diff --git a/eng/mgmt/mgmtmetadata/security_resource-manager.txt b/eng/mgmt/mgmtmetadata/security_resource-manager.txt
index 14d6eee89378f..e170507f12609 100644
--- a/eng/mgmt/mgmtmetadata/security_resource-manager.txt
+++ b/eng/mgmt/mgmtmetadata/security_resource-manager.txt
@@ -1,4 +1,4 @@
-Installing AutoRest version: v2
+Installing AutoRest version: v2
AutoRest installed successfully.
Commencing code generation
Generating CSharp code
diff --git a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/Models/AdditionalData.cs b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/Models/AdditionalData.cs
index a052f822516ac..efcb3ced1b862 100644
--- a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/Models/AdditionalData.cs
+++ b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/Models/AdditionalData.cs
@@ -10,11 +10,13 @@
namespace Microsoft.Azure.Management.Security.Models
{
+ using Newtonsoft.Json;
using System.Linq;
///
/// Details of the sub-assessment
///
+ [Newtonsoft.Json.JsonObject("AdditionalData")]
public partial class AdditionalData
{
///
diff --git a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/Models/AllowlistCustomAlertRule.cs b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/Models/AllowlistCustomAlertRule.cs
index 4f1823712b08e..9033e1abbffb7 100644
--- a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/Models/AllowlistCustomAlertRule.cs
+++ b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/Models/AllowlistCustomAlertRule.cs
@@ -20,6 +20,7 @@ namespace Microsoft.Azure.Management.Security.Models
/// A custom alert rule that checks if a value (depends on the custom alert
/// type) is allowed.
///
+ [Newtonsoft.Json.JsonObject("AllowlistCustomAlertRule")]
public partial class AllowlistCustomAlertRule : ListCustomAlertRule
{
///
diff --git a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/Models/AmqpC2DRejectedMessagesNotInAllowedRange.cs b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/Models/AmqpC2DRejectedMessagesNotInAllowedRange.cs
index 27ca3c49286ed..61375802e9ea5 100644
--- a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/Models/AmqpC2DRejectedMessagesNotInAllowedRange.cs
+++ b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/Models/AmqpC2DRejectedMessagesNotInAllowedRange.cs
@@ -10,12 +10,14 @@
namespace Microsoft.Azure.Management.Security.Models
{
+ using Newtonsoft.Json;
using System.Linq;
///
/// Number of rejected cloud to device messages (AMQP protocol) is not in
/// allowed range.
///
+ [Newtonsoft.Json.JsonObject("AmqpC2DRejectedMessagesNotInAllowedRange")]
public partial class AmqpC2DRejectedMessagesNotInAllowedRange : TimeWindowCustomAlertRule
{
///
diff --git a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/Models/AmqpD2CMessagesNotInAllowedRange.cs b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/Models/AmqpD2CMessagesNotInAllowedRange.cs
index 8061c59a72cea..fd6dd48b1060b 100644
--- a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/Models/AmqpD2CMessagesNotInAllowedRange.cs
+++ b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/Models/AmqpD2CMessagesNotInAllowedRange.cs
@@ -10,12 +10,14 @@
namespace Microsoft.Azure.Management.Security.Models
{
+ using Newtonsoft.Json;
using System.Linq;
///
/// Number of device to cloud messages (AMQP protocol) is not in allowed
/// range.
///
+ [Newtonsoft.Json.JsonObject("AmqpD2CMessagesNotInAllowedRange")]
public partial class AmqpD2CMessagesNotInAllowedRange : TimeWindowCustomAlertRule
{
///
diff --git a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/Models/AutomationAction.cs b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/Models/AutomationAction.cs
index 921ecb8ffaf1e..e486a3ba01b92 100644
--- a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/Models/AutomationAction.cs
+++ b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/Models/AutomationAction.cs
@@ -10,11 +10,13 @@
namespace Microsoft.Azure.Management.Security.Models
{
+ using Newtonsoft.Json;
using System.Linq;
///
/// The action that should be triggered.
///
+ [Newtonsoft.Json.JsonObject("AutomationAction")]
public partial class AutomationAction
{
///
diff --git a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/Models/ConnectionToIpNotAllowed.cs b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/Models/ConnectionToIpNotAllowed.cs
index 16d02941054a2..19cc63c8934cd 100644
--- a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/Models/ConnectionToIpNotAllowed.cs
+++ b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/Models/ConnectionToIpNotAllowed.cs
@@ -10,6 +10,7 @@
namespace Microsoft.Azure.Management.Security.Models
{
+ using Newtonsoft.Json;
using System.Collections;
using System.Collections.Generic;
using System.Linq;
@@ -18,6 +19,7 @@ namespace Microsoft.Azure.Management.Security.Models
/// Outbound connection to an ip that isn't allowed. Allow list consists of
/// ipv4 or ipv6 range in CIDR notation.
///
+ [Newtonsoft.Json.JsonObject("ConnectionToIpNotAllowed")]
public partial class ConnectionToIpNotAllowed : AllowlistCustomAlertRule
{
///
diff --git a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/Models/CustomAlertRule.cs b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/Models/CustomAlertRule.cs
index c52d16896c228..a581bbf4f832f 100644
--- a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/Models/CustomAlertRule.cs
+++ b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/Models/CustomAlertRule.cs
@@ -16,6 +16,7 @@ namespace Microsoft.Azure.Management.Security.Models
///
/// A custom alert rule.
///
+ [Newtonsoft.Json.JsonObject("CustomAlertRule")]
public partial class CustomAlertRule
{
///
diff --git a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/Models/DenylistCustomAlertRule.cs b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/Models/DenylistCustomAlertRule.cs
index fefdebb7ccadc..1bfe4ef2944a7 100644
--- a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/Models/DenylistCustomAlertRule.cs
+++ b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/Models/DenylistCustomAlertRule.cs
@@ -20,6 +20,7 @@ namespace Microsoft.Azure.Management.Security.Models
/// A custom alert rule that checks if a value (depends on the custom alert
/// type) is denied.
///
+ [Newtonsoft.Json.JsonObject("DenylistCustomAlertRule")]
public partial class DenylistCustomAlertRule : ListCustomAlertRule
{
///
diff --git a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/Models/DirectMethodInvokesNotInAllowedRange.cs b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/Models/DirectMethodInvokesNotInAllowedRange.cs
index efb160b104ecb..5965d35479674 100644
--- a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/Models/DirectMethodInvokesNotInAllowedRange.cs
+++ b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/Models/DirectMethodInvokesNotInAllowedRange.cs
@@ -10,11 +10,13 @@
namespace Microsoft.Azure.Management.Security.Models
{
+ using Newtonsoft.Json;
using System.Linq;
///
/// Number of direct method invokes is not in allowed range.
///
+ [Newtonsoft.Json.JsonObject("DirectMethodInvokesNotInAllowedRange")]
public partial class DirectMethodInvokesNotInAllowedRange : TimeWindowCustomAlertRule
{
///
diff --git a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/Models/ExternalSecuritySolution.cs b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/Models/ExternalSecuritySolution.cs
index 119f870c19ad7..6391dffca8f2f 100644
--- a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/Models/ExternalSecuritySolution.cs
+++ b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/Models/ExternalSecuritySolution.cs
@@ -18,6 +18,7 @@ namespace Microsoft.Azure.Management.Security.Models
/// sends information to an OMS workspace and whose data is displayed by
/// Azure Security Center.
///
+ [Newtonsoft.Json.JsonObject("ExternalSecuritySolution")]
public partial class ExternalSecuritySolution
{
///
diff --git a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/Models/FailedLocalLoginsNotInAllowedRange.cs b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/Models/FailedLocalLoginsNotInAllowedRange.cs
index d2d8d1166ae26..940afb4c7ce2c 100644
--- a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/Models/FailedLocalLoginsNotInAllowedRange.cs
+++ b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/Models/FailedLocalLoginsNotInAllowedRange.cs
@@ -10,11 +10,13 @@
namespace Microsoft.Azure.Management.Security.Models
{
+ using Newtonsoft.Json;
using System.Linq;
///
/// Number of failed local logins is not in allowed range.
///
+ [Newtonsoft.Json.JsonObject("FailedLocalLoginsNotInAllowedRange")]
public partial class FailedLocalLoginsNotInAllowedRange : TimeWindowCustomAlertRule
{
///
diff --git a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/Models/FileUploadsNotInAllowedRange.cs b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/Models/FileUploadsNotInAllowedRange.cs
index 55109af42dc0b..b35c49246449d 100644
--- a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/Models/FileUploadsNotInAllowedRange.cs
+++ b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/Models/FileUploadsNotInAllowedRange.cs
@@ -10,11 +10,13 @@
namespace Microsoft.Azure.Management.Security.Models
{
+ using Newtonsoft.Json;
using System.Linq;
///
/// Number of file uploads is not in allowed range.
///
+ [Newtonsoft.Json.JsonObject("FileUploadsNotInAllowedRange")]
public partial class FileUploadsNotInAllowedRange : TimeWindowCustomAlertRule
{
///
diff --git a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/Models/HttpC2DMessagesNotInAllowedRange.cs b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/Models/HttpC2DMessagesNotInAllowedRange.cs
index 21b2e8bf7d9e4..b4c92a0347b10 100644
--- a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/Models/HttpC2DMessagesNotInAllowedRange.cs
+++ b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/Models/HttpC2DMessagesNotInAllowedRange.cs
@@ -10,12 +10,14 @@
namespace Microsoft.Azure.Management.Security.Models
{
+ using Newtonsoft.Json;
using System.Linq;
///
/// Number of cloud to device messages (HTTP protocol) is not in allowed
/// range.
///
+ [Newtonsoft.Json.JsonObject("HttpC2DMessagesNotInAllowedRange")]
public partial class HttpC2DMessagesNotInAllowedRange : TimeWindowCustomAlertRule
{
///
diff --git a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/Models/HttpC2DRejectedMessagesNotInAllowedRange.cs b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/Models/HttpC2DRejectedMessagesNotInAllowedRange.cs
index 73f69e0b71b0c..a9d06f0275783 100644
--- a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/Models/HttpC2DRejectedMessagesNotInAllowedRange.cs
+++ b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/Models/HttpC2DRejectedMessagesNotInAllowedRange.cs
@@ -10,12 +10,14 @@
namespace Microsoft.Azure.Management.Security.Models
{
+ using Newtonsoft.Json;
using System.Linq;
///
/// Number of rejected cloud to device messages (HTTP protocol) is not in
/// allowed range.
///
+ [Newtonsoft.Json.JsonObject("HttpC2DRejectedMessagesNotInAllowedRange")]
public partial class HttpC2DRejectedMessagesNotInAllowedRange : TimeWindowCustomAlertRule
{
///
diff --git a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/Models/HttpD2CMessagesNotInAllowedRange.cs b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/Models/HttpD2CMessagesNotInAllowedRange.cs
index 820edd41c00ac..d9ecd22c241b8 100644
--- a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/Models/HttpD2CMessagesNotInAllowedRange.cs
+++ b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/Models/HttpD2CMessagesNotInAllowedRange.cs
@@ -10,12 +10,14 @@
namespace Microsoft.Azure.Management.Security.Models
{
+ using Newtonsoft.Json;
using System.Linq;
///
/// Number of device to cloud messages (HTTP protocol) is not in allowed
/// range.
///
+ [Newtonsoft.Json.JsonObject("HttpD2CMessagesNotInAllowedRange")]
public partial class HttpD2CMessagesNotInAllowedRange : TimeWindowCustomAlertRule
{
///
diff --git a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/Models/ListCustomAlertRule.cs b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/Models/ListCustomAlertRule.cs
index 528d183316de5..763959ad3860f 100644
--- a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/Models/ListCustomAlertRule.cs
+++ b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/Models/ListCustomAlertRule.cs
@@ -16,6 +16,7 @@ namespace Microsoft.Azure.Management.Security.Models
///
/// A List custom alert rule.
///
+ [Newtonsoft.Json.JsonObject("ListCustomAlertRule")]
public partial class ListCustomAlertRule : CustomAlertRule
{
///
diff --git a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/Models/LocalUserNotAllowed.cs b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/Models/LocalUserNotAllowed.cs
index 0005bd059e44c..27e661e467c1e 100644
--- a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/Models/LocalUserNotAllowed.cs
+++ b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/Models/LocalUserNotAllowed.cs
@@ -10,6 +10,7 @@
namespace Microsoft.Azure.Management.Security.Models
{
+ using Newtonsoft.Json;
using System.Collections;
using System.Collections.Generic;
using System.Linq;
@@ -18,6 +19,7 @@ namespace Microsoft.Azure.Management.Security.Models
/// Login by a local user that isn't allowed. Allow list consists of login
/// names to allow.
///
+ [Newtonsoft.Json.JsonObject("LocalUserNotAllowed")]
public partial class LocalUserNotAllowed : AllowlistCustomAlertRule
{
///
diff --git a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/Models/MqttC2DMessagesNotInAllowedRange.cs b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/Models/MqttC2DMessagesNotInAllowedRange.cs
index 3df5348335277..50ce5fe30a68a 100644
--- a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/Models/MqttC2DMessagesNotInAllowedRange.cs
+++ b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/Models/MqttC2DMessagesNotInAllowedRange.cs
@@ -10,12 +10,14 @@
namespace Microsoft.Azure.Management.Security.Models
{
+ using Newtonsoft.Json;
using System.Linq;
///
/// Number of cloud to device messages (MQTT protocol) is not in allowed
/// range.
///
+ [Newtonsoft.Json.JsonObject("MqttC2DMessagesNotInAllowedRange")]
public partial class MqttC2DMessagesNotInAllowedRange : TimeWindowCustomAlertRule
{
///
diff --git a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/Models/MqttC2DRejectedMessagesNotInAllowedRange.cs b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/Models/MqttC2DRejectedMessagesNotInAllowedRange.cs
index 6607cb5285c9b..55fb3039b11ad 100644
--- a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/Models/MqttC2DRejectedMessagesNotInAllowedRange.cs
+++ b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/Models/MqttC2DRejectedMessagesNotInAllowedRange.cs
@@ -10,12 +10,14 @@
namespace Microsoft.Azure.Management.Security.Models
{
+ using Newtonsoft.Json;
using System.Linq;
///
/// Number of rejected cloud to device messages (MQTT protocol) is not in
/// allowed range.
///
+ [Newtonsoft.Json.JsonObject("MqttC2DRejectedMessagesNotInAllowedRange")]
public partial class MqttC2DRejectedMessagesNotInAllowedRange : TimeWindowCustomAlertRule
{
///
diff --git a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/Models/MqttD2CMessagesNotInAllowedRange.cs b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/Models/MqttD2CMessagesNotInAllowedRange.cs
index 1bba936ed5917..358bb0c6e4f81 100644
--- a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/Models/MqttD2CMessagesNotInAllowedRange.cs
+++ b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/Models/MqttD2CMessagesNotInAllowedRange.cs
@@ -10,12 +10,14 @@
namespace Microsoft.Azure.Management.Security.Models
{
+ using Newtonsoft.Json;
using System.Linq;
///
/// Number of device to cloud messages (MQTT protocol) is not in allowed
/// range.
///
+ [Newtonsoft.Json.JsonObject("MqttD2CMessagesNotInAllowedRange")]
public partial class MqttD2CMessagesNotInAllowedRange : TimeWindowCustomAlertRule
{
///
diff --git a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/Models/ProcessNotAllowed.cs b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/Models/ProcessNotAllowed.cs
index a69d3dc5f9326..66e7dc1f46f90 100644
--- a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/Models/ProcessNotAllowed.cs
+++ b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/Models/ProcessNotAllowed.cs
@@ -10,6 +10,7 @@
namespace Microsoft.Azure.Management.Security.Models
{
+ using Newtonsoft.Json;
using System.Collections;
using System.Collections.Generic;
using System.Linq;
@@ -18,6 +19,7 @@ namespace Microsoft.Azure.Management.Security.Models
/// Execution of a process that isn't allowed. Allow list consists of
/// process names to allow.
///
+ [Newtonsoft.Json.JsonObject("ProcessNotAllowed")]
public partial class ProcessNotAllowed : AllowlistCustomAlertRule
{
///
diff --git a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/Models/QueuePurgesNotInAllowedRange.cs b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/Models/QueuePurgesNotInAllowedRange.cs
index 6845776d0aed3..e7a506d93b606 100644
--- a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/Models/QueuePurgesNotInAllowedRange.cs
+++ b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/Models/QueuePurgesNotInAllowedRange.cs
@@ -10,11 +10,13 @@
namespace Microsoft.Azure.Management.Security.Models
{
+ using Newtonsoft.Json;
using System.Linq;
///
/// Number of device queue purges is not in allowed range.
///
+ [Newtonsoft.Json.JsonObject("QueuePurgesNotInAllowedRange")]
public partial class QueuePurgesNotInAllowedRange : TimeWindowCustomAlertRule
{
///
diff --git a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/Models/ResourceDetails.cs b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/Models/ResourceDetails.cs
index 14c1aa7336673..6ab1d4f7544fb 100644
--- a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/Models/ResourceDetails.cs
+++ b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/Models/ResourceDetails.cs
@@ -10,11 +10,13 @@
namespace Microsoft.Azure.Management.Security.Models
{
+ using Newtonsoft.Json;
using System.Linq;
///
/// Details of the resource that was assessed
///
+ [Newtonsoft.Json.JsonObject("ResourceDetails")]
public partial class ResourceDetails
{
///
diff --git a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/Models/ThresholdCustomAlertRule.cs b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/Models/ThresholdCustomAlertRule.cs
index 47f1dfdf2e8f7..7df8da76196bc 100644
--- a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/Models/ThresholdCustomAlertRule.cs
+++ b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/Models/ThresholdCustomAlertRule.cs
@@ -17,6 +17,7 @@ namespace Microsoft.Azure.Management.Security.Models
/// A custom alert rule that checks if a value (depends on the custom alert
/// type) is within the given range.
///
+ [Newtonsoft.Json.JsonObject("ThresholdCustomAlertRule")]
public partial class ThresholdCustomAlertRule : CustomAlertRule
{
///
diff --git a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/Models/TimeWindowCustomAlertRule.cs b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/Models/TimeWindowCustomAlertRule.cs
index e6fdc3230f94a..eaeb685da1b5a 100644
--- a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/Models/TimeWindowCustomAlertRule.cs
+++ b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/Models/TimeWindowCustomAlertRule.cs
@@ -17,6 +17,7 @@ namespace Microsoft.Azure.Management.Security.Models
/// A custom alert rule that checks if the number of activities (depends on
/// the custom alert type) in a time window is within the given range.
///
+ [Newtonsoft.Json.JsonObject("TimeWindowCustomAlertRule")]
public partial class TimeWindowCustomAlertRule : ThresholdCustomAlertRule
{
///
diff --git a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/Models/TwinUpdatesNotInAllowedRange.cs b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/Models/TwinUpdatesNotInAllowedRange.cs
index 047ed484cb7e8..e0b4415251e92 100644
--- a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/Models/TwinUpdatesNotInAllowedRange.cs
+++ b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/Models/TwinUpdatesNotInAllowedRange.cs
@@ -10,11 +10,13 @@
namespace Microsoft.Azure.Management.Security.Models
{
+ using Newtonsoft.Json;
using System.Linq;
///
/// Number of twin updates is not in allowed range.
///
+ [Newtonsoft.Json.JsonObject("TwinUpdatesNotInAllowedRange")]
public partial class TwinUpdatesNotInAllowedRange : TimeWindowCustomAlertRule
{
///
diff --git a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/Models/UnauthorizedOperationsNotInAllowedRange.cs b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/Models/UnauthorizedOperationsNotInAllowedRange.cs
index 757b89fe6a5f4..f57c05fd4648b 100644
--- a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/Models/UnauthorizedOperationsNotInAllowedRange.cs
+++ b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Generated/Models/UnauthorizedOperationsNotInAllowedRange.cs
@@ -10,11 +10,13 @@
namespace Microsoft.Azure.Management.Security.Models
{
+ using Newtonsoft.Json;
using System.Linq;
///
/// Number of unauthorized operations is not in allowed range.
