopologiesResources(IPage topologiesResources)
+ {
+ Assert.True(topologiesResources.IsAny());
+
+ topologiesResources.ForEach(ValidateTopologyResource);
+ }
+
+ private void ValidateTopologyResource(TopologyResource topologyResource)
+ {
+ Assert.NotNull(topologyResource);
+ Assert.NotNull(topologyResource.CalculatedDateTime);
+ topologyResource.TopologyResources?.ForEach(singleTopologyResource =>
+ {
+ Assert.NotNull(singleTopologyResource);
+ Assert.NotNull(singleTopologyResource.ResourceId);
+ Assert.NotNull(singleTopologyResource.RecommendationsExist);
+ Assert.NotNull(singleTopologyResource.TopologyScore);
+ Assert.NotNull(singleTopologyResource.NetworkZones);
+ });
+ }
+
+ #endregion
+ }
+}