///
+ [Newtonsoft.Json.JsonObject("UnauthorizedOperationsNotInAllowedRange")]
public partial class UnauthorizedOperationsNotInAllowedRange : TimeWindowCustomAlertRule
{
///
diff --git a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Microsoft.Azure.Management.SecurityCenter.csproj b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Microsoft.Azure.Management.SecurityCenter.csproj
index c703275a69686..6ef5b690ab932 100644
--- a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Microsoft.Azure.Management.SecurityCenter.csproj
+++ b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Microsoft.Azure.Management.SecurityCenter.csproj
@@ -6,7 +6,7 @@
Microsoft.Azure.Management.SecurityCenter
Provides developers with libraries for the updated Azure Security Center platform under Azure Resource manager to view and manage security posture in and outside Azure.
- 2.0.0
+ 2.1.0
Microsoft.Azure.Management.SecurityCenter
management;security center;security;IoT security;
Updated Information Protection SDK clients
diff --git a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Properties/AssemblyInfo.cs b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Properties/AssemblyInfo.cs
index a9cb68823964c..fa3533837f6e5 100644
--- a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Properties/AssemblyInfo.cs
+++ b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/src/Properties/AssemblyInfo.cs
@@ -7,8 +7,8 @@
[assembly: AssemblyTitle("Microsoft Azure Security Center Library")]
[assembly: AssemblyDescription("Provides management functionality for Microsoft Azure Security Center Resources.")]
-[assembly: AssemblyVersion("2.0.0.0")]
-[assembly: AssemblyFileVersion("2.0.0.0")]
+[assembly: AssemblyVersion("2.1.0.0")]
+[assembly: AssemblyFileVersion("2.1.0.0")]
[assembly: AssemblyConfiguration("")]
[assembly: AssemblyCompany("Microsoft")]
[assembly: AssemblyProduct("Microsoft Azure .NET SDK")]
diff --git a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/AdaptiveApplicationControls/AdaptiveApplicationControlsTests.cs b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/AdaptiveApplicationControls/AdaptiveApplicationControlsTests.cs
new file mode 100644
index 0000000000000..c6547dc316fd4
--- /dev/null
+++ b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/AdaptiveApplicationControls/AdaptiveApplicationControlsTests.cs
@@ -0,0 +1,115 @@
+using System.Net;
+using Microsoft.Azure.Management.Security;
+using Microsoft.Azure.Management.Security.Models;
+using Microsoft.Azure.Test.HttpRecorder;
+using Microsoft.Rest.ClientRuntime.Azure.TestFramework;
+using Newtonsoft.Json;
+using SecurityCenter.Tests.Helpers;
+using Xunit;
+
+namespace SecurityCenter.Tests
+{
+ public class AdaptiveApplicationControlsTests : TestBase
+ {
+ #region Test setup
+
+ public static TestEnvironment TestEnvironment { get; private set; }
+
+ private static SecurityCenterClient GetSecurityCenterClient(MockContext context)
+ {
+ if (TestEnvironment == null && HttpMockServer.Mode == HttpRecorderMode.Record)
+ {
+ TestEnvironment = TestEnvironmentFactory.GetTestEnvironment();
+ }
+
+ var handler = new RecordedDelegatingHandler { StatusCodeToReturn = HttpStatusCode.OK, IsPassThrough = true };
+
+ var securityCenterClient = HttpMockServer.Mode == HttpRecorderMode.Record
+ ? context.GetServiceClient(TestEnvironment, handlers: handler)
+ : context.GetServiceClient(handlers: handler);
+
+ securityCenterClient.AscLocation = "centralus";
+
+ return securityCenterClient;
+ }
+
+ #endregion
+
+ #region AdaptiveApplicationControls Tests
+ [Fact]
+ public void AdaptiveApplicationControls_List()
+ {
+ using (var context = MockContext.Start(this.GetType()))
+ {
+ var securityCenterClient = GetSecurityCenterClient(context);
+ var appWhitelistingGroups = securityCenterClient.AdaptiveApplicationControls.List();
+ ValidateAppWhitelistingGroups(appWhitelistingGroups);
+ }
+ }
+
+ [Fact]
+ public void AdaptiveApplicationControls_Put()
+ {
+ using (var context = MockContext.Start(this.GetType()))
+ {
+ var securityCenterClient = GetSecurityCenterClient(context);
+ var appWhitelistingGroup = new AppWhitelistingGroup(
+ name: "TestGroup",
+ protectionMode: new ProtectionMode("Audit", "None", "None"),
+ configurationStatus: "NoStatus",
+ sourceSystem: "Azure_AppLocker");
+
+ var createdGroup = securityCenterClient.AdaptiveApplicationControls.Put("TestGroup", appWhitelistingGroup);
+
+ ValidateCreatedApplicationWhitelistingGroup(createdGroup, securityCenterClient.AscLocation, "TestGroup");
+ }
+ }
+
+ [Fact]
+ public void AdaptiveApplicationControls_Get()
+ {
+ using (var context = MockContext.Start(this.GetType()))
+ {
+ var securityCenterClient = GetSecurityCenterClient(context);
+ var group = securityCenterClient.AdaptiveApplicationControls.Get("TestGroup");
+
+ ValidateApplicationWhitelistingGroup(group);
+ }
+ }
+
+ #endregion
+
+ #region Validations
+
+
+ private void ValidateAppWhitelistingGroups(AppWhitelistingGroups appWhitelistingGroups)
+ {
+ Assert.NotEmpty(appWhitelistingGroups.Value);
+
+ appWhitelistingGroups.Value.ForEach(ValidateApplicationWhitelistingGroup);
+ }
+
+ private void ValidateApplicationWhitelistingGroup(AppWhitelistingGroup appWhitelistingGroup)
+ {
+ Assert.NotNull(appWhitelistingGroup);
+ Assert.NotNull(appWhitelistingGroup.VmRecommendations);
+ Assert.NotNull(appWhitelistingGroup.PathRecommendations);
+ Assert.NotNull(appWhitelistingGroup.ConfigurationStatus);
+ Assert.NotNull(appWhitelistingGroup.EnforcementMode);
+ Assert.NotNull(appWhitelistingGroup.Issues);
+ Assert.NotNull(appWhitelistingGroup.ProtectionMode);
+ Assert.NotNull(appWhitelistingGroup.SourceSystem);
+ }
+
+ private void ValidateCreatedApplicationWhitelistingGroup(AppWhitelistingGroup appWhitelistingGroup, string ascLocation, string groupName)
+ {
+ Assert.NotNull(appWhitelistingGroup);
+ Assert.NotNull(appWhitelistingGroup.Id);
+ Assert.Equal(groupName, appWhitelistingGroup.Name);
+ Assert.Equal("Microsoft.Security/applicationWhitelistings", appWhitelistingGroup.Type);
+ Assert.Equal(ascLocation, appWhitelistingGroup.Location);
+ }
+
+ #endregion
+ }
+}
diff --git a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/AdaptiveNetworkHardenings/AdaptiveNetworkHardeningsTests.cs b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/AdaptiveNetworkHardenings/AdaptiveNetworkHardeningsTests.cs
new file mode 100644
index 0000000000000..2d8ac7aceb089
--- /dev/null
+++ b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/AdaptiveNetworkHardenings/AdaptiveNetworkHardeningsTests.cs
@@ -0,0 +1,87 @@
+using System.Collections.Generic;
+using System.Net;
+using Microsoft.Azure.Management.Security;
+using Microsoft.Azure.Management.Security.Models;
+using Microsoft.Azure.Test.HttpRecorder;
+using Microsoft.Rest.Azure;
+using Microsoft.Rest.ClientRuntime.Azure.TestFramework;
+using SecurityCenter.Tests.Helpers;
+using Xunit;
+
+namespace SecurityCenter.Tests
+{
+ public class AdaptiveNetworkHardeningsTests : TestBase
+ {
+ #region Test setup
+
+ public static TestEnvironment TestEnvironment { get; private set; }
+
+ private static SecurityCenterClient GetSecurityCenterClient(MockContext context)
+ {
+ if (TestEnvironment == null && HttpMockServer.Mode == HttpRecorderMode.Record)
+ {
+ TestEnvironment = TestEnvironmentFactory.GetTestEnvironment();
+ }
+
+ var handler = new RecordedDelegatingHandler { StatusCodeToReturn = HttpStatusCode.OK, IsPassThrough = true };
+
+ var securityCenterClient = HttpMockServer.Mode == HttpRecorderMode.Record
+ ? context.GetServiceClient(TestEnvironment, handlers: handler)
+ : context.GetServiceClient(handlers: handler);
+
+ securityCenterClient.AscLocation = "westcentralus";
+
+ return securityCenterClient;
+ }
+
+ #endregion
+
+ #region AdaptiveNetworkHardenings Tests
+ [Fact]
+ public void AdaptiveNetworkHardenings_Get()
+ {
+ using (var context = MockContext.Start(this.GetType()))
+ {
+ var securityCenterClient = GetSecurityCenterClient(context);
+ var adaptiveNetworkHardeningResource = securityCenterClient.AdaptiveNetworkHardenings.Get("MyResourceGroup", "Microsoft.Compute", "virtualMachines", "MyVm", "default");
+ ValidateAdaptiveNetworkHardeningResource(adaptiveNetworkHardeningResource);
+ }
+ }
+
+ [Fact]
+ public void AdaptiveNetworkHardenings_Enforce()
+ {
+ using (var context = MockContext.Start(this.GetType()))
+ {
+ var securityCenterClient = GetSecurityCenterClient(context);
+ var response = securityCenterClient.AdaptiveNetworkHardenings.BeginEnforceWithHttpMessagesAsync(
+ "MyResourceGroup",
+ "Microsoft.Compute",
+ "virtualMachines",
+ "MyVm",
+ "default",
+ new List()
+ {
+ new Rule("SystemGenerated", "Inbound", 3389, new List() { "TCP"}, new List())
+ },
+ new[] { "/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/MyResourceGroup/providers/Microsoft.Network/networkSecurityGroups/MyNsg" }).Result;
+
+ Assert.Equal(HttpStatusCode.Accepted, response.Response.StatusCode);
+ }
+ }
+
+ #endregion
+
+ #region Validations
+
+ private void ValidateAdaptiveNetworkHardeningResource(AdaptiveNetworkHardening adaptiveNetworkHardeningResource)
+ {
+ Assert.NotNull(adaptiveNetworkHardeningResource);
+ Assert.NotEmpty(adaptiveNetworkHardeningResource.EffectiveNetworkSecurityGroups);
+ Assert.NotEmpty(adaptiveNetworkHardeningResource.Rules);
+ Assert.NotNull(adaptiveNetworkHardeningResource.RulesCalculationTime);
+ }
+
+ #endregion
+ }
+}
diff --git a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/AllowedConnections/AllowedConnectionsTests.cs b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/AllowedConnections/AllowedConnectionsTests.cs
new file mode 100644
index 0000000000000..9a53d225cf35e
--- /dev/null
+++ b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/AllowedConnections/AllowedConnectionsTests.cs
@@ -0,0 +1,88 @@
+using System.Net;
+using Microsoft.Azure.Management.Security;
+using Microsoft.Azure.Management.Security.Models;
+using Microsoft.Azure.Test.HttpRecorder;
+using Microsoft.Rest.Azure;
+using Microsoft.Rest.ClientRuntime.Azure.TestFramework;
+using SecurityCenter.Tests.Helpers;
+using Xunit;
+
+namespace SecurityCenter.Tests
+{
+ public class AllowedConnectionsTests : TestBase
+ {
+ #region Test setup
+
+ public static TestEnvironment TestEnvironment { get; private set; }
+
+ private static SecurityCenterClient GetSecurityCenterClient(MockContext context)
+ {
+ if (TestEnvironment == null && HttpMockServer.Mode == HttpRecorderMode.Record)
+ {
+ TestEnvironment = TestEnvironmentFactory.GetTestEnvironment();
+ }
+
+ var handler = new RecordedDelegatingHandler { StatusCodeToReturn = HttpStatusCode.OK, IsPassThrough = true };
+
+ var securityCenterClient = HttpMockServer.Mode == HttpRecorderMode.Record
+ ? context.GetServiceClient(TestEnvironment, handlers: handler)
+ : context.GetServiceClient(handlers: handler);
+
+ securityCenterClient.AscLocation = "westcentralus";
+
+ return securityCenterClient;
+ }
+
+ #endregion
+
+ #region AllowedConnections tests
+
+ [Fact]
+ public void AllowedConnections_List()
+ {
+ using (var context = MockContext.Start(this.GetType()))
+ {
+ var securityCenterClient = GetSecurityCenterClient(context);
+ var allowedConnectionsResources = securityCenterClient.AllowedConnections.List();
+ ValidateAllowedConnectionsResources(allowedConnectionsResources);
+ }
+ }
+
+ [Fact]
+ public void AllowedConnections_Get()
+ {
+ using (var context = MockContext.Start(this.GetType()))
+ {
+ var securityCenterClient = GetSecurityCenterClient(context);
+ var allowedConnectionsResource = securityCenterClient.AllowedConnections.Get("MyResourceGroup", "internal");
+ ValidateAllowedConnectionsResource(allowedConnectionsResource);
+ }
+ }
+
+ #endregion
+
+ #region Validations
+
+ private void ValidateAllowedConnectionsResources(IPage allowedConnectionsResources)
+ {
+ Assert.True(allowedConnectionsResources.IsAny());
+
+ allowedConnectionsResources.ForEach(ValidateAllowedConnectionsResource);
+ }
+
+ private void ValidateAllowedConnectionsResource(AllowedConnectionsResource allowedConnectionsResource)
+ {
+ Assert.NotNull(allowedConnectionsResource);
+
+ Assert.NotNull(allowedConnectionsResource.CalculatedDateTime);
+ allowedConnectionsResource.ConnectableResources?.ForEach(connectableResource =>
+ {
+ Assert.NotNull(connectableResource.Id);
+ Assert.NotNull(connectableResource.InboundConnectedResources);
+ Assert.NotNull(connectableResource.OutboundConnectedResources);
+ });
+ }
+
+ #endregion
+ }
+}
diff --git a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/AdaptiveApplicationControlsTests/AdaptiveApplicationControls_Get.json b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/AdaptiveApplicationControlsTests/AdaptiveApplicationControls_Get.json
new file mode 100644
index 0000000000000..ef9959900599e
--- /dev/null
+++ b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/AdaptiveApplicationControlsTests/AdaptiveApplicationControls_Get.json
@@ -0,0 +1,71 @@
+{
+ "Entries": [
+ {
+ "RequestUri": "/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/providers/Microsoft.Security/locations/centralus/applicationWhitelistings/TestGroup?api-version=2020-01-01",
+ "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvNDg3YmI0ODUtYjViMC00NzFlLTljMGQtMTA3MTc2MTJmODY5L3Byb3ZpZGVycy9NaWNyb3NvZnQuU2VjdXJpdHkvbG9jYXRpb25zL2NlbnRyYWx1cy9hcHBsaWNhdGlvbldoaXRlbGlzdGluZ3MvVGVzdEdyb3VwP2FwaS12ZXJzaW9uPTIwMjAtMDEtMDE=",
+ "RequestMethod": "GET",
+ "RequestBody": "",
+ "RequestHeaders": {
+ "x-ms-client-request-id": [
+ "b4e95b37-1e00-4875-816b-f71078af2038"
+ ],
+ "accept-language": [
+ "en-US"
+ ],
+ "User-Agent": [
+ "FxVersion/4.6.26614.01",
+ "OSName/Windows",
+ "OSVersion/Microsoft.Windows.10.0.18363.",
+ "Microsoft.Azure.Management.Security.SecurityCenterClient/1.1.2.0"
+ ]
+ },
+ "ResponseHeaders": {
+ "Cache-Control": [
+ "no-cache"
+ ],
+ "Date": [
+ "Thu, 30 Apr 2020 14:08:13 GMT"
+ ],
+ "Pragma": [
+ "no-cache"
+ ],
+ "Server": [
+ "Microsoft-HTTPAPI/2.0"
+ ],
+ "x-ms-request-id": [
+ "54ff0cd5-01c9-4c9a-b939-6b2b6b0408d6"
+ ],
+ "x-ms-ratelimit-remaining-subscription-resource-requests": [
+ "499"
+ ],
+ "x-ms-correlation-request-id": [
+ "4897a6a8-6319-4f2f-a758-e50b3a463e3f"
+ ],
+ "x-ms-routing-request-id": [
+ "GERMANYWESTCENTRAL:20200430T140814Z:4897a6a8-6319-4f2f-a758-e50b3a463e3f"
+ ],
+ "Strict-Transport-Security": [
+ "max-age=31536000; includeSubDomains"
+ ],
+ "X-Content-Type-Options": [
+ "nosniff"
+ ],
+ "Content-Length": [
+ "3510"
+ ],
+ "Content-Type": [
+ "application/json; charset=utf-8"
+ ],
+ "Expires": [
+ "-1"
+ ]
+ },
+ "ResponseBody": "{\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/providers/Microsoft.Security/locations/centralus/applicationWhitelistings/TestGroup\",\r\n \"name\": \"TestGroup\",\r\n \"type\": \"Microsoft.Security/applicationWhitelistings\",\r\n \"location\": \"centralus\",\r\n \"properties\": {\r\n \"recommendationStatus\": \"Recommended\",\r\n \"enforcementMode\": \"Audit\",\r\n \"vmRecommendations\": [],\r\n \"pathRecommendations\": [\r\n {\r\n \"path\": \"[exe] O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US\\\\*\\\\*\\\\0.0.0.0\",\r\n \"type\": \"PublisherSignature\",\r\n \"publisherInfo\": {\r\n \"publisherName\": \"O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US\",\r\n \"productName\": \"*\",\r\n \"binaryName\": \"*\",\r\n \"version\": \"0.0.0.0\"\r\n },\r\n \"common\": true,\r\n \"action\": \"Recommended\",\r\n \"usernames\": [\r\n {\r\n \"username\": \"Everyone\",\r\n \"recommendationAction\": \"Recommended\"\r\n }\r\n ],\r\n \"userSids\": [\r\n \"S-1-1-0\"\r\n ],\r\n \"fileType\": \"exe\",\r\n \"configurationStatus\": \"NotConfigured\"\r\n },\r\n {\r\n \"path\": \"[exe] CN=MICROSOFT AZURE DEPENDENCY CODE SIGN\\\\*\\\\*\\\\0.0.0.0\",\r\n \"type\": \"PublisherSignature\",\r\n \"publisherInfo\": {\r\n \"publisherName\": \"CN=MICROSOFT AZURE DEPENDENCY CODE SIGN\",\r\n \"productName\": \"*\",\r\n \"binaryName\": \"*\",\r\n \"version\": \"0.0.0.0\"\r\n },\r\n \"common\": true,\r\n \"action\": \"Recommended\",\r\n \"usernames\": [\r\n {\r\n \"username\": \"Everyone\",\r\n \"recommendationAction\": \"Recommended\"\r\n }\r\n ],\r\n \"userSids\": [\r\n \"S-1-1-0\"\r\n ],\r\n \"fileType\": \"exe\",\r\n \"configurationStatus\": \"NotConfigured\"\r\n },\r\n {\r\n \"path\": \"[exe] CN=MICROSOFT AZURE 3RD PARTY CODE SIGN\\\\*\\\\*\\\\0.0.0.0\",\r\n \"type\": \"PublisherSignature\",\r\n \"publisherInfo\": {\r\n \"publisherName\": \"CN=MICROSOFT AZURE 3RD PARTY CODE SIGN\",\r\n \"productName\": \"*\",\r\n \"binaryName\": \"*\",\r\n \"version\": \"0.0.0.0\"\r\n },\r\n \"common\": true,\r\n \"action\": \"Recommended\",\r\n \"usernames\": [\r\n {\r\n \"username\": \"Everyone\",\r\n \"recommendationAction\": \"Recommended\"\r\n }\r\n ],\r\n \"userSids\": [\r\n \"S-1-1-0\"\r\n ],\r\n \"fileType\": \"exe\",\r\n \"configurationStatus\": \"NotConfigured\"\r\n },\r\n {\r\n \"path\": \"[exe] CN=MICROSOFT AZURE CODE SIGN\\\\*\\\\*\\\\0.0.0.0\",\r\n \"type\": \"PublisherSignature\",\r\n \"publisherInfo\": {\r\n \"publisherName\": \"CN=MICROSOFT AZURE CODE SIGN\",\r\n \"productName\": \"*\",\r\n \"binaryName\": \"*\",\r\n \"version\": \"0.0.0.0\"\r\n },\r\n \"common\": true,\r\n \"action\": \"Recommended\",\r\n \"usernames\": [\r\n {\r\n \"username\": \"Everyone\",\r\n \"recommendationAction\": \"Recommended\"\r\n }\r\n ],\r\n \"userSids\": [\r\n \"S-1-1-0\"\r\n ],\r\n \"fileType\": \"exe\",\r\n \"configurationStatus\": \"NotConfigured\"\r\n },\r\n {\r\n \"path\": \"[msi] O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US\\\\*\\\\*\\\\0.0.0.0\",\r\n \"type\": \"PublisherSignature\",\r\n \"publisherInfo\": {\r\n \"publisherName\": \"O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US\",\r\n \"productName\": \"*\",\r\n \"binaryName\": \"*\",\r\n \"version\": \"0.0.0.0\"\r\n },\r\n \"common\": true,\r\n \"action\": \"Recommended\",\r\n \"usernames\": [\r\n {\r\n \"username\": \"Everyone\",\r\n \"recommendationAction\": \"Recommended\"\r\n }\r\n ],\r\n \"userSids\": [\r\n \"S-1-1-0\"\r\n ],\r\n \"fileType\": \"msi\",\r\n \"configurationStatus\": \"NotConfigured\"\r\n },\r\n {\r\n \"path\": \"[msi] CN=MICROSOFT AZURE DEPENDENCY CODE SIGN\\\\*\\\\*\\\\0.0.0.0\",\r\n \"type\": \"PublisherSignature\",\r\n \"publisherInfo\": {\r\n \"publisherName\": \"CN=MICROSOFT AZURE DEPENDENCY CODE SIGN\",\r\n \"productName\": \"*\",\r\n \"binaryName\": \"*\",\r\n \"version\": \"0.0.0.0\"\r\n },\r\n \"common\": true,\r\n \"action\": \"Recommended\",\r\n \"usernames\": [\r\n {\r\n \"username\": \"Everyone\",\r\n \"recommendationAction\": \"Recommended\"\r\n }\r\n ],\r\n \"userSids\": [\r\n \"S-1-1-0\"\r\n ],\r\n \"fileType\": \"msi\",\r\n \"configurationStatus\": \"NotConfigured\"\r\n },\r\n {\r\n \"path\": \"[msi] CN=MICROSOFT AZURE 3RD PARTY CODE SIGN\\\\*\\\\*\\\\0.0.0.0\",\r\n \"type\": \"PublisherSignature\",\r\n \"publisherInfo\": {\r\n \"publisherName\": \"CN=MICROSOFT AZURE 3RD PARTY CODE SIGN\",\r\n \"productName\": \"*\",\r\n \"binaryName\": \"*\",\r\n \"version\": \"0.0.0.0\"\r\n },\r\n \"common\": true,\r\n \"action\": \"Recommended\",\r\n \"usernames\": [\r\n {\r\n \"username\": \"Everyone\",\r\n \"recommendationAction\": \"Recommended\"\r\n }\r\n ],\r\n \"userSids\": [\r\n \"S-1-1-0\"\r\n ],\r\n \"fileType\": \"msi\",\r\n \"configurationStatus\": \"NotConfigured\"\r\n }\r\n ],\r\n \"configurationStatus\": \"Configured\",\r\n \"issues\": [],\r\n \"location\": \"centralus\",\r\n \"sourceSystem\": \"Azure_AppLocker\",\r\n \"protectionMode\": {\r\n \"exe\": \"Audit\",\r\n \"msi\": \"None\",\r\n \"script\": \"None\"\r\n }\r\n }\r\n}",
+ "StatusCode": 200
+ }
+ ],
+ "Names": {},
+ "Variables": {
+ "SubscriptionId": "487bb485-b5b0-471e-9c0d-10717612f869"
+ }
+}
\ No newline at end of file
diff --git a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/AdaptiveApplicationControlsTests/AdaptiveApplicationControls_List.json b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/AdaptiveApplicationControlsTests/AdaptiveApplicationControls_List.json
new file mode 100644
index 0000000000000..41c134b7dbe0e
--- /dev/null
+++ b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/AdaptiveApplicationControlsTests/AdaptiveApplicationControls_List.json
@@ -0,0 +1,72 @@
+{
+ "Entries": [
+ {
+ "RequestUri": "/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/providers/Microsoft.Security/applicationWhitelistings?api-version=2020-01-01",
+ "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvNDg3YmI0ODUtYjViMC00NzFlLTljMGQtMTA3MTc2MTJmODY5L3Byb3ZpZGVycy9NaWNyb3NvZnQuU2VjdXJpdHkvYXBwbGljYXRpb25XaGl0ZWxpc3RpbmdzP2FwaS12ZXJzaW9uPTIwMjAtMDEtMDE=",
+ "RequestMethod": "GET",
+ "RequestBody": "",
+ "RequestHeaders": {
+ "x-ms-client-request-id": [
+ "e4e201f1-8d05-44d9-9158-14b36c64fc86"
+ ],
+ "accept-language": [
+ "en-US"
+ ],
+ "User-Agent": [
+ "FxVersion/4.6.26614.01",
+ "OSName/Windows",
+ "OSVersion/Microsoft.Windows.10.0.18363.",
+ "Microsoft.Azure.Management.Security.SecurityCenterClient/1.1.2.0"
+ ]
+ },
+ "ResponseHeaders": {
+ "Cache-Control": [
+ "no-cache"
+ ],
+ "Date": [
+ "Thu, 30 Apr 2020 13:18:36 GMT"
+ ],
+ "Pragma": [
+ "no-cache"
+ ],
+ "x-ms-original-request-ids": [
+ "ec50a763-191f-4adc-a82f-680b07466c3c",
+ "dbf50027-6a28-4418-8580-fc4f35532832"
+ ],
+ "x-ms-ratelimit-remaining-subscription-resource-requests": [
+ "99"
+ ],
+ "x-ms-request-id": [
+ "b24357fd-6b95-430f-bd5b-db098511f5de"
+ ],
+ "x-ms-correlation-request-id": [
+ "b24357fd-6b95-430f-bd5b-db098511f5de"
+ ],
+ "x-ms-routing-request-id": [
+ "GERMANYWESTCENTRAL:20200430T131836Z:b24357fd-6b95-430f-bd5b-db098511f5de"
+ ],
+ "Strict-Transport-Security": [
+ "max-age=31536000; includeSubDomains"
+ ],
+ "X-Content-Type-Options": [
+ "nosniff"
+ ],
+ "Content-Length": [
+ "77782"
+ ],
+ "Content-Type": [
+ "application/json; charset=utf-8"
+ ],
+ "Expires": [
+ "-1"
+ ]
+ },
+ "ResponseBody": "{\r\n \"value\": [\r\n {\r\n \"id\": \"\/subscriptions\/487bb485-b5b0-471e-9c0d-10717612f869\/providers\/Microsoft.Security\/locations\/centralus\/applicationWhitelistings\/MyGroup\",\r\n \"name\": \"MyGroup\",\r\n \"type\": \"Microsoft.Security\/applicationWhitelistings\",\r\n \"location\": \"centralus\",\r\n \"properties\": {\r\n \"recommendationStatus\": \"Recommended\",\r\n \"enforcementMode\": \"Audit\",\r\n \"vmRecommendations\": [\r\n {\r\n \"configurationStatus\": \"Configured\",\r\n \"resourceId\": \"\/subscriptions\/487bb485-b5b0-471e-9c0d-10717612f869\/resourcegroups\/MyResourceGroup\/providers\/microsoft.compute\/virtualmachines\/MyVm\",\r\n \"recommendationAction\": \"Recommended\",\r\n \"recommendedDates\": [],\r\n \"enforcementSupport\": \"Supported\"\r\n },\r\n {\r\n \"configurationStatus\": \"Configured\",\r\n \"resourceId\": \"\/subscriptions\/487bb485-b5b0-471e-9c0d-10717612f869\/resourcegroups\/MyResourceGroup2\/providers\/microsoft.compute\/virtualmachines\/MyVm2\",\r\n \"recommendationAction\": \"Recommended\",\r\n \"recommendedDates\": [],\r\n \"enforcementSupport\": \"Supported\"\r\n }\r\n ],\r\n \"pathRecommendations\": [],\r\n \"configurationStatus\": \"Configured\",\r\n \"issues\": [],\r\n \"location\": \"centralus\",\r\n \"sourceSystem\": \"Azure_AppLocker\",\r\n \"protectionMode\": {\r\n \"exe\": \"Audit\",\r\n \"msi\": \"None\",\r\n \"script\": \"None\"\r\n }\r\n }\r\n },\r\n {\r\n \"id\": \"\/subscriptions\/487bb485-b5b0-471e-9c0d-10717612f869\/providers\/Microsoft.Security\/locations\/centralus\/applicationWhitelistings\/MyGroup2\",\r\n \"name\": \"MyGroup2\",\r\n \"type\": \"Microsoft.Security\/applicationWhitelistings\",\r\n \"location\": \"centralus\",\r\n \"properties\": {\r\n \"recommendationStatus\": \"Recommended\",\r\n \"enforcementMode\": \"Audit\",\r\n \"vmRecommendations\": [\r\n {\r\n \"configurationStatus\": \"Configured\",\r\n \"resourceId\": \"\/subscriptions\/487bb485-b5b0-471e-9c0d-10717612f869\/resourcegroups\/MyResourceGroup3\/providers\/microsoft.compute\/virtualmachines\/MyVm3\",\r\n \"recommendationAction\": \"Recommended\",\r\n \"recommendedDates\": [\r\n \"2019-12-02T00:00:00Z\",\r\n \"2019-12-03T00:00:00Z\",\r\n \"2019-12-04T00:00:00Z\",\r\n \"2019-12-05T00:00:00Z\",\r\n \"2019-12-06T00:00:00Z\"\r\n ],\r\n \"enforcementSupport\": \"Supported\"\r\n },\r\n {\r\n \"configurationStatus\": \"NoStatus\",\r\n \"resourceId\": \"\/subscriptions\/487bb485-b5b0-471e-9c0d-10717612f869\/resourcegroups\/MyResourceGroup4\/providers\/microsoft.compute\/virtualmachines\/MyVm4\",\r\n \"recommendationAction\": \"Add\",\r\n \"recommendedDates\": [\r\n \"2020-04-23T00:00:00Z\",\r\n \"2020-04-24T00:00:00Z\",\r\n \"2020-04-25T00:00:00Z\",\r\n \"2020-04-26T00:00:00Z\",\r\n \"2020-04-27T00:00:00Z\",\r\n \"2020-04-28T00:00:00Z\",\r\n \"2020-04-29T00:00:00Z\"\r\n ],\r\n \"enforcementSupport\": \"Supported\"\r\n },\r\n {\r\n \"configurationStatus\": \"NoStatus\",\r\n \"resourceId\": \"\/subscriptions\/487bb485-b5b0-471e-9c0d-10717612f869\/resourcegroups\/MyResourceGroup5\/providers\/microsoft.compute\/virtualmachines\/MyVm5\",\r\n \"recommendationAction\": \"Add\",\r\n \"recommendedDates\": [\r\n \"2020-04-24T00:00:00Z\",\r\n \"2020-04-25T00:00:00Z\",\r\n \"2020-04-26T00:00:00Z\",\r\n \"2020-04-27T00:00:00Z\",\r\n \"2020-04-28T00:00:00Z\",\r\n \"2020-04-29T00:00:00Z\"\r\n ],\r\n \"enforcementSupport\": \"Supported\"\r\n }\r\n ],\r\n \"pathRecommendations\": [],\r\n \"configurationStatus\": \"Configured\",\r\n \"issues\": [],\r\n \"location\": \"centralus\",\r\n \"sourceSystem\": \"Azure_AppLocker\",\r\n \"protectionMode\": {\r\n \"exe\": \"Audit\",\r\n \"msi\": \"None\",\r\n \"script\": \"None\"\r\n }\r\n }\r\n }\r\n ]\r\n}",
+ "StatusCode": 200
+ }
+ ],
+ "Names": {},
+ "Variables": {
+ "SubscriptionId": "487bb485-b5b0-471e-9c0d-10717612f869"
+ }
+}
\ No newline at end of file
diff --git a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/AdaptiveApplicationControlsTests/AdaptiveApplicationControls_Put.json b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/AdaptiveApplicationControlsTests/AdaptiveApplicationControls_Put.json
new file mode 100644
index 0000000000000..f775907fa9aa7
--- /dev/null
+++ b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/AdaptiveApplicationControlsTests/AdaptiveApplicationControls_Put.json
@@ -0,0 +1,77 @@
+{
+ "Entries": [
+ {
+ "RequestUri": "/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/providers/Microsoft.Security/locations/centralus/applicationWhitelistings/TestGroup?api-version=2020-01-01",
+ "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvNDg3YmI0ODUtYjViMC00NzFlLTljMGQtMTA3MTc2MTJmODY5L3Byb3ZpZGVycy9NaWNyb3NvZnQuU2VjdXJpdHkvbG9jYXRpb25zL2NlbnRyYWx1cy9hcHBsaWNhdGlvbldoaXRlbGlzdGluZ3MvVGVzdEdyb3VwP2FwaS12ZXJzaW9uPTIwMjAtMDEtMDE=",
+ "RequestMethod": "PUT",
+ "RequestBody": "{\r\n \"properties\": {\r\n \"protectionMode\": {\r\n \"exe\": \"Audit\",\r\n \"msi\": \"None\",\r\n \"script\": \"None\"\r\n },\r\n \"configurationStatus\": \"NoStatus\",\r\n \"sourceSystem\": \"Azure_AppLocker\"\r\n }\r\n}",
+ "RequestHeaders": {
+ "x-ms-client-request-id": [
+ "7e9f3d3e-a4ac-419d-8f64-be6ad1b1a7c2"
+ ],
+ "accept-language": [
+ "en-US"
+ ],
+ "User-Agent": [
+ "FxVersion/4.6.26614.01",
+ "OSName/Windows",
+ "OSVersion/Microsoft.Windows.10.0.18363.",
+ "Microsoft.Azure.Management.Security.SecurityCenterClient/1.1.2.0"
+ ],
+ "Content-Type": [
+ "application/json; charset=utf-8"
+ ],
+ "Content-Length": [
+ "209"
+ ]
+ },
+ "ResponseHeaders": {
+ "Cache-Control": [
+ "no-cache"
+ ],
+ "Date": [
+ "Thu, 30 Apr 2020 14:04:29 GMT"
+ ],
+ "Pragma": [
+ "no-cache"
+ ],
+ "Server": [
+ "Microsoft-HTTPAPI/2.0"
+ ],
+ "x-ms-request-id": [
+ "39692e9b-5342-4f62-a3d7-758f02286340"
+ ],
+ "x-ms-ratelimit-remaining-subscription-resource-requests": [
+ "99"
+ ],
+ "x-ms-correlation-request-id": [
+ "f15f9729-d711-42f9-b071-d671ccbf5196"
+ ],
+ "x-ms-routing-request-id": [
+ "GERMANYWESTCENTRAL:20200430T140429Z:f15f9729-d711-42f9-b071-d671ccbf5196"
+ ],
+ "Strict-Transport-Security": [
+ "max-age=31536000; includeSubDomains"
+ ],
+ "X-Content-Type-Options": [
+ "nosniff"
+ ],
+ "Content-Length": [
+ "239"
+ ],
+ "Content-Type": [
+ "application/json; charset=utf-8"
+ ],
+ "Expires": [
+ "-1"
+ ]
+ },
+ "ResponseBody": "{\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/providers/Microsoft.Security/locations/centralus/applicationWhitelistings/TestGroup\",\r\n \"name\": \"TestGroup\",\r\n \"type\": \"Microsoft.Security/applicationWhitelistings\",\r\n \"location\": \"centralus\"\r\n}",
+ "StatusCode": 200
+ }
+ ],
+ "Names": {},
+ "Variables": {
+ "SubscriptionId": "487bb485-b5b0-471e-9c0d-10717612f869"
+ }
+}
\ No newline at end of file
diff --git a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/AdaptiveNetworkHardeningsTests/AdaptiveNetworkHardenings_Enforce.json b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/AdaptiveNetworkHardeningsTests/AdaptiveNetworkHardenings_Enforce.json
new file mode 100644
index 0000000000000..101fd6cebf712
--- /dev/null
+++ b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/AdaptiveNetworkHardeningsTests/AdaptiveNetworkHardenings_Enforce.json
@@ -0,0 +1,75 @@
+{
+ "Entries": [
+ {
+ "RequestUri": "/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/MyResourceGroup/providers/Microsoft.Compute/virtualMachines/MyVm/providers/Microsoft.Security/adaptiveNetworkHardenings/default/enforce?api-version=2020-01-01",
+ "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvNDg3YmI0ODUtYjViMC00NzFlLTljMGQtMTA3MTc2MTJmODY5L3Jlc291cmNlR3JvdXBzL015UmVzb3VyY2VHcm91cC9wcm92aWRlcnMvTWljcm9zb2Z0LkNvbXB1dGUvdmlydHVhbE1hY2hpbmVzL015Vm0vcHJvdmlkZXJzL01pY3Jvc29mdC5TZWN1cml0eS9hZGFwdGl2ZU5ldHdvcmtIYXJkZW5pbmdzL2RlZmF1bHQvZW5mb3JjZT9hcGktdmVyc2lvbj0yMDIwLTAxLTAx",
+ "RequestMethod": "POST",
+ "RequestBody": "{\r\n \"rules\": [\r\n {\r\n \"name\": \"SystemGenerated\",\r\n \"direction\": \"Inbound\",\r\n \"destinationPort\": 3389,\r\n \"protocols\": [\r\n \"TCP\"\r\n ],\r\n \"ipAddresses\": []\r\n }\r\n ],\r\n \"networkSecurityGroups\": [\r\n \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/MyResourceGroup/providers/Microsoft.Network/networkSecurityGroups/MyNsg\"\r\n ]\r\n}",
+ "RequestHeaders": {
+ "x-ms-client-request-id": [
+ "7e7d2ec3-7aac-48ce-b84a-629ca720a66c"
+ ],
+ "accept-language": [
+ "en-US"
+ ],
+ "User-Agent": [
+ "FxVersion/4.6.26614.01",
+ "OSName/Windows",
+ "OSVersion/Microsoft.Windows.10.0.18363.",
+ "Microsoft.Azure.Management.Security.SecurityCenterClient/1.1.2.0"
+ ],
+ "Content-Type": [
+ "application/json; charset=utf-8"
+ ],
+ "Content-Length": [
+ "395"
+ ]
+ },
+ "ResponseHeaders": {
+ "Cache-Control": [
+ "no-cache"
+ ],
+ "Date": [
+ "Tue, 21 Apr 2020 14:32:17 GMT"
+ ],
+ "Pragma": [
+ "no-cache"
+ ],
+ "Location": [
+ "/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/MyResourceGroup/providers/Microsoft.Compute/virtualMachines/MyVm"
+ ],
+ "Server": [
+ "Microsoft-HTTPAPI/2.0"
+ ],
+ "x-ms-request-id": [
+ "091821f3-8fef-403a-854f-ad9afbeb4c03"
+ ],
+ "x-ms-ratelimit-remaining-subscription-writes": [
+ "1199"
+ ],
+ "x-ms-correlation-request-id": [
+ "67023eaf-e2a0-44aa-8884-dc8b2946a5ff"
+ ],
+ "x-ms-routing-request-id": [
+ "GERMANYWESTCENTRAL:20200421T143217Z:67023eaf-e2a0-44aa-8884-dc8b2946a5ff"
+ ],
+ "Strict-Transport-Security": [
+ "max-age=31536000; includeSubDomains"
+ ],
+ "X-Content-Type-Options": [
+ "nosniff"
+ ],
+ "Content-Length": [
+ "0"
+ ],
+ "Expires": [
+ "-1"
+ ]
+ },
+ "ResponseBody": "",
+ "StatusCode": 202
+ }
+ ],
+ "Names": {},
+ "Variables": {}
+}
\ No newline at end of file
diff --git a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/AdaptiveNetworkHardeningsTests/AdaptiveNetworkHardenings_Get.json b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/AdaptiveNetworkHardeningsTests/AdaptiveNetworkHardenings_Get.json
new file mode 100644
index 0000000000000..9697fb82f93fa
--- /dev/null
+++ b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/AdaptiveNetworkHardeningsTests/AdaptiveNetworkHardenings_Get.json
@@ -0,0 +1,71 @@
+{
+ "Entries": [
+ {
+ "RequestUri": "/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/MyResourceGroup/providers/Microsoft.Compute/virtualMachines/MyVm/providers/Microsoft.Security/adaptiveNetworkHardenings/default?api-version=2020-01-01",
+ "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvNDg3YmI0ODUtYjViMC00NzFlLTljMGQtMTA3MTc2MTJmODY5L3Jlc291cmNlR3JvdXBzL015UmVzb3VyY2VHcm91cC9wcm92aWRlcnMvTWljcm9zb2Z0LkNvbXB1dGUvdmlydHVhbE1hY2hpbmVzL015Vm0vcHJvdmlkZXJzL01pY3Jvc29mdC5TZWN1cml0eS9hZGFwdGl2ZU5ldHdvcmtIYXJkZW5pbmdzL2RlZmF1bHQ/YXBpLXZlcnNpb249MjAyMC0wMS0wMQ==",
+ "RequestMethod": "GET",
+ "RequestBody": "",
+ "RequestHeaders": {
+ "x-ms-client-request-id": [
+ "daa130fe-d5ea-4d88-8ac3-3b2bff8a1766"
+ ],
+ "accept-language": [
+ "en-US"
+ ],
+ "User-Agent": [
+ "FxVersion/4.6.26614.01",
+ "OSName/Windows",
+ "OSVersion/Microsoft.Windows.10.0.18363.",
+ "Microsoft.Azure.Management.Security.SecurityCenterClient/1.1.2.0"
+ ]
+ },
+ "ResponseHeaders": {
+ "Cache-Control": [
+ "no-cache"
+ ],
+ "Date": [
+ "Tue, 21 Apr 2020 14:32:15 GMT"
+ ],
+ "Pragma": [
+ "no-cache"
+ ],
+ "Server": [
+ "Microsoft-HTTPAPI/2.0"
+ ],
+ "x-ms-request-id": [
+ "6d73c3c4-1038-46ca-942d-bd42cf0efb25"
+ ],
+ "x-ms-ratelimit-remaining-subscription-resource-requests": [
+ "749"
+ ],
+ "x-ms-correlation-request-id": [
+ "4a72ec02-fee9-4ee1-a8cf-56c5b7d504ac"
+ ],
+ "x-ms-routing-request-id": [
+ "GERMANYWESTCENTRAL:20200421T143215Z:4a72ec02-fee9-4ee1-a8cf-56c5b7d504ac"
+ ],
+ "Strict-Transport-Security": [
+ "max-age=31536000; includeSubDomains"
+ ],
+ "X-Content-Type-Options": [
+ "nosniff"
+ ],
+ "Content-Length": [
+ "1252"
+ ],
+ "Content-Type": [
+ "application/json; charset=utf-8"
+ ],
+ "Expires": [
+ "-1"
+ ]
+ },
+ "ResponseBody": "{\r\n \"properties\": {\r\n \"rules\": [\r\n {\r\n \"name\": \"SystemGenerated\",\r\n \"direction\": \"Inbound\",\r\n \"destinationPort\": 3389,\r\n \"protocols\": [\r\n \"TCP\"\r\n ],\r\n \"ipAddresses\": []\r\n },\r\n {\r\n \"name\": \"SystemGenerated\",\r\n \"direction\": \"Inbound\",\r\n \"destinationPort\": 3389,\r\n \"protocols\": [\r\n \"UDP\"\r\n ],\r\n \"ipAddresses\": []\r\n }\r\n ],\r\n \"effectiveNetworkSecurityGroups\": [\r\n {\r\n \"networkInterface\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/MyResourceGroup/providers/Microsoft.Network/networkInterfaces/MSI-1152306441\",\r\n \"networkSecurityGroups\": [\r\n \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/MyResourceGroup/providers/Microsoft.Network/networkSecurityGroups/MyResourceGroupNSG\"\r\n ]\r\n }\r\n ],\r\n \"rulesCalculationTime\": \"2020-04-20T14:15:12.9601721Z\"\r\n },\r\n \"name\": \"default\",\r\n \"type\": \"Microsoft.Security/adaptiveNetworkHardenings\",\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/MyResourceGroup/providers/Microsoft.Compute/virtualMachines/MyVm/providers/Microsoft.Security/adaptiveNetworkHardenings/default\"\r\n}",
+ "StatusCode": 200
+ }
+ ],
+ "Names": {},
+ "Variables": {
+ "SubscriptionId": "487bb485-b5b0-471e-9c0d-10717612f869"
+ }
+}
\ No newline at end of file
diff --git a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/AllowedConnectionsTests/AllowedConnections_Get.json b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/AllowedConnectionsTests/AllowedConnections_Get.json
new file mode 100644
index 0000000000000..e19a30fae9df0
--- /dev/null
+++ b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/AllowedConnectionsTests/AllowedConnections_Get.json
@@ -0,0 +1,71 @@
+{
+ "Entries": [
+ {
+ "RequestUri": "/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/MyResourceGroup/providers/Microsoft.Security/locations/westcentralus/allowedConnections/internal?api-version=2020-01-01",
+ "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvNDg3YmI0ODUtYjViMC00NzFlLTljMGQtMTA3MTc2MTJmODY5L3Jlc291cmNlR3JvdXBzL015UmVzb3VyY2VHcm91cC9wcm92aWRlcnMvTWljcm9zb2Z0LlNlY3VyaXR5L2xvY2F0aW9ucy93ZXN0Y2VudHJhbHVzL2FsbG93ZWRDb25uZWN0aW9ucy9pbnRlcm5hbD9hcGktdmVyc2lvbj0yMDIwLTAxLTAx",
+ "RequestMethod": "GET",
+ "RequestBody": "",
+ "RequestHeaders": {
+ "x-ms-client-request-id": [
+ "2dce5ed6-be30-4ec6-925e-af3879d87b9e"
+ ],
+ "accept-language": [
+ "en-US"
+ ],
+ "User-Agent": [
+ "FxVersion/4.6.26614.01",
+ "OSName/Windows",
+ "OSVersion/Microsoft.Windows.10.0.18363.",
+ "Microsoft.Azure.Management.Security.SecurityCenterClient/1.1.2.0"
+ ]
+ },
+ "ResponseHeaders": {
+ "Cache-Control": [
+ "no-cache"
+ ],
+ "Date": [
+ "Tue, 21 Apr 2020 13:09:55 GMT"
+ ],
+ "Pragma": [
+ "no-cache"
+ ],
+ "Server": [
+ "Microsoft-HTTPAPI/2.0"
+ ],
+ "x-ms-request-id": [
+ "ad35b050-6881-4e7d-a6a7-085d4f606481"
+ ],
+ "x-ms-ratelimit-remaining-subscription-resource-requests": [
+ "749"
+ ],
+ "x-ms-correlation-request-id": [
+ "ecd14573-bc9f-49e6-af44-38a9211efb57"
+ ],
+ "x-ms-routing-request-id": [
+ "GERMANYWESTCENTRAL:20200421T130956Z:ecd14573-bc9f-49e6-af44-38a9211efb57"
+ ],
+ "Strict-Transport-Security": [
+ "max-age=31536000; includeSubDomains"
+ ],
+ "X-Content-Type-Options": [
+ "nosniff"
+ ],
+ "Content-Length": [
+ "547"
+ ],
+ "Content-Type": [
+ "application/json; charset=utf-8"
+ ],
+ "Expires": [
+ "-1"
+ ]
+ },
+ "ResponseBody": "{\r\n \"type\": \"Microsoft.Security/locations/allowedConnections\",\r\n \"properties\": {\r\n \"calculatedDateTime\": \"2020-04-21T13:07:28.6223035Z\",\r\n \"connectableResources\": [\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/MyResourceGroup/providers/Microsoft.Compute/virtualMachines/MyVm\",\r\n \"inboundConnectedResources\": [],\r\n \"outboundConnectedResources\": []\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/MyResourceGroup/providers/Microsoft.Security/locations/westcentralus/allowedConnections/Internal\",\r\n \"name\": \"Internal\",\r\n \"location\": \"westcentralus\"\r\n}",
+ "StatusCode": 200
+ }
+ ],
+ "Names": {},
+ "Variables": {
+ "SubscriptionId": "487bb485-b5b0-471e-9c0d-10717612f869"
+ }
+}
\ No newline at end of file
diff --git a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/AllowedConnectionsTests/AllowedConnections_List.json b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/AllowedConnectionsTests/AllowedConnections_List.json
new file mode 100644
index 0000000000000..6a5da75a7970a
--- /dev/null
+++ b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/AllowedConnectionsTests/AllowedConnections_List.json
@@ -0,0 +1,73 @@
+{
+ "Entries": [
+ {
+ "RequestUri": "/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/providers/Microsoft.Security/allowedConnections?api-version=2020-01-01",
+ "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvNDg3YmI0ODUtYjViMC00NzFlLTljMGQtMTA3MTc2MTJmODY5L3Byb3ZpZGVycy9NaWNyb3NvZnQuU2VjdXJpdHkvYWxsb3dlZENvbm5lY3Rpb25zP2FwaS12ZXJzaW9uPTIwMjAtMDEtMDE=",
+ "RequestMethod": "GET",
+ "RequestBody": "",
+ "RequestHeaders": {
+ "x-ms-client-request-id": [
+ "4c03f58e-b1c6-4957-bfd1-86401eb11734"
+ ],
+ "accept-language": [
+ "en-US"
+ ],
+ "User-Agent": [
+ "FxVersion/4.6.26614.01",
+ "OSName/Windows",
+ "OSVersion/Microsoft.Windows.10.0.18363.",
+ "Microsoft.Azure.Management.Security.SecurityCenterClient/1.1.2.0"
+ ]
+ },
+ "ResponseHeaders": {
+ "Cache-Control": [
+ "no-cache"
+ ],
+ "Date": [
+ "Tue, 21 Apr 2020 13:09:25 GMT"
+ ],
+ "Pragma": [
+ "no-cache"
+ ],
+ "x-ms-original-request-ids": [
+ "",
+ "",
+ "26b58356-6277-4e69-82b5-ca40d31777c7"
+ ],
+ "x-ms-ratelimit-remaining-subscription-resource-requests": [
+ "749"
+ ],
+ "x-ms-request-id": [
+ "a5bb43b5-bb0c-4aef-997d-311853eece80"
+ ],
+ "x-ms-correlation-request-id": [
+ "a5bb43b5-bb0c-4aef-997d-311853eece80"
+ ],
+ "x-ms-routing-request-id": [
+ "GERMANYWESTCENTRAL:20200421T130926Z:a5bb43b5-bb0c-4aef-997d-311853eece80"
+ ],
+ "Strict-Transport-Security": [
+ "max-age=31536000; includeSubDomains"
+ ],
+ "X-Content-Type-Options": [
+ "nosniff"
+ ],
+ "Content-Length": [
+ "2533668"
+ ],
+ "Content-Type": [
+ "application/json; charset=utf-8"
+ ],
+ "Expires": [
+ "-1"
+ ]
+ },
+ "ResponseBody": "{\r\n \"value\": [\r\n {\r\n \"type\": \"Microsoft.Security\/locations\/allowedConnections\",\r\n \"properties\": {\r\n \"calculatedDateTime\": \"2020-04-21T13:07:28.6223035Z\",\r\n \"connectableResources\": [\r\n {\r\n \"id\": \"\/subscriptions\/487bb485-b5b0-471e-9c0d-10717612f869\/resourceGroups\/MyResourceGroup\/providers\/Microsoft.Compute\/virtualMachines\/MyVm\",\r\n \"inboundConnectedResources\": [],\r\n \"outboundConnectedResources\": []\r\n }\r\n ]\r\n },\r\n \"id\": \"\/subscriptions\/487bb485-b5b0-471e-9c0d-10717612f869\/resourceGroups\/MyResourceGroup\/providers\/Microsoft.Security\/locations\/westcentralus\/allowedConnections\/Internal\",\r\n \"name\": \"Internal\",\r\n \"location\": \"westcentralus\"\r\n}\r\n ]\r\n }",
+ "StatusCode": 200
+ }
+ ],
+ "Names": {},
+ "Variables": {
+ "SubscriptionId": "487bb485-b5b0-471e-9c0d-10717612f869"
+ }
+}
\ No newline at end of file
diff --git a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/JitNetworkAccessPoliciesTests/JitNetworkAccessPolicies_CreateOrUpdate.json b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/JitNetworkAccessPoliciesTests/JitNetworkAccessPolicies_CreateOrUpdate.json
index 34f8d89fe94fd..95e04411e5dcb 100644
--- a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/JitNetworkAccessPoliciesTests/JitNetworkAccessPolicies_CreateOrUpdate.json
+++ b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/JitNetworkAccessPoliciesTests/JitNetworkAccessPolicies_CreateOrUpdate.json
@@ -1,8 +1,8 @@
{
"Entries": [
{
- "RequestUri": "/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/mainWS/providers/Microsoft.Security/locations/northeurope/jitNetworkAccessPolicies/default?api-version=2015-06-01-preview",
- "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvNDg3YmI0ODUtYjViMC00NzFlLTljMGQtMTA3MTc2MTJmODY5L3Jlc291cmNlR3JvdXBzL21haW5XUy9wcm92aWRlcnMvTWljcm9zb2Z0LlNlY3VyaXR5L2xvY2F0aW9ucy9ub3J0aGV1cm9wZS9qaXROZXR3b3JrQWNjZXNzUG9saWNpZXMvZGVmYXVsdD9hcGktdmVyc2lvbj0yMDE1LTA2LTAxLXByZXZpZXc=",
+ "RequestUri": "/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/mainWS/providers/Microsoft.Security/locations/northeurope/jitNetworkAccessPolicies/default?api-version=2020-01-01",
+ "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvNDg3YmI0ODUtYjViMC00NzFlLTljMGQtMTA3MTc2MTJmODY5L3Jlc291cmNlR3JvdXBzL21haW5XUy9wcm92aWRlcnMvTWljcm9zb2Z0LlNlY3VyaXR5L2xvY2F0aW9ucy9ub3J0aGV1cm9wZS9qaXROZXR3b3JrQWNjZXNzUG9saWNpZXMvZGVmYXVsdD9hcGktdmVyc2lvbj0yMDIwLTAxLTAx",
"RequestMethod": "PUT",
"RequestBody": "{\r\n \"kind\": \"Basic\",\r\n \"properties\": {\r\n \"virtualMachines\": [\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Compute/virtualMachines/syslogmyservice1vm\",\r\n \"ports\": [\r\n {\r\n \"number\": 8080,\r\n \"protocol\": \"TCP\",\r\n \"allowedSourceAddressPrefix\": \"192.168.0.5\",\r\n \"maxRequestAccessDuration\": \"PT5H\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n}",
"RequestHeaders": {
diff --git a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/JitNetworkAccessPoliciesTests/JitNetworkAccessPolicies_Delete.json b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/JitNetworkAccessPoliciesTests/JitNetworkAccessPolicies_Delete.json
index 7ab2c4171af60..541c5db3db60a 100644
--- a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/JitNetworkAccessPoliciesTests/JitNetworkAccessPolicies_Delete.json
+++ b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/JitNetworkAccessPoliciesTests/JitNetworkAccessPolicies_Delete.json
@@ -1,8 +1,8 @@
{
"Entries": [
{
- "RequestUri": "/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/mainWS/providers/Microsoft.Security/locations/northeurope/jitNetworkAccessPolicies/default?api-version=2015-06-01-preview",
- "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvNDg3YmI0ODUtYjViMC00NzFlLTljMGQtMTA3MTc2MTJmODY5L3Jlc291cmNlR3JvdXBzL21haW5XUy9wcm92aWRlcnMvTWljcm9zb2Z0LlNlY3VyaXR5L2xvY2F0aW9ucy9ub3J0aGV1cm9wZS9qaXROZXR3b3JrQWNjZXNzUG9saWNpZXMvZGVmYXVsdD9hcGktdmVyc2lvbj0yMDE1LTA2LTAxLXByZXZpZXc=",
+ "RequestUri": "/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/mainWS/providers/Microsoft.Security/locations/northeurope/jitNetworkAccessPolicies/default?api-version=2020-01-01",
+ "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvNDg3YmI0ODUtYjViMC00NzFlLTljMGQtMTA3MTc2MTJmODY5L3Jlc291cmNlR3JvdXBzL21haW5XUy9wcm92aWRlcnMvTWljcm9zb2Z0LlNlY3VyaXR5L2xvY2F0aW9ucy9ub3J0aGV1cm9wZS9qaXROZXR3b3JrQWNjZXNzUG9saWNpZXMvZGVmYXVsdD9hcGktdmVyc2lvbj0yMDIwLTAxLTAx",
"RequestMethod": "DELETE",
"RequestBody": "",
"RequestHeaders": {
diff --git a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/JitNetworkAccessPoliciesTests/JitNetworkAccessPolicies_Get.json b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/JitNetworkAccessPoliciesTests/JitNetworkAccessPolicies_Get.json
index a4d7b134a87d6..b3e3547110a77 100644
--- a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/JitNetworkAccessPoliciesTests/JitNetworkAccessPolicies_Get.json
+++ b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/JitNetworkAccessPoliciesTests/JitNetworkAccessPolicies_Get.json
@@ -1,8 +1,8 @@
{
"Entries": [
{
- "RequestUri": "/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/northeurope/jitNetworkAccessPolicies/default?api-version=2015-06-01-preview",
- "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvNDg3YmI0ODUtYjViMC00NzFlLTljMGQtMTA3MTc2MTJmODY5L3Jlc291cmNlR3JvdXBzL215U2VydmljZTEvcHJvdmlkZXJzL01pY3Jvc29mdC5TZWN1cml0eS9sb2NhdGlvbnMvbm9ydGhldXJvcGUvaml0TmV0d29ya0FjY2Vzc1BvbGljaWVzL2RlZmF1bHQ/YXBpLXZlcnNpb249MjAxNS0wNi0wMS1wcmV2aWV3",
+ "RequestUri": "/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/northeurope/jitNetworkAccessPolicies/default?api-version=2020-01-01",
+ "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvNDg3YmI0ODUtYjViMC00NzFlLTljMGQtMTA3MTc2MTJmODY5L3Jlc291cmNlR3JvdXBzL215U2VydmljZTEvcHJvdmlkZXJzL01pY3Jvc29mdC5TZWN1cml0eS9sb2NhdGlvbnMvbm9ydGhldXJvcGUvaml0TmV0d29ya0FjY2Vzc1BvbGljaWVzL2RlZmF1bHQ/YXBpLXZlcnNpb249MjAyMC0wMS0wMQ==",
"RequestMethod": "GET",
"RequestBody": "",
"RequestHeaders": {
diff --git a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/JitNetworkAccessPoliciesTests/JitNetworkAccessPolicies_Initiate.json b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/JitNetworkAccessPoliciesTests/JitNetworkAccessPolicies_Initiate.json
index aa4ff2d8986c0..eb675f0cf2953 100644
--- a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/JitNetworkAccessPoliciesTests/JitNetworkAccessPolicies_Initiate.json
+++ b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/JitNetworkAccessPoliciesTests/JitNetworkAccessPolicies_Initiate.json
@@ -1,8 +1,8 @@
{
"Entries": [
{
- "RequestUri": "/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/northeurope/jitNetworkAccessPolicies/default/initiate?api-version=2015-06-01-preview",
- "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvNDg3YmI0ODUtYjViMC00NzFlLTljMGQtMTA3MTc2MTJmODY5L3Jlc291cmNlR3JvdXBzL215U2VydmljZTEvcHJvdmlkZXJzL01pY3Jvc29mdC5TZWN1cml0eS9sb2NhdGlvbnMvbm9ydGhldXJvcGUvaml0TmV0d29ya0FjY2Vzc1BvbGljaWVzL2RlZmF1bHQvaW5pdGlhdGU/YXBpLXZlcnNpb249MjAxNS0wNi0wMS1wcmV2aWV3",
+ "RequestUri": "/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/northeurope/jitNetworkAccessPolicies/default/initiate?api-version=2020-01-01",
+ "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvNDg3YmI0ODUtYjViMC00NzFlLTljMGQtMTA3MTc2MTJmODY5L3Jlc291cmNlR3JvdXBzL215U2VydmljZTEvcHJvdmlkZXJzL01pY3Jvc29mdC5TZWN1cml0eS9sb2NhdGlvbnMvbm9ydGhldXJvcGUvaml0TmV0d29ya0FjY2Vzc1BvbGljaWVzL2RlZmF1bHQvaW5pdGlhdGU/YXBpLXZlcnNpb249MjAyMC0wMS0wMQ==",
"RequestMethod": "POST",
"RequestBody": "{\r\n \"virtualMachines\": [\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Compute/virtualMachines/testService\",\r\n \"ports\": [\r\n {\r\n \"number\": 3389,\r\n \"endTimeUtc\": \"2018-07-22T15:51:55.21337Z\"\r\n }\r\n ]\r\n }\r\n ]\r\n}",
"RequestHeaders": {
diff --git a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/JitNetworkAccessPoliciesTests/JitNetworkAccessPolicies_List.json b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/JitNetworkAccessPoliciesTests/JitNetworkAccessPolicies_List.json
index e0ae779978f77..390bda8454da8 100644
--- a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/JitNetworkAccessPoliciesTests/JitNetworkAccessPolicies_List.json
+++ b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/JitNetworkAccessPoliciesTests/JitNetworkAccessPolicies_List.json
@@ -1,8 +1,8 @@
{
"Entries": [
{
- "RequestUri": "/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/providers/Microsoft.Security/jitNetworkAccessPolicies?api-version=2015-06-01-preview",
- "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvNDg3YmI0ODUtYjViMC00NzFlLTljMGQtMTA3MTc2MTJmODY5L3Byb3ZpZGVycy9NaWNyb3NvZnQuU2VjdXJpdHkvaml0TmV0d29ya0FjY2Vzc1BvbGljaWVzP2FwaS12ZXJzaW9uPTIwMTUtMDYtMDEtcHJldmlldw==",
+ "RequestUri": "/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/providers/Microsoft.Security/jitNetworkAccessPolicies?api-version=2020-01-01",
+ "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvNDg3YmI0ODUtYjViMC00NzFlLTljMGQtMTA3MTc2MTJmODY5L3Byb3ZpZGVycy9NaWNyb3NvZnQuU2VjdXJpdHkvaml0TmV0d29ya0FjY2Vzc1BvbGljaWVzP2FwaS12ZXJzaW9uPTIwMjAtMDEtMDE=",
"RequestMethod": "GET",
"RequestBody": "",
"RequestHeaders": {
diff --git a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/JitNetworkAccessPoliciesTests/JitNetworkAccessPolicies_ListByRegion.json b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/JitNetworkAccessPoliciesTests/JitNetworkAccessPolicies_ListByRegion.json
index 4a066a0e0b4e5..138ad44864c8b 100644
--- a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/JitNetworkAccessPoliciesTests/JitNetworkAccessPolicies_ListByRegion.json
+++ b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/JitNetworkAccessPoliciesTests/JitNetworkAccessPolicies_ListByRegion.json
@@ -1,8 +1,8 @@
{
"Entries": [
{
- "RequestUri": "/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/providers/Microsoft.Security/locations/northeurope/jitNetworkAccessPolicies?api-version=2015-06-01-preview",
- "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvNDg3YmI0ODUtYjViMC00NzFlLTljMGQtMTA3MTc2MTJmODY5L3Byb3ZpZGVycy9NaWNyb3NvZnQuU2VjdXJpdHkvbG9jYXRpb25zL25vcnRoZXVyb3BlL2ppdE5ldHdvcmtBY2Nlc3NQb2xpY2llcz9hcGktdmVyc2lvbj0yMDE1LTA2LTAxLXByZXZpZXc=",
+ "RequestUri": "/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/providers/Microsoft.Security/locations/northeurope/jitNetworkAccessPolicies?api-version=2020-01-01",
+ "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvNDg3YmI0ODUtYjViMC00NzFlLTljMGQtMTA3MTc2MTJmODY5L3Byb3ZpZGVycy9NaWNyb3NvZnQuU2VjdXJpdHkvbG9jYXRpb25zL25vcnRoZXVyb3BlL2ppdE5ldHdvcmtBY2Nlc3NQb2xpY2llcz9hcGktdmVyc2lvbj0yMDIwLTAxLTAx",
"RequestMethod": "GET",
"RequestBody": "",
"RequestHeaders": {
diff --git a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/JitNetworkAccessPoliciesTests/JitNetworkAccessPolicies_ListByResourceGroup.json b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/JitNetworkAccessPoliciesTests/JitNetworkAccessPolicies_ListByResourceGroup.json
index 0130b225e33f1..5a81ee6056a73 100644
--- a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/JitNetworkAccessPoliciesTests/JitNetworkAccessPolicies_ListByResourceGroup.json
+++ b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/JitNetworkAccessPoliciesTests/JitNetworkAccessPolicies_ListByResourceGroup.json
@@ -1,8 +1,8 @@
{
"Entries": [
{
- "RequestUri": "/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/jitNetworkAccessPolicies?api-version=2015-06-01-preview",
- "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvNDg3YmI0ODUtYjViMC00NzFlLTljMGQtMTA3MTc2MTJmODY5L3Jlc291cmNlR3JvdXBzL215U2VydmljZTEvcHJvdmlkZXJzL01pY3Jvc29mdC5TZWN1cml0eS9qaXROZXR3b3JrQWNjZXNzUG9saWNpZXM/YXBpLXZlcnNpb249MjAxNS0wNi0wMS1wcmV2aWV3",
+ "RequestUri": "/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/jitNetworkAccessPolicies?api-version=2020-01-01",
+ "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvNDg3YmI0ODUtYjViMC00NzFlLTljMGQtMTA3MTc2MTJmODY5L3Jlc291cmNlR3JvdXBzL215U2VydmljZTEvcHJvdmlkZXJzL01pY3Jvc29mdC5TZWN1cml0eS9qaXROZXR3b3JrQWNjZXNzUG9saWNpZXM/YXBpLXZlcnNpb249MjAyMC0wMS0wMQ==",
"RequestMethod": "GET",
"RequestBody": "",
"RequestHeaders": {
diff --git a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/JitNetworkAccessPoliciesTests/JitNetworkAccessPolicies_ListByResourceGroupAndRegion.json b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/JitNetworkAccessPoliciesTests/JitNetworkAccessPolicies_ListByResourceGroupAndRegion.json
index 8b9c07d8c600b..26a8eaca594df 100644
--- a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/JitNetworkAccessPoliciesTests/JitNetworkAccessPolicies_ListByResourceGroupAndRegion.json
+++ b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/JitNetworkAccessPoliciesTests/JitNetworkAccessPolicies_ListByResourceGroupAndRegion.json
@@ -1,8 +1,8 @@
{
"Entries": [
{
- "RequestUri": "/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/northeurope/jitNetworkAccessPolicies?api-version=2015-06-01-preview",
- "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvNDg3YmI0ODUtYjViMC00NzFlLTljMGQtMTA3MTc2MTJmODY5L3Jlc291cmNlR3JvdXBzL215U2VydmljZTEvcHJvdmlkZXJzL01pY3Jvc29mdC5TZWN1cml0eS9sb2NhdGlvbnMvbm9ydGhldXJvcGUvaml0TmV0d29ya0FjY2Vzc1BvbGljaWVzP2FwaS12ZXJzaW9uPTIwMTUtMDYtMDEtcHJldmlldw==",
+ "RequestUri": "/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/northeurope/jitNetworkAccessPolicies?api-version=2020-01-01",
+ "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvNDg3YmI0ODUtYjViMC00NzFlLTljMGQtMTA3MTc2MTJmODY5L3Jlc291cmNlR3JvdXBzL215U2VydmljZTEvcHJvdmlkZXJzL01pY3Jvc29mdC5TZWN1cml0eS9sb2NhdGlvbnMvbm9ydGhldXJvcGUvaml0TmV0d29ya0FjY2Vzc1BvbGljaWVzP2FwaS12ZXJzaW9uPTIwMjAtMDEtMDE=",
"RequestMethod": "GET",
"RequestBody": "",
"RequestHeaders": {
diff --git a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/SecurityAlertsTests/SecurityAlerts_UpdateResourceGroupLevelAlertState.json b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/SecurityAlertsTests/SecurityAlerts_UpdateResourceGroupLevelAlertState.json
index 32e5311b51d1c..c38f3340fc8a3 100644
--- a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/SecurityAlertsTests/SecurityAlerts_UpdateResourceGroupLevelAlertState.json
+++ b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/SecurityAlertsTests/SecurityAlerts_UpdateResourceGroupLevelAlertState.json
@@ -61,12 +61,12 @@
"-1"
]
},
- "ResponseBody": "{\r\n \"value\": [\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Security/locations/westeurope/alerts/2518136982923187680_ef6aa4e6-9c60-4405-8f08-f465e8e50cd2\",\r\n \"name\": \"2518136982923187680_ef6aa4e6-9c60-4405-8f08-f465e8e50cd2\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft\",\r\n \"alertDisplayName\": \"Azure Security Center test alert (not a threat)\",\r\n \"alertName\": \"VM_EICAR\",\r\n \"detectedTimeUtc\": \"2020-05-04T14:28:27.6812319Z\",\r\n \"description\": \"This is a test alert generated by Azure Security Center. No further action is needed.\",\r\n \"remediationSteps\": \"No further action is needed.\",\r\n \"actionTaken\": \"Undefined\",\r\n \"reportedSeverity\": \"High\",\r\n \"compromisedEntity\": \"ALERTSTEST\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"ef6aa4e6-9c60-4405-8f08-f465e8e50cd2\",\r\n \"extendedProperties\": {\r\n \"compromised Host\": \"ALERTSTEST\",\r\n \"user Name\": \"WORKGROUP\\\\alertsTest$\",\r\n \"account Session Id\": \"0x3e7\",\r\n \"suspicious Process\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe\",\r\n \"suspicious Command Line\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"parent Process\": \"c:\\\\windows\\\\system32\\\\svchost.exe\",\r\n \"suspicious Process Id\": \"0x688\",\r\n \"arguments Auditing Enabled\": \"true\",\r\n \"enrichment_tas_threat__reports\": \"{\\\"Kind\\\":\\\"MultiLink\\\",\\\"DisplayValueToUrlDictionary\\\":{\\\"Report: EICAR File\\\":\\\"https://interflowwebportalext.trafficmanager.net/reports/DisplayReport?callerIdentity=ddd5443d-e6f4-441c-b52b-5278d2f21dfa&reportCreateDateTime=2020-05-04T09%3a13%3a05&reportName=MSTI-TS-EICAR-File.pdf&tenantId=387eb67f-0039-43ad-81b9-b66c6c0b1951&urlCreateDateTime=2020-05-04T09%3a13%3a05&token=aRLLv1q8UI%20eVn54OVy%20WbqcH7H9dSGDUOuWywymCrQ=\\\"}}\",\r\n \"resourceType\": \"Virtual Machine\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2020-05-04T14:29:05.5983077Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/mainws/providers/microsoft.operationalinsights/workspaces/securityuserws\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": [\r\n {\r\n \"$id\": \"westeurope_1\",\r\n \"dnsDomain\": \"\",\r\n \"ntDomain\": \"\",\r\n \"hostName\": \"ALERTSTEST\",\r\n \"netBiosName\": \"ALERTSTEST\",\r\n \"azureID\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"omsAgentID\": \"6bc4f1df-17e1-40f0-8227-f1635aea54dd\",\r\n \"osFamily\": \"Windows\",\r\n \"osVersion\": \"Windows\",\r\n \"isDomainJoined\": false,\r\n \"type\": \"host\"\r\n },\r\n {\r\n \"$id\": \"westeurope_2\",\r\n \"directory\": \"c:\\\\windows\\\\system32\",\r\n \"name\": \"svchost.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_3\",\r\n \"processId\": \"0x6ec\",\r\n \"commandLine\": \"\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_2\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_1\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_4\",\r\n \"name\": \"alertsTest$\",\r\n \"ntDomain\": \"WORKGROUP\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_1\"\r\n },\r\n \"sid\": \"S-1-5-18\",\r\n \"isDomainJoined\": true,\r\n \"type\": \"account\",\r\n \"LogonId\": \"0x3e7\"\r\n },\r\n {\r\n \"$id\": \"westeurope_5\",\r\n \"directory\": \"c:\\\\scripts\",\r\n \"name\": \"asc_alerttest_662jfi039n.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_6\",\r\n \"processId\": \"0x688\",\r\n \"commandLine\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"elevationToken\": \"Default\",\r\n \"creationTimeUtc\": \"2020-05-04T14:28:27.6812319Z\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_5\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_4\"\r\n },\r\n \"parentProcess\": {\r\n \"$ref\": \"westeurope_3\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_1\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_7\",\r\n \"sessionId\": \"0x3e7\",\r\n \"startTimeUtc\": \"2020-05-04T14:28:27.6812319Z\",\r\n \"endTimeUtc\": \"2020-05-04T14:28:27.6812319Z\",\r\n \"type\": \"host-logon-session\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_1\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_4\"\r\n }\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Security/locations/westeurope/alerts/2518137000923212703_d25bac04-7492-4ece-9d75-7a377d74d833\",\r\n \"name\": \"2518137000923212703_d25bac04-7492-4ece-9d75-7a377d74d833\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft\",\r\n \"alertDisplayName\": \"Azure Security Center test alert (not a threat)\",\r\n \"alertName\": \"VM_EICAR\",\r\n \"detectedTimeUtc\": \"2020-05-04T13:58:27.6787296Z\",\r\n \"description\": \"This is a test alert generated by Azure Security Center. No further action is needed.\",\r\n \"remediationSteps\": \"No further action is needed.\",\r\n \"actionTaken\": \"Undefined\",\r\n \"reportedSeverity\": \"High\",\r\n \"compromisedEntity\": \"ALERTSTEST\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"d25bac04-7492-4ece-9d75-7a377d74d833\",\r\n \"extendedProperties\": {\r\n \"compromised Host\": \"ALERTSTEST\",\r\n \"user Name\": \"WORKGROUP\\\\alertsTest$\",\r\n \"account Session Id\": \"0x3e7\",\r\n \"suspicious Process\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe\",\r\n \"suspicious Command Line\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"parent Process\": \"c:\\\\windows\\\\system32\\\\svchost.exe\",\r\n \"suspicious Process Id\": \"0x1c7c\",\r\n \"arguments Auditing Enabled\": \"true\",\r\n \"enrichment_tas_threat__reports\": \"{\\\"Kind\\\":\\\"MultiLink\\\",\\\"DisplayValueToUrlDictionary\\\":{\\\"Report: EICAR File\\\":\\\"https://interflowwebportalext.trafficmanager.net/reports/DisplayReport?callerIdentity=ddd5443d-e6f4-441c-b52b-5278d2f21dfa&reportCreateDateTime=2020-05-04T09%3a13%3a05&reportName=MSTI-TS-EICAR-File.pdf&tenantId=387eb67f-0039-43ad-81b9-b66c6c0b1951&urlCreateDateTime=2020-05-04T09%3a13%3a05&token=aRLLv1q8UI%20eVn54OVy%20WbqcH7H9dSGDUOuWywymCrQ=\\\"}}\",\r\n \"resourceType\": \"Virtual Machine\"\r\n },\r\n \"state\": \"Dismissed\",\r\n \"reportedTimeUtc\": \"2020-05-04T13:58:34.2198556Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/mainws/providers/microsoft.operationalinsights/workspaces/securityuserws\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": [\r\n {\r\n \"$id\": \"westeurope_8\",\r\n \"dnsDomain\": \"\",\r\n \"ntDomain\": \"\",\r\n \"hostName\": \"ALERTSTEST\",\r\n \"netBiosName\": \"ALERTSTEST\",\r\n \"azureID\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"omsAgentID\": \"6bc4f1df-17e1-40f0-8227-f1635aea54dd\",\r\n \"osFamily\": \"Windows\",\r\n \"osVersion\": \"Windows\",\r\n \"isDomainJoined\": false,\r\n \"type\": \"host\"\r\n },\r\n {\r\n \"$id\": \"westeurope_9\",\r\n \"directory\": \"c:\\\\windows\\\\system32\",\r\n \"name\": \"svchost.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_10\",\r\n \"processId\": \"0x6ec\",\r\n \"commandLine\": \"\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_9\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_8\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_11\",\r\n \"name\": \"alertsTest$\",\r\n \"ntDomain\": \"WORKGROUP\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_8\"\r\n },\r\n \"sid\": \"S-1-5-18\",\r\n \"isDomainJoined\": true,\r\n \"type\": \"account\",\r\n \"LogonId\": \"0x3e7\"\r\n },\r\n {\r\n \"$id\": \"westeurope_12\",\r\n \"directory\": \"c:\\\\scripts\",\r\n \"name\": \"asc_alerttest_662jfi039n.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_13\",\r\n \"processId\": \"0x1c7c\",\r\n \"commandLine\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"elevationToken\": \"Default\",\r\n \"creationTimeUtc\": \"2020-05-04T13:58:27.6787296Z\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_12\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_11\"\r\n },\r\n \"parentProcess\": {\r\n \"$ref\": \"westeurope_10\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_8\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_14\",\r\n \"sessionId\": \"0x3e7\",\r\n \"startTimeUtc\": \"2020-05-04T13:58:27.6787296Z\",\r\n \"endTimeUtc\": \"2020-05-04T13:58:27.6787296Z\",\r\n \"type\": \"host-logon-session\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_8\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_11\"\r\n }\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Security/locations/westeurope/alerts/2518137018913138372_93d99441-2eff-436e-ab25-0307b3484bb4\",\r\n \"name\": \"2518137018913138372_93d99441-2eff-436e-ab25-0307b3484bb4\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft\",\r\n \"alertDisplayName\": \"Azure Security Center test alert (not a threat)\",\r\n \"alertName\": \"VM_EICAR\",\r\n \"detectedTimeUtc\": \"2020-05-04T13:28:28.6861627Z\",\r\n \"description\": \"This is a test alert generated by Azure Security Center. No further action is needed.\",\r\n \"remediationSteps\": \"No further action is needed.\",\r\n \"actionTaken\": \"Undefined\",\r\n \"reportedSeverity\": \"High\",\r\n \"compromisedEntity\": \"ALERTSTEST\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"93d99441-2eff-436e-ab25-0307b3484bb4\",\r\n \"extendedProperties\": {\r\n \"compromised Host\": \"ALERTSTEST\",\r\n \"user Name\": \"WORKGROUP\\\\alertsTest$\",\r\n \"account Session Id\": \"0x3e7\",\r\n \"suspicious Process\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe\",\r\n \"suspicious Command Line\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"parent Process\": \"c:\\\\windows\\\\system32\\\\svchost.exe\",\r\n \"suspicious Process Id\": \"0x122c\",\r\n \"arguments Auditing Enabled\": \"true\",\r\n \"enrichment_tas_threat__reports\": \"{\\\"Kind\\\":\\\"MultiLink\\\",\\\"DisplayValueToUrlDictionary\\\":{\\\"Report: EICAR File\\\":\\\"https://interflowwebportalext.trafficmanager.net/reports/DisplayReport?callerIdentity=ddd5443d-e6f4-441c-b52b-5278d2f21dfa&reportCreateDateTime=2020-05-04T08%3a32%3a57&reportName=MSTI-TS-EICAR-File.pdf&tenantId=1c68e967-70a6-4cda-a34b-6d281cffe06e&urlCreateDateTime=2020-05-04T08%3a32%3a57&token=s7wyF62JLdEde8/SccnrGqIJxUOajFUpTETdhi3lCyY=\\\"}}\",\r\n \"resourceType\": \"Virtual Machine\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2020-05-04T13:28:59.9528247Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/mainws/providers/microsoft.operationalinsights/workspaces/securityuserws\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": [\r\n {\r\n \"$id\": \"westeurope_15\",\r\n \"dnsDomain\": \"\",\r\n \"ntDomain\": \"\",\r\n \"hostName\": \"ALERTSTEST\",\r\n \"netBiosName\": \"ALERTSTEST\",\r\n \"azureID\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"omsAgentID\": \"6bc4f1df-17e1-40f0-8227-f1635aea54dd\",\r\n \"osFamily\": \"Windows\",\r\n \"osVersion\": \"Windows\",\r\n \"isDomainJoined\": false,\r\n \"type\": \"host\"\r\n },\r\n {\r\n \"$id\": \"westeurope_16\",\r\n \"directory\": \"c:\\\\windows\\\\system32\",\r\n \"name\": \"svchost.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_17\",\r\n \"processId\": \"0x6ec\",\r\n \"commandLine\": \"\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_16\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_15\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_18\",\r\n \"name\": \"alertsTest$\",\r\n \"ntDomain\": \"WORKGROUP\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_15\"\r\n },\r\n \"sid\": \"S-1-5-18\",\r\n \"isDomainJoined\": true,\r\n \"type\": \"account\",\r\n \"LogonId\": \"0x3e7\"\r\n },\r\n {\r\n \"$id\": \"westeurope_19\",\r\n \"directory\": \"c:\\\\scripts\",\r\n \"name\": \"asc_alerttest_662jfi039n.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_20\",\r\n \"processId\": \"0x122c\",\r\n \"commandLine\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"elevationToken\": \"Default\",\r\n \"creationTimeUtc\": \"2020-05-04T13:28:28.6861627Z\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_19\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_18\"\r\n },\r\n \"parentProcess\": {\r\n \"$ref\": \"westeurope_17\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_15\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_21\",\r\n \"sessionId\": \"0x3e7\",\r\n \"startTimeUtc\": \"2020-05-04T13:28:28.6861627Z\",\r\n \"endTimeUtc\": \"2020-05-04T13:28:28.6861627Z\",\r\n \"type\": \"host-logon-session\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_15\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_18\"\r\n }\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Security/locations/westeurope/alerts/2518137035665338254_a345cb85-18aa-4d14-9293-e4d2ba15cb9d\",\r\n \"name\": \"2518137035665338254_a345cb85-18aa-4d14-9293-e4d2ba15cb9d\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft\",\r\n \"alertDisplayName\": \"Azure Security Center test alert (not a threat)\",\r\n \"alertName\": \"VM_EICAR\",\r\n \"detectedTimeUtc\": \"2020-05-04T13:00:33.4661745Z\",\r\n \"description\": \"This is a test alert generated by Azure Security Center. No further action is needed.\",\r\n \"remediationSteps\": \"No further action is needed.\",\r\n \"actionTaken\": \"Undefined\",\r\n \"reportedSeverity\": \"High\",\r\n \"compromisedEntity\": \"ALERTSTEST\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"a345cb85-18aa-4d14-9293-e4d2ba15cb9d\",\r\n \"extendedProperties\": {\r\n \"compromised Host\": \"ALERTSTEST\",\r\n \"user Name\": \"WORKGROUP\\\\alertsTest$\",\r\n \"account Session Id\": \"0x3e7\",\r\n \"suspicious Process\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe\",\r\n \"suspicious Command Line\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"parent Process\": \"c:\\\\windows\\\\system32\\\\svchost.exe\",\r\n \"suspicious Process Id\": \"0xe38\",\r\n \"arguments Auditing Enabled\": \"true\",\r\n \"enrichment_tas_threat__reports\": \"{\\\"Kind\\\":\\\"MultiLink\\\",\\\"DisplayValueToUrlDictionary\\\":{\\\"Report: EICAR File\\\":\\\"https://interflowwebportalext.trafficmanager.net/reports/DisplayReport?callerIdentity=ddd5443d-e6f4-441c-b52b-5278d2f21dfa&reportCreateDateTime=2020-05-04T09%3a13%3a05&reportName=MSTI-TS-EICAR-File.pdf&tenantId=387eb67f-0039-43ad-81b9-b66c6c0b1951&urlCreateDateTime=2020-05-04T09%3a13%3a05&token=aRLLv1q8UI%20eVn54OVy%20WbqcH7H9dSGDUOuWywymCrQ=\\\"}}\",\r\n \"resourceType\": \"Virtual Machine\"\r\n },\r\n \"state\": \"Dismissed\",\r\n \"reportedTimeUtc\": \"2020-05-04T13:00:37.889087Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/mainws/providers/microsoft.operationalinsights/workspaces/securityuserws\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": [\r\n {\r\n \"$id\": \"westeurope_22\",\r\n \"dnsDomain\": \"\",\r\n \"ntDomain\": \"\",\r\n \"hostName\": \"ALERTSTEST\",\r\n \"netBiosName\": \"ALERTSTEST\",\r\n \"azureID\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"omsAgentID\": \"6bc4f1df-17e1-40f0-8227-f1635aea54dd\",\r\n \"osFamily\": \"Windows\",\r\n \"osVersion\": \"Windows\",\r\n \"isDomainJoined\": false,\r\n \"type\": \"host\"\r\n },\r\n {\r\n \"$id\": \"westeurope_23\",\r\n \"directory\": \"c:\\\\windows\\\\system32\",\r\n \"name\": \"svchost.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_24\",\r\n \"processId\": \"0x6ec\",\r\n \"commandLine\": \"\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_23\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_22\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_25\",\r\n \"name\": \"alertsTest$\",\r\n \"ntDomain\": \"WORKGROUP\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_22\"\r\n },\r\n \"sid\": \"S-1-5-18\",\r\n \"isDomainJoined\": true,\r\n \"type\": \"account\",\r\n \"LogonId\": \"0x3e7\"\r\n },\r\n {\r\n \"$id\": \"westeurope_26\",\r\n \"directory\": \"c:\\\\scripts\",\r\n \"name\": \"asc_alerttest_662jfi039n.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_27\",\r\n \"processId\": \"0xe38\",\r\n \"commandLine\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"elevationToken\": \"Default\",\r\n \"creationTimeUtc\": \"2020-05-04T13:00:33.4661745Z\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_26\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_25\"\r\n },\r\n \"parentProcess\": {\r\n \"$ref\": \"westeurope_24\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_22\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_28\",\r\n \"sessionId\": \"0x3e7\",\r\n \"startTimeUtc\": \"2020-05-04T13:00:33.4661745Z\",\r\n \"endTimeUtc\": \"2020-05-04T13:00:33.4661745Z\",\r\n \"type\": \"host-logon-session\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_22\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_25\"\r\n }\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Security/locations/westeurope/alerts/2518137036458453383_d763b77f-129c-4e95-af39-5c4b4c411b5b\",\r\n \"name\": \"2518137036458453383_d763b77f-129c-4e95-af39-5c4b4c411b5b\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft\",\r\n \"alertDisplayName\": \"Azure Security Center test alert (not a threat)\",\r\n \"alertName\": \"VM_EICAR\",\r\n \"detectedTimeUtc\": \"2020-05-04T12:59:14.1546616Z\",\r\n \"description\": \"This is a test alert generated by Azure Security Center. No further action is needed.\",\r\n \"remediationSteps\": \"No further action is needed.\",\r\n \"actionTaken\": \"Undefined\",\r\n \"reportedSeverity\": \"High\",\r\n \"compromisedEntity\": \"ALERTSTEST\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"d763b77f-129c-4e95-af39-5c4b4c411b5b\",\r\n \"extendedProperties\": {\r\n \"compromised Host\": \"ALERTSTEST\",\r\n \"user Name\": \"WORKGROUP\\\\alertsTest$\",\r\n \"account Session Id\": \"0x3e7\",\r\n \"suspicious Process\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe\",\r\n \"suspicious Command Line\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"parent Process\": \"c:\\\\windows\\\\system32\\\\svchost.exe\",\r\n \"suspicious Process Id\": \"0xe7c\",\r\n \"arguments Auditing Enabled\": \"true\",\r\n \"enrichment_tas_threat__reports\": \"{\\\"Kind\\\":\\\"MultiLink\\\",\\\"DisplayValueToUrlDictionary\\\":{\\\"Report: EICAR File\\\":\\\"https://interflowwebportalext.trafficmanager.net/reports/DisplayReport?callerIdentity=ddd5443d-e6f4-441c-b52b-5278d2f21dfa&reportCreateDateTime=2020-05-04T08%3a32%3a57&reportName=MSTI-TS-EICAR-File.pdf&tenantId=1c68e967-70a6-4cda-a34b-6d281cffe06e&urlCreateDateTime=2020-05-04T08%3a32%3a57&token=s7wyF62JLdEde8/SccnrGqIJxUOajFUpTETdhi3lCyY=\\\"}}\",\r\n \"resourceType\": \"Virtual Machine\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2020-05-04T12:59:35.6273663Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/mainws/providers/microsoft.operationalinsights/workspaces/securityuserws\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": [\r\n {\r\n \"$id\": \"westeurope_29\",\r\n \"dnsDomain\": \"\",\r\n \"ntDomain\": \"\",\r\n \"hostName\": \"ALERTSTEST\",\r\n \"netBiosName\": \"ALERTSTEST\",\r\n \"azureID\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"omsAgentID\": \"6bc4f1df-17e1-40f0-8227-f1635aea54dd\",\r\n \"osFamily\": \"Windows\",\r\n \"osVersion\": \"Windows\",\r\n \"isDomainJoined\": false,\r\n \"type\": \"host\"\r\n },\r\n {\r\n \"$id\": \"westeurope_30\",\r\n \"directory\": \"c:\\\\windows\\\\system32\",\r\n \"name\": \"svchost.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_31\",\r\n \"processId\": \"0x6ec\",\r\n \"commandLine\": \"\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_30\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_29\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_32\",\r\n \"name\": \"alertsTest$\",\r\n \"ntDomain\": \"WORKGROUP\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_29\"\r\n },\r\n \"sid\": \"S-1-5-18\",\r\n \"isDomainJoined\": true,\r\n \"type\": \"account\",\r\n \"LogonId\": \"0x3e7\"\r\n },\r\n {\r\n \"$id\": \"westeurope_33\",\r\n \"directory\": \"c:\\\\scripts\",\r\n \"name\": \"asc_alerttest_662jfi039n.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_34\",\r\n \"processId\": \"0xe7c\",\r\n \"commandLine\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"elevationToken\": \"Default\",\r\n \"creationTimeUtc\": \"2020-05-04T12:59:14.1546616Z\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_33\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_32\"\r\n },\r\n \"parentProcess\": {\r\n \"$ref\": \"westeurope_31\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_29\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_35\",\r\n \"sessionId\": \"0x3e7\",\r\n \"startTimeUtc\": \"2020-05-04T12:59:14.1546616Z\",\r\n \"endTimeUtc\": \"2020-05-04T12:59:14.1546616Z\",\r\n \"type\": \"host-logon-session\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_29\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_32\"\r\n }\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Security/locations/westeurope/alerts/2518137036914144805_a3d0999b-cdfc-41d9-9d28-ee1335f03081\",\r\n \"name\": \"2518137036914144805_a3d0999b-cdfc-41d9-9d28-ee1335f03081\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft\",\r\n \"alertDisplayName\": \"Azure Security Center test alert (not a threat)\",\r\n \"alertName\": \"VM_EICAR\",\r\n \"detectedTimeUtc\": \"2020-05-04T12:58:28.5855194Z\",\r\n \"description\": \"This is a test alert generated by Azure Security Center. No further action is needed.\",\r\n \"remediationSteps\": \"No further action is needed.\",\r\n \"actionTaken\": \"Undefined\",\r\n \"reportedSeverity\": \"High\",\r\n \"compromisedEntity\": \"ALERTSTEST\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"a3d0999b-cdfc-41d9-9d28-ee1335f03081\",\r\n \"extendedProperties\": {\r\n \"compromised Host\": \"ALERTSTEST\",\r\n \"user Name\": \"WORKGROUP\\\\alertsTest$\",\r\n \"account Session Id\": \"0x3e7\",\r\n \"suspicious Process\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe\",\r\n \"suspicious Command Line\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"parent Process\": \"c:\\\\windows\\\\system32\\\\svchost.exe\",\r\n \"suspicious Process Id\": \"0xfac\",\r\n \"arguments Auditing Enabled\": \"true\",\r\n \"enrichment_tas_threat__reports\": \"{\\\"Kind\\\":\\\"MultiLink\\\",\\\"DisplayValueToUrlDictionary\\\":{\\\"Report: EICAR File\\\":\\\"https://interflowwebportalext.trafficmanager.net/reports/DisplayReport?callerIdentity=ddd5443d-e6f4-441c-b52b-5278d2f21dfa&reportCreateDateTime=2020-05-04T09%3a23%3a00&reportName=MSTI-TS-EICAR-File.pdf&tenantId=b11492db-77a6-4ec0-9ff7-17b6ba420e1e&urlCreateDateTime=2020-05-04T09%3a23%3a00&token=XhSuWhrbEKAk2sXS1TcK0SVTLOehFDirzLCUSUoWPL4=\\\"}}\",\r\n \"resourceType\": \"Virtual Machine\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2020-05-04T12:58:46.4927078Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/mainws/providers/microsoft.operationalinsights/workspaces/securityuserws\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": [\r\n {\r\n \"$id\": \"westeurope_36\",\r\n \"dnsDomain\": \"\",\r\n \"ntDomain\": \"\",\r\n \"hostName\": \"ALERTSTEST\",\r\n \"netBiosName\": \"ALERTSTEST\",\r\n \"azureID\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"omsAgentID\": \"6bc4f1df-17e1-40f0-8227-f1635aea54dd\",\r\n \"osFamily\": \"Windows\",\r\n \"osVersion\": \"Windows\",\r\n \"isDomainJoined\": false,\r\n \"type\": \"host\"\r\n },\r\n {\r\n \"$id\": \"westeurope_37\",\r\n \"directory\": \"c:\\\\windows\\\\system32\",\r\n \"name\": \"svchost.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_38\",\r\n \"processId\": \"0x6ec\",\r\n \"commandLine\": \"\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_37\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_36\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_39\",\r\n \"name\": \"alertsTest$\",\r\n \"ntDomain\": \"WORKGROUP\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_36\"\r\n },\r\n \"sid\": \"S-1-5-18\",\r\n \"isDomainJoined\": true,\r\n \"type\": \"account\",\r\n \"LogonId\": \"0x3e7\"\r\n },\r\n {\r\n \"$id\": \"westeurope_40\",\r\n \"directory\": \"c:\\\\scripts\",\r\n \"name\": \"asc_alerttest_662jfi039n.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_41\",\r\n \"processId\": \"0xfac\",\r\n \"commandLine\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"elevationToken\": \"Default\",\r\n \"creationTimeUtc\": \"2020-05-04T12:58:28.5855194Z\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_40\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_39\"\r\n },\r\n \"parentProcess\": {\r\n \"$ref\": \"westeurope_38\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_36\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_42\",\r\n \"sessionId\": \"0x3e7\",\r\n \"startTimeUtc\": \"2020-05-04T12:58:28.5855194Z\",\r\n \"endTimeUtc\": \"2020-05-04T12:58:28.5855194Z\",\r\n \"type\": \"host-logon-session\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_36\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_39\"\r\n }\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Security/locations/westeurope/alerts/2518137037321194617_adafe5f0-ade9-47b4-86f3-3155038827f6\",\r\n \"name\": \"2518137037321194617_adafe5f0-ade9-47b4-86f3-3155038827f6\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft\",\r\n \"alertDisplayName\": \"Azure Security Center test alert (not a threat)\",\r\n \"alertName\": \"VM_EICAR\",\r\n \"detectedTimeUtc\": \"2020-05-04T12:57:47.8805382Z\",\r\n \"description\": \"This is a test alert generated by Azure Security Center. No further action is needed.\",\r\n \"remediationSteps\": \"No further action is needed.\",\r\n \"actionTaken\": \"Undefined\",\r\n \"reportedSeverity\": \"High\",\r\n \"compromisedEntity\": \"ALERTSTEST\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"adafe5f0-ade9-47b4-86f3-3155038827f6\",\r\n \"extendedProperties\": {\r\n \"compromised Host\": \"ALERTSTEST\",\r\n \"user Name\": \"WORKGROUP\\\\alertsTest$\",\r\n \"account Session Id\": \"0x3e7\",\r\n \"suspicious Process\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe\",\r\n \"suspicious Command Line\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"parent Process\": \"c:\\\\windows\\\\system32\\\\svchost.exe\",\r\n \"suspicious Process Id\": \"0x1d50\",\r\n \"arguments Auditing Enabled\": \"true\",\r\n \"enrichment_tas_threat__reports\": \"{\\\"Kind\\\":\\\"MultiLink\\\",\\\"DisplayValueToUrlDictionary\\\":{\\\"Report: EICAR File\\\":\\\"https://interflowwebportalext.trafficmanager.net/reports/DisplayReport?callerIdentity=ddd5443d-e6f4-441c-b52b-5278d2f21dfa&reportCreateDateTime=2020-05-04T08%3a32%3a57&reportName=MSTI-TS-EICAR-File.pdf&tenantId=1c68e967-70a6-4cda-a34b-6d281cffe06e&urlCreateDateTime=2020-05-04T08%3a32%3a57&token=s7wyF62JLdEde8/SccnrGqIJxUOajFUpTETdhi3lCyY=\\\"}}\",\r\n \"resourceType\": \"Virtual Machine\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2020-05-04T12:57:53.7990186Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/mainws/providers/microsoft.operationalinsights/workspaces/securityuserws\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": [\r\n {\r\n \"$id\": \"westeurope_43\",\r\n \"dnsDomain\": \"\",\r\n \"ntDomain\": \"\",\r\n \"hostName\": \"ALERTSTEST\",\r\n \"netBiosName\": \"ALERTSTEST\",\r\n \"azureID\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Compute/virtualMachines/alertsTest\",\r\n \"omsAgentID\": \"6bc4f1df-17e1-40f0-8227-f1635aea54dd\",\r\n \"osFamily\": \"Windows\",\r\n \"osVersion\": \"Windows\",\r\n \"isDomainJoined\": false,\r\n \"type\": \"host\"\r\n },\r\n {\r\n \"$id\": \"westeurope_44\",\r\n \"directory\": \"c:\\\\windows\\\\system32\",\r\n \"name\": \"svchost.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_45\",\r\n \"processId\": \"0x6ec\",\r\n \"commandLine\": \"\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_44\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_43\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_46\",\r\n \"name\": \"alertsTest$\",\r\n \"ntDomain\": \"WORKGROUP\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_43\"\r\n },\r\n \"sid\": \"S-1-5-18\",\r\n \"isDomainJoined\": true,\r\n \"type\": \"account\",\r\n \"LogonId\": \"0x3e7\"\r\n },\r\n {\r\n \"$id\": \"westeurope_47\",\r\n \"directory\": \"c:\\\\scripts\",\r\n \"name\": \"asc_alerttest_662jfi039n.exe\",\r\n \"type\": \"file\"\r\n },\r\n {\r\n \"$id\": \"westeurope_48\",\r\n \"processId\": \"0x1d50\",\r\n \"commandLine\": \"c:\\\\scripts\\\\asc_alerttest_662jfi039n.exe -foo\",\r\n \"elevationToken\": \"Default\",\r\n \"creationTimeUtc\": \"2020-05-04T12:57:47.8805382Z\",\r\n \"imageFile\": {\r\n \"$ref\": \"westeurope_47\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_46\"\r\n },\r\n \"parentProcess\": {\r\n \"$ref\": \"westeurope_45\"\r\n },\r\n \"host\": {\r\n \"$ref\": \"westeurope_43\"\r\n },\r\n \"type\": \"process\"\r\n },\r\n {\r\n \"$id\": \"westeurope_49\",\r\n \"sessionId\": \"0x3e7\",\r\n \"startTimeUtc\": \"2020-05-04T12:57:47.8805382Z\",\r\n \"endTimeUtc\": \"2020-05-04T12:57:47.8805382Z\",\r\n \"type\": \"host-logon-session\",\r\n \"host\": {\r\n \"$ref\": \"westeurope_43\"\r\n },\r\n \"account\": {\r\n \"$ref\": \"westeurope_46\"\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n}",
+ "ResponseBody": "{\r\n \"value\": [\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/rg/providers/Microsoft.Security/locations/centralus/alerts/2518532788749999999_66276b36-db2a-4b2c-84ad-9676fe753a01\",\r\n \"name\": \"2518532788749999999_66276b36-db2a-4b2c-84ad-9676fe753a01\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft\",\r\n \"alertDisplayName\": \"Web fingerprinting detected\",\r\n \"alertName\": \"APPS_Nmap\",\r\n \"detectedTimeUtc\": \"2019-03-03T17:40:43Z\",\r\n \"description\": \"Azure App Service activity log indicates a possible web fingerprinting activity on your App Service resource.The suspicious activity detected is associated with NMAP. Attackers often use this tool for probing the web application to find vulnerabilities.\",\r\n \"remediationSteps\": \"If only specific IP addresses should be allowed to access the web app, set IP restrictions (https://docs.microsoft.com/azure/app-service/app-service-ip-restrictions) for it.\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"High\",\r\n \"compromisedEntity\": \"sitename\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/rg/providers/Microsoft.Web/sites/sitename\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"b3d77198-6f95-40ed-9675-10001c2e93cc\",\r\n \"extendedProperties\": {\r\n \"last Event Time\": \"2/11/2019 5:40:46 PM\",\r\n \"sample URIs\": \"/sdk, /, /.git/HEAD, /favicon.ico, /evox/about, /robots.txt, /nmaplowercheck1549906843, /HNAP1\",\r\n \"sample User Agents\": \"Mozilla/5.0+(compatible;+Nmap+Scripting+Engine;+https://nmap.org/book/nse.html)\",\r\n \"sample Referer\": \"-\",\r\n \"resourceType\": \"App Service\"\r\n },\r\n \"state\": \"Dismissed\",\r\n \"reportedTimeUtc\": \"2019-03-03T20:41:03.846Z\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": [\r\n {\r\n \"$id\": \"centralus_1\",\r\n \"hostName\": \"sitename\",\r\n \"azureID\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/rg/providers/Microsoft.Web/sites/sitename\",\r\n \"type\": \"host\"\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/providers/Microsoft.Security/locations/centralus/alerts/2518532788749999999_66276b36-db2a-4b2c-84ad-9676fe753a02\",\r\n \"name\": \"2518532788749999999_66276b36-db2a-4b2c-84ad-9676fe753a02\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft\",\r\n \"alertDisplayName\": \"Web fingerprinting detected\",\r\n \"alertName\": \"APPS_Nmap\",\r\n \"detectedTimeUtc\": \"2019-03-03T17:40:43Z\",\r\n \"description\": \"Azure App Service activity log indicates a possible web fingerprinting activity on your App Service resource.The suspicious activity detected is associated with NMAP. Attackers often use this tool for probing the web application to find vulnerabilities.\",\r\n \"remediationSteps\": \"If only specific IP addresses should be allowed to access the web app, set IP restrictions (https://docs.microsoft.com/azure/app-service/app-service-ip-restrictions) for it.\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"High\",\r\n \"compromisedEntity\": \"sitename\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/providers/Microsoft.Web/sites/sitename\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"b3d77198-6f95-40ed-9675-10001c2e93cd\",\r\n \"extendedProperties\": {\r\n \"last Event Time\": \"2/11/2019 5:40:46 PM\",\r\n \"sample URIs\": \"/sdk, /, /.git/HEAD, /favicon.ico, /evox/about, /robots.txt, /nmaplowercheck1549906843, /HNAP1\",\r\n \"sample User Agents\": \"Mozilla/5.0+(compatible;+Nmap+Scripting+Engine;+https://nmap.org/book/nse.html)\",\r\n \"sample Referer\": \"-\",\r\n \"resourceType\": \"App Service\"\r\n },\r\n \"state\": \"Dismissed\",\r\n \"reportedTimeUtc\": \"2019-03-03T20:41:03.846Z\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": [\r\n {\r\n \"$id\": \"centralus_2\",\r\n \"hostName\": \"sitename\",\r\n \"azureID\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/providers/Microsoft.Web/sites/sitename\",\r\n \"type\": \"host\"\r\n }\r\n ]\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518505891999999999_c908c4ae-9a04-4d98-bb7e-18c82dfd9a81\",\r\n \"name\": \"2518505891999999999_c908c4ae-9a04-4d98-bb7e-18c82dfd9a81\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-04T15:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"c908c4ae-9a04-4d98-bb7e-18c82dfd9a81\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"159.192.218.25\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T16:00:11.489254Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518505927999999999_38e859b9-60eb-406d-aa42-a54dc5be9b17\",\r\n \"name\": \"2518505927999999999_38e859b9-60eb-406d-aa42-a54dc5be9b17\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-04T14:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"38e859b9-60eb-406d-aa42-a54dc5be9b17\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T15:00:56.8950851Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518505927999999999_3c3f8a61-1245-4e92-be38-ac054249f4a2\",\r\n \"name\": \"2518505927999999999_3c3f8a61-1245-4e92-be38-ac054249f4a2\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-04T14:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with scripting/generic HTTP client Matched Data: python-requests found within REQUEST_HEADERS:User-Agent: python-requests/2.6.0 CPython/2.7.5 Linux/3.10.0-957.1.3.el7.x86_64\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"3c3f8a61-1245-4e92-be38-ac054249f4a2\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T15:00:56.8950851Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518505927999999999_f646ad4c-8a5d-4355-9dfc-56a3f2521310\",\r\n \"name\": \"2518505927999999999_f646ad4c-8a5d-4355-9dfc-56a3f2521310\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-04T14:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 8)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"f646ad4c-8a5d-4355-9dfc-56a3f2521310\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T15:00:56.4081088Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518505963999999999_7e0b842e-b80f-4544-979d-952ed3b60db6\",\r\n \"name\": \"2518505963999999999_7e0b842e-b80f-4544-979d-952ed3b60db6\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-04T13:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"7e0b842e-b80f-4544-979d-952ed3b60db6\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"103.94.170.218,113.161.130.251\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T14:00:41.0033381Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506035999999999_4316a00c-7ac8-4b34-8b74-cf73e2a91b70\",\r\n \"name\": \"2518506035999999999_4316a00c-7ac8-4b34-8b74-cf73e2a91b70\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-04T11:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with scripting/generic HTTP client Matched Data: python-requests found within REQUEST_HEADERS:User-Agent: python-requests/2.6.0 CPython/2.7.5 Linux/3.10.0-957.1.3.el7.x86_64\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"4316a00c-7ac8-4b34-8b74-cf73e2a91b70\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T12:00:02.3651318Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506035999999999_553a1004-ff2f-4d39-9baf-cdb764aa6a1e\",\r\n \"name\": \"2518506035999999999_553a1004-ff2f-4d39-9baf-cdb764aa6a1e\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-04T11:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 8)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"553a1004-ff2f-4d39-9baf-cdb764aa6a1e\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T12:00:01.7153581Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506035999999999_d91570aa-65a5-46de-aee7-98b41a8027e4\",\r\n \"name\": \"2518506035999999999_d91570aa-65a5-46de-aee7-98b41a8027e4\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-04T11:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"d91570aa-65a5-46de-aee7-98b41a8027e4\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"176.32.33.80,103.212.90.36\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T12:00:02.3651318Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506071999999999_129ec79b-c7a6-4082-91af-c6733ce46447\",\r\n \"name\": \"2518506071999999999_129ec79b-c7a6-4082-91af-c6733ce46447\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-04T10:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"129ec79b-c7a6-4082-91af-c6733ce46447\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"51.83.15.87\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T11:00:48.0270644Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506071999999999_784f1ab8-ec53-4216-a522-52669e63bcde\",\r\n \"name\": \"2518506071999999999_784f1ab8-ec53-4216-a522-52669e63bcde\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-04T10:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"784f1ab8-ec53-4216-a522-52669e63bcde\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"45.115.6.194\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T11:00:48.4809846Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506179999999999_a4b834f3-2e4b-406c-bc49-1dc4339732e6\",\r\n \"name\": \"2518506179999999999_a4b834f3-2e4b-406c-bc49-1dc4339732e6\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-04T07:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 8)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"a4b834f3-2e4b-406c-bc49-1dc4339732e6\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T08:00:01.2466784Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506179999999999_e2dfaff2-872b-479b-8ead-f3473da44a88\",\r\n \"name\": \"2518506179999999999_e2dfaff2-872b-479b-8ead-f3473da44a88\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-04T07:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"e2dfaff2-872b-479b-8ead-f3473da44a88\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"179.110.123.218,176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T08:00:02.116777Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506179999999999_e67879f8-55f1-49a0-bfde-d8d076fae90e\",\r\n \"name\": \"2518506179999999999_e67879f8-55f1-49a0-bfde-d8d076fae90e\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-04T07:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with scripting/generic HTTP client Matched Data: python-requests found within REQUEST_HEADERS:User-Agent: python-requests/2.6.0 CPython/2.7.5 Linux/3.10.0-957.1.3.el7.x86_64\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"e67879f8-55f1-49a0-bfde-d8d076fae90e\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T08:00:02.116777Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506215999999999_137fc371-1c41-4da3-9f32-61dbf0c876b3\",\r\n \"name\": \"2518506215999999999_137fc371-1c41-4da3-9f32-61dbf0c876b3\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-04T06:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"137fc371-1c41-4da3-9f32-61dbf0c876b3\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"186.226.218.121,191.37.250.231\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T07:00:47.1096409Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506215999999999_d1922f41-45da-4c89-b3f0-ae2ee97ca464\",\r\n \"name\": \"2518506215999999999_d1922f41-45da-4c89-b3f0-ae2ee97ca464\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-04T06:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"d1922f41-45da-4c89-b3f0-ae2ee97ca464\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"109.73.182.157\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T07:00:46.5853915Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506251999999999_8ad58304-6c26-4379-89fc-b89fcfa1e747\",\r\n \"name\": \"2518506251999999999_8ad58304-6c26-4379-89fc-b89fcfa1e747\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-04T05:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"8ad58304-6c26-4379-89fc-b89fcfa1e747\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"185.123.233.160\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T06:00:33.4180269Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506287999999999_1ed08eec-64cc-4d93-9eea-ea73822c2320\",\r\n \"name\": \"2518506287999999999_1ed08eec-64cc-4d93-9eea-ea73822c2320\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-04T04:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"1ed08eec-64cc-4d93-9eea-ea73822c2320\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T05:00:20.5069656Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506287999999999_8f8d4f63-d98c-4e11-aa94-d1f3886b6afb\",\r\n \"name\": \"2518506287999999999_8f8d4f63-d98c-4e11-aa94-d1f3886b6afb\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-04T04:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with scripting/generic HTTP client Matched Data: python-requests found within REQUEST_HEADERS:User-Agent: python-requests/2.6.0 CPython/2.7.5 Linux/3.10.0-957.1.3.el7.x86_64\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"8f8d4f63-d98c-4e11-aa94-d1f3886b6afb\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T05:00:20.5069656Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506287999999999_e84d6d25-d3fd-4198-a9ea-8d1a695a8a0e\",\r\n \"name\": \"2518506287999999999_e84d6d25-d3fd-4198-a9ea-8d1a695a8a0e\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-04T04:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 8)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"e84d6d25-d3fd-4198-a9ea-8d1a695a8a0e\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T05:00:20.5069656Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506395999999999_025841f9-9581-450c-8349-b96da379d72c\",\r\n \"name\": \"2518506395999999999_025841f9-9581-450c-8349-b96da379d72c\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-04T01:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 8)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"025841f9-9581-450c-8349-b96da379d72c\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T02:00:39.9205038Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506395999999999_21099c91-d37e-4843-966e-55f53d3fe657\",\r\n \"name\": \"2518506395999999999_21099c91-d37e-4843-966e-55f53d3fe657\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-04T01:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with scripting/generic HTTP client Matched Data: python-requests found within REQUEST_HEADERS:User-Agent: python-requests/2.6.0 CPython/2.7.5 Linux/3.10.0-957.1.3.el7.x86_64\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"21099c91-d37e-4843-966e-55f53d3fe657\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T02:00:40.4337488Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506395999999999_997886ee-adcc-4233-b389-4f349a4e4f19\",\r\n \"name\": \"2518506395999999999_997886ee-adcc-4233-b389-4f349a4e4f19\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-04T01:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"997886ee-adcc-4233-b389-4f349a4e4f19\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T02:00:40.4337488Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506431999999999_3628cfac-0858-4075-873e-cb45feafc2d8\",\r\n \"name\": \"2518506431999999999_3628cfac-0858-4075-873e-cb45feafc2d8\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"METHOD-ENFORCEMENT\",\r\n \"alertName\": \"METHOD-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-04T00:00:00Z\",\r\n \"description\": \"Detail:Method is not allowed by policy PROPFIND\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"3628cfac-0858-4075-873e-cb45feafc2d8\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"123.206.22.203\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T01:00:24.1988577Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506431999999999_65048fd9-87b9-4d11-9570-f3ea77419866\",\r\n \"name\": \"2518506431999999999_65048fd9-87b9-4d11-9570-f3ea77419866\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-04T00:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"65048fd9-87b9-4d11-9570-f3ea77419866\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"108\",\r\n \"source IPs\": \"45.170.220.47,123.206.22.203,183.89.68.95\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T01:00:24.1988577Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506431999999999_a8a29940-e0bd-4742-95cc-c6d01e1afe48\",\r\n \"name\": \"2518506431999999999_a8a29940-e0bd-4742-95cc-c6d01e1afe48\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"APPLICATION-ATTACK-SQLI\",\r\n \"alertName\": \"APPLICATION-ATTACK-SQLI\",\r\n \"detectedTimeUtc\": \"2019-03-04T00:00:00Z\",\r\n \"description\": \"Detail:SQL Injection Attack Matched Data: md5 found within ARGS:h: die(@md5(M4rch));\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"a8a29940-e0bd-4742-95cc-c6d01e1afe48\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"16\",\r\n \"source IPs\": \"123.206.22.203\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T01:00:24.1988577Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506431999999999_b41572ea-083b-4743-ab2f-f653b504c3c3\",\r\n \"name\": \"2518506431999999999_b41572ea-083b-4743-ab2f-f653b504c3c3\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-04T00:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 5)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"b41572ea-083b-4743-ab2f-f653b504c3c3\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"41\",\r\n \"source IPs\": \"123.206.22.203\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T01:00:24.1988577Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506431999999999_b463a506-46aa-4a9d-8468-40e2ed74fae2\",\r\n \"name\": \"2518506431999999999_b463a506-46aa-4a9d-8468-40e2ed74fae2\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"APPLICATION-ATTACK-SQLI\",\r\n \"alertName\": \"APPLICATION-ATTACK-SQLI\",\r\n \"detectedTimeUtc\": \"2019-03-04T00:00:00Z\",\r\n \"description\": \"Detail:SQL Injection Attack Matched Data: md5 found within ARGS:h: die(@md5(M4rch));\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"b463a506-46aa-4a9d-8468-40e2ed74fae2\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"24\",\r\n \"source IPs\": \"123.206.22.203\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T01:00:23.6287102Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506431999999999_da18a55d-358d-499b-97e2-d4a9169d6d79\",\r\n \"name\": \"2518506431999999999_da18a55d-358d-499b-97e2-d4a9169d6d79\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-04T00:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 12)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"da18a55d-358d-499b-97e2-d4a9169d6d79\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"43\",\r\n \"source IPs\": \"123.206.22.203\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T01:00:24.1988577Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506431999999999_e188c598-6c5a-4b88-b062-53a84c8e5866\",\r\n \"name\": \"2518506431999999999_e188c598-6c5a-4b88-b062-53a84c8e5866\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-04T00:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"e188c598-6c5a-4b88-b062-53a84c8e5866\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"98\",\r\n \"source IPs\": \"123.206.22.203\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T01:00:24.1988577Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506431999999999_f3759b4d-98d9-4133-820f-c53404075381\",\r\n \"name\": \"2518506431999999999_f3759b4d-98d9-4133-820f-c53404075381\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"APPLICATION-ATTACK-LFI\",\r\n \"alertName\": \"APPLICATION-ATTACK-LFI\",\r\n \"detectedTimeUtc\": \"2019-03-04T00:00:00Z\",\r\n \"description\": \"Detail:Restricted File Access Attempt Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"f3759b4d-98d9-4133-820f-c53404075381\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"123.206.22.203\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T01:00:24.1988577Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506467999999999_e16ffb83-a733-495b-b767-56079cca194b\",\r\n \"name\": \"2518506467999999999_e16ffb83-a733-495b-b767-56079cca194b\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T23:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"e16ffb83-a733-495b-b767-56079cca194b\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"37.57.97.61\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-04T00:00:05.2118352Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506539999999999_96264969-2f25-4495-8e4a-26d705da8fa9\",\r\n \"name\": \"2518506539999999999_96264969-2f25-4495-8e4a-26d705da8fa9\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-03T21:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with scripting/generic HTTP client Matched Data: python-requests found within REQUEST_HEADERS:User-Agent: python-requests/2.6.0 CPython/2.7.5 Linux/3.10.0-957.1.3.el7.x86_64\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"96264969-2f25-4495-8e4a-26d705da8fa9\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T22:00:34.1747263Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506539999999999_dd92cb6e-f129-4405-9e18-11fa5c1252c2\",\r\n \"name\": \"2518506539999999999_dd92cb6e-f129-4405-9e18-11fa5c1252c2\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T21:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 8)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"dd92cb6e-f129-4405-9e18-11fa5c1252c2\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T22:00:33.6975993Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506539999999999_ecdf89d6-b2a2-4d32-9e16-f7cd67984891\",\r\n \"name\": \"2518506539999999999_ecdf89d6-b2a2-4d32-9e16-f7cd67984891\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T21:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"ecdf89d6-b2a2-4d32-9e16-f7cd67984891\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"41.50.83.103,176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T22:00:34.1747263Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506575999999999_5aee1028-31b6-4d35-93cc-569793a2d3a2\",\r\n \"name\": \"2518506575999999999_5aee1028-31b6-4d35-93cc-569793a2d3a2\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T20:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"5aee1028-31b6-4d35-93cc-569793a2d3a2\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"181.166.19.204\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T21:00:19.3291561Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506611999999999_3c7cfa09-e213-4490-ba8d-a11b72b6d000\",\r\n \"name\": \"2518506611999999999_3c7cfa09-e213-4490-ba8d-a11b72b6d000\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T19:00:00Z\",\r\n \"description\": \"Detail:Request Missing a Host Header\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"3c7cfa09-e213-4490-ba8d-a11b72b6d000\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"178.73.215.171\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T20:00:05.4039046Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506611999999999_af8a5586-7eae-4aba-bb14-5a0d9f18bb97\",\r\n \"name\": \"2518506611999999999_af8a5586-7eae-4aba-bb14-5a0d9f18bb97\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T19:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"af8a5586-7eae-4aba-bb14-5a0d9f18bb97\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"39.96.43.158,200.207.20.30\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T20:00:05.4039046Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506611999999999_ea4eb36f-4b5c-4b3d-a52e-b06a0a8634ac\",\r\n \"name\": \"2518506611999999999_ea4eb36f-4b5c-4b3d-a52e-b06a0a8634ac\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T19:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 5)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"ea4eb36f-4b5c-4b3d-a52e-b06a0a8634ac\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"178.73.215.171\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T20:00:04.9007841Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506647999999999_2049cf22-f78e-45c4-8c8d-620175ea9b67\",\r\n \"name\": \"2518506647999999999_2049cf22-f78e-45c4-8c8d-620175ea9b67\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"APPLICATION-ATTACK-SQLI\",\r\n \"alertName\": \"APPLICATION-ATTACK-SQLI\",\r\n \"detectedTimeUtc\": \"2019-03-03T18:00:00Z\",\r\n \"description\": \"Detail:SQL Injection Attack: SQL Tautology Detected. Matched Data: methodName>system found within ARGS_NAMES: system.listMethods : system.listMethods \",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"2049cf22-f78e-45c4-8c8d-620175ea9b67\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"52.183.58.122\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T19:00:51.2707099Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506647999999999_5dd2d179-737e-47de-a37d-c6b6731c149a\",\r\n \"name\": \"2518506647999999999_5dd2d179-737e-47de-a37d-c6b6731c149a\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-03T18:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with security scanner Matched Data: nmap scripting engine found within REQUEST_HEADERS:User-Agent: Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"5dd2d179-737e-47de-a37d-c6b6731c149a\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"16\",\r\n \"source IPs\": \"52.183.58.122\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T19:00:51.2707099Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506647999999999_7bc4f2d4-49d2-4e83-801e-18e5f7288546\",\r\n \"name\": \"2518506647999999999_7bc4f2d4-49d2-4e83-801e-18e5f7288546\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T18:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 5)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"7bc4f2d4-49d2-4e83-801e-18e5f7288546\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"17\",\r\n \"source IPs\": \"52.183.58.122\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T19:00:51.2707099Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506647999999999_7db374f1-b737-40f9-9801-427d6ded6631\",\r\n \"name\": \"2518506647999999999_7db374f1-b737-40f9-9801-427d6ded6631\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T18:00:00Z\",\r\n \"description\": \"Detail:Request Missing a Host Header\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"7db374f1-b737-40f9-9801-427d6ded6631\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"29\",\r\n \"source IPs\": \"52.183.58.122\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T19:00:51.2707099Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506647999999999_7fdd74ca-ecdc-47c7-8ede-237604683d32\",\r\n \"name\": \"2518506647999999999_7fdd74ca-ecdc-47c7-8ede-237604683d32\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T18:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 10)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"7fdd74ca-ecdc-47c7-8ede-237604683d32\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"18\",\r\n \"source IPs\": \"52.183.58.122\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T19:00:51.2707099Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506647999999999_8a49395c-6a4a-44c1-ada6-5d9e25ad2cb4\",\r\n \"name\": \"2518506647999999999_8a49395c-6a4a-44c1-ada6-5d9e25ad2cb4\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-03T18:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with security scanner Matched Data: nmap scripting engine found within REQUEST_HEADERS:User-Agent: Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"8a49395c-6a4a-44c1-ada6-5d9e25ad2cb4\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"16\",\r\n \"source IPs\": \"52.183.58.122\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T19:00:51.2707099Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506647999999999_9aa674cd-3d5a-44d0-ae78-26bb404bb9cd\",\r\n \"name\": \"2518506647999999999_9aa674cd-3d5a-44d0-ae78-26bb404bb9cd\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"APPLICATION-ATTACK-LFI\",\r\n \"alertName\": \"APPLICATION-ATTACK-LFI\",\r\n \"detectedTimeUtc\": \"2019-03-03T18:00:00Z\",\r\n \"description\": \"Detail:Restricted File Access Attempt Matched Data: /.git/ found within REQUEST_FILENAME: /.git/HEAD\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"9aa674cd-3d5a-44d0-ae78-26bb404bb9cd\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"52.183.58.122\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T19:00:50.6994998Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506647999999999_a1d6f3b7-f990-4f60-aa51-f9dedb286a93\",\r\n \"name\": \"2518506647999999999_a1d6f3b7-f990-4f60-aa51-f9dedb286a93\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"METHOD-ENFORCEMENT\",\r\n \"alertName\": \"METHOD-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T18:00:00Z\",\r\n \"description\": \"Detail:Method is not allowed by policy PROPFIND\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"a1d6f3b7-f990-4f60-aa51-f9dedb286a93\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"4\",\r\n \"source IPs\": \"52.183.58.122\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T19:00:51.2707099Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506647999999999_e88f0966-faba-4c11-806c-1dd3d0f02349\",\r\n \"name\": \"2518506647999999999_e88f0966-faba-4c11-806c-1dd3d0f02349\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T18:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"e88f0966-faba-4c11-806c-1dd3d0f02349\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"30\",\r\n \"source IPs\": \"52.183.58.122\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T19:00:51.2707099Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506683999999999_3ffd1f5a-8a43-42dd-950f-94a708c4eccf\",\r\n \"name\": \"2518506683999999999_3ffd1f5a-8a43-42dd-950f-94a708c4eccf\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-03T17:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with scripting/generic HTTP client Matched Data: Python-urllib found within REQUEST_HEADERS:User-Agent: Python-urllib/2.7\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"3ffd1f5a-8a43-42dd-950f-94a708c4eccf\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"5.189.188.237\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T18:00:33.544093Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506683999999999_45daf153-e9c2-4943-aa00-60a4d57dfe57\",\r\n \"name\": \"2518506683999999999_45daf153-e9c2-4943-aa00-60a4d57dfe57\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T17:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 5)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"45daf153-e9c2-4943-aa00-60a4d57dfe57\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"185\",\r\n \"source IPs\": \"153.37.197.94\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T18:00:34.0159991Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506683999999999_5f021722-537d-490c-bdfd-ac6fc510da5c\",\r\n \"name\": \"2518506683999999999_5f021722-537d-490c-bdfd-ac6fc510da5c\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T17:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"5f021722-537d-490c-bdfd-ac6fc510da5c\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"241\",\r\n \"source IPs\": \"153.37.197.94\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T18:00:34.0159991Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506683999999999_6a5df300-a1b4-4403-a419-eb6688efdf7b\",\r\n \"name\": \"2518506683999999999_6a5df300-a1b4-4403-a419-eb6688efdf7b\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"APPLICATION-ATTACK-SQLI\",\r\n \"alertName\": \"APPLICATION-ATTACK-SQLI\",\r\n \"detectedTimeUtc\": \"2019-03-03T17:00:00Z\",\r\n \"description\": \"Detail:SQL Injection Attack Matched Data: md5 found within ARGS:h: die(@md5(M4rch));\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"6a5df300-a1b4-4403-a419-eb6688efdf7b\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"258\",\r\n \"source IPs\": \"153.37.197.94\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T18:00:34.0159991Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506683999999999_874c6ebd-1e67-4774-a5ce-0d731c1c27db\",\r\n \"name\": \"2518506683999999999_874c6ebd-1e67-4774-a5ce-0d731c1c27db\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T17:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 12)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"874c6ebd-1e67-4774-a5ce-0d731c1c27db\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"187\",\r\n \"source IPs\": \"153.37.197.94,5.189.188.237\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T18:00:34.0159991Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506683999999999_96f96063-0f51-4b5a-8548-a58f55a126bb\",\r\n \"name\": \"2518506683999999999_96f96063-0f51-4b5a-8548-a58f55a126bb\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"APPLICATION-ATTACK-LFI\",\r\n \"alertName\": \"APPLICATION-ATTACK-LFI\",\r\n \"detectedTimeUtc\": \"2019-03-03T17:00:00Z\",\r\n \"description\": \"Detail:Restricted File Access Attempt Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"96f96063-0f51-4b5a-8548-a58f55a126bb\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"153.37.197.94\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T18:00:34.0159991Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506683999999999_a1fd9cb6-278c-4fa8-8378-b88d15b68e37\",\r\n \"name\": \"2518506683999999999_a1fd9cb6-278c-4fa8-8378-b88d15b68e37\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"APPLICATION-ATTACK-SQLI\",\r\n \"alertName\": \"APPLICATION-ATTACK-SQLI\",\r\n \"detectedTimeUtc\": \"2019-03-03T17:00:00Z\",\r\n \"description\": \"Detail:SQL Injection Attack Matched Data: md5 found within ARGS:h: die(@md5(M4rch));\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"a1fd9cb6-278c-4fa8-8378-b88d15b68e37\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"242\",\r\n \"source IPs\": \"153.37.197.94\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T18:00:34.0159991Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506683999999999_e4985ba6-3474-4f25-8d0e-0d29bb6b38c9\",\r\n \"name\": \"2518506683999999999_e4985ba6-3474-4f25-8d0e-0d29bb6b38c9\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T17:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"e4985ba6-3474-4f25-8d0e-0d29bb6b38c9\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"254\",\r\n \"source IPs\": \"143.255.242.186,153.37.197.94,5.189.188.237\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T18:00:34.0159991Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506683999999999_e6988005-220a-4136-82fd-14ef12b4ddf1\",\r\n \"name\": \"2518506683999999999_e6988005-220a-4136-82fd-14ef12b4ddf1\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"METHOD-ENFORCEMENT\",\r\n \"alertName\": \"METHOD-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T17:00:00Z\",\r\n \"description\": \"Detail:Method is not allowed by policy PROPFIND\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"e6988005-220a-4136-82fd-14ef12b4ddf1\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"153.37.197.94\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T18:00:34.0159991Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506719999999999_13a28970-6f30-4c49-8db1-bbeb8c53f358\",\r\n \"name\": \"2518506719999999999_13a28970-6f30-4c49-8db1-bbeb8c53f358\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-03T16:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with scripting/generic HTTP client Matched Data: python-requests found within REQUEST_HEADERS:User-Agent: python-requests/2.6.0 CPython/2.7.5 Linux/3.10.0-957.1.3.el7.x86_64\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"13a28970-6f30-4c49-8db1-bbeb8c53f358\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T17:00:20.7167821Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506719999999999_3dd7d880-0612-484b-9352-47cbe5e955c0\",\r\n \"name\": \"2518506719999999999_3dd7d880-0612-484b-9352-47cbe5e955c0\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T16:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"3dd7d880-0612-484b-9352-47cbe5e955c0\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"4\",\r\n \"source IPs\": \"151.14.49.82,106.12.205.48,176.32.33.80,27.112.69.69\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T17:00:20.7167821Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506719999999999_45ad41ef-a52a-4383-b5a0-cf77d0f52769\",\r\n \"name\": \"2518506719999999999_45ad41ef-a52a-4383-b5a0-cf77d0f52769\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T16:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 8)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"45ad41ef-a52a-4383-b5a0-cf77d0f52769\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T17:00:20.7167821Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506755999999999_08c7bb21-5ce6-4a29-8559-e0f681637727\",\r\n \"name\": \"2518506755999999999_08c7bb21-5ce6-4a29-8559-e0f681637727\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T15:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"08c7bb21-5ce6-4a29-8559-e0f681637727\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"112.109.90.7\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T16:00:13.9856128Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506791999999999_a4f72ed5-04a4-4396-a55f-6c1e53f5de88\",\r\n \"name\": \"2518506791999999999_a4f72ed5-04a4-4396-a55f-6c1e53f5de88\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T14:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"a4f72ed5-04a4-4396-a55f-6c1e53f5de88\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"191.19.156.211\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T15:00:53.1284306Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506791999999999_d7624e51-e813-4e82-9d24-b0c7d1ee54a2\",\r\n \"name\": \"2518506791999999999_d7624e51-e813-4e82-9d24-b0c7d1ee54a2\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T14:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"d7624e51-e813-4e82-9d24-b0c7d1ee54a2\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"191.19.156.211\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T15:00:53.5907512Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506827999999999_5d48c911-b79f-4a9c-adf7-b1f7b542e139\",\r\n \"name\": \"2518506827999999999_5d48c911-b79f-4a9c-adf7-b1f7b542e139\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T13:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"5d48c911-b79f-4a9c-adf7-b1f7b542e139\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"47.44.40.236\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T14:00:40.9369659Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506827999999999_6705b59f-aa53-4b22-a799-0ec168f16554\",\r\n \"name\": \"2518506827999999999_6705b59f-aa53-4b22-a799-0ec168f16554\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T13:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 5)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"6705b59f-aa53-4b22-a799-0ec168f16554\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"86.101.76.223\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T14:00:41.4313385Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506827999999999_8ef4d78a-8e10-42c2-809c-b06a1dbac6ff\",\r\n \"name\": \"2518506827999999999_8ef4d78a-8e10-42c2-809c-b06a1dbac6ff\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T13:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"8ef4d78a-8e10-42c2-809c-b06a1dbac6ff\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"3\",\r\n \"source IPs\": \"86.101.76.223,37.112.145.247\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T14:00:41.4313385Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506863999999999_0a57514d-bfbb-40de-945f-edab4061fa9f\",\r\n \"name\": \"2518506863999999999_0a57514d-bfbb-40de-945f-edab4061fa9f\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-03T12:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with scripting/generic HTTP client Matched Data: python-requests found within REQUEST_HEADERS:User-Agent: python-requests/2.6.0 CPython/2.7.5 Linux/3.10.0-957.1.3.el7.x86_64\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"0a57514d-bfbb-40de-945f-edab4061fa9f\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T13:00:27.4966084Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506863999999999_2aec0c06-933a-4981-bd34-59809b81bdcf\",\r\n \"name\": \"2518506863999999999_2aec0c06-933a-4981-bd34-59809b81bdcf\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T12:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"2aec0c06-933a-4981-bd34-59809b81bdcf\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"3\",\r\n \"source IPs\": \"139.162.106.181,176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T13:00:27.9629747Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506863999999999_3906c573-8bb4-47b5-922d-3a93dacb999a\",\r\n \"name\": \"2518506863999999999_3906c573-8bb4-47b5-922d-3a93dacb999a\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T12:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 5)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"3906c573-8bb4-47b5-922d-3a93dacb999a\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"139.162.106.181,176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T13:00:27.9629747Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506863999999999_ccc614e5-38e9-4794-a4a7-b084779313b2\",\r\n \"name\": \"2518506863999999999_ccc614e5-38e9-4794-a4a7-b084779313b2\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T12:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"ccc614e5-38e9-4794-a4a7-b084779313b2\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"189.79.106.13,175.106.10.226\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T13:00:27.9629747Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506899999999999_0628b610-6b29-45ec-a08c-2561f6201681\",\r\n \"name\": \"2518506899999999999_0628b610-6b29-45ec-a08c-2561f6201681\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T11:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"0628b610-6b29-45ec-a08c-2561f6201681\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"4\",\r\n \"source IPs\": \"170.233.47.249,149.71.160.254,125.64.94.200\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T12:00:05.3305889Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506899999999999_7008ba75-4cc8-4291-93bc-ea17eba8f37c\",\r\n \"name\": \"2518506899999999999_7008ba75-4cc8-4291-93bc-ea17eba8f37c\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T11:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 5)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"7008ba75-4cc8-4291-93bc-ea17eba8f37c\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"125.64.94.200\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T12:00:04.8798965Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506935999999999_6f663a4f-982b-4818-8ef1-f87730e40dcc\",\r\n \"name\": \"2518506935999999999_6f663a4f-982b-4818-8ef1-f87730e40dcc\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T10:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"6f663a4f-982b-4818-8ef1-f87730e40dcc\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"177.190.65.151\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T11:00:50.1566901Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506971999999999_205da57b-4636-44f8-894e-3a78c60e78be\",\r\n \"name\": \"2518506971999999999_205da57b-4636-44f8-894e-3a78c60e78be\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-03T09:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with security scanner Matched Data: zmeu found within REQUEST_HEADERS:User-Agent: ZmEu\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"205da57b-4636-44f8-894e-3a78c60e78be\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"5\",\r\n \"source IPs\": \"202.111.175.134\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T10:00:37.6036112Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506971999999999_36d74c57-219a-48dd-9d85-8edf5dad9605\",\r\n \"name\": \"2518506971999999999_36d74c57-219a-48dd-9d85-8edf5dad9605\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T09:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 8)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"36d74c57-219a-48dd-9d85-8edf5dad9605\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"3\",\r\n \"source IPs\": \"176.32.33.80,202.111.175.134\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T10:00:37.6036112Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506971999999999_51794aa7-6274-4156-b321-a8404ec2c8a1\",\r\n \"name\": \"2518506971999999999_51794aa7-6274-4156-b321-a8404ec2c8a1\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T09:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 13)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"51794aa7-6274-4156-b321-a8404ec2c8a1\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"4\",\r\n \"source IPs\": \"202.111.175.134\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T10:00:36.6754928Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506971999999999_8fd280c9-d229-4ab0-b7c2-a1e6ed13d475\",\r\n \"name\": \"2518506971999999999_8fd280c9-d229-4ab0-b7c2-a1e6ed13d475\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T09:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"8fd280c9-d229-4ab0-b7c2-a1e6ed13d475\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"4\",\r\n \"source IPs\": \"202.111.175.134\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T10:00:37.6036112Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506971999999999_c5f9f5ef-e626-494f-af62-296e9a3aae90\",\r\n \"name\": \"2518506971999999999_c5f9f5ef-e626-494f-af62-296e9a3aae90\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T09:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"c5f9f5ef-e626-494f-af62-296e9a3aae90\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"3\",\r\n \"source IPs\": \"176.32.33.80,202.111.175.134\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T10:00:37.6036112Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518506971999999999_f2c8d1c4-1673-484b-a6dd-83ba0f631030\",\r\n \"name\": \"2518506971999999999_f2c8d1c4-1673-484b-a6dd-83ba0f631030\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-03T09:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with scripting/generic HTTP client Matched Data: python-requests found within REQUEST_HEADERS:User-Agent: python-requests/2.6.0 CPython/2.7.5 Linux/3.10.0-957.1.3.el7.x86_64\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"f2c8d1c4-1673-484b-a6dd-83ba0f631030\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"3\",\r\n \"source IPs\": \"176.32.33.80,202.111.175.134\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T10:00:37.6036112Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507007999999999_d08f4e21-7e7a-4f55-8d05-c262b6ea7296\",\r\n \"name\": \"2518507007999999999_d08f4e21-7e7a-4f55-8d05-c262b6ea7296\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T08:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"d08f4e21-7e7a-4f55-8d05-c262b6ea7296\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"200.170.107.213\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T09:00:23.6177593Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507043999999999_4113b94b-e345-435c-9860-319263f7dd62\",\r\n \"name\": \"2518507043999999999_4113b94b-e345-435c-9860-319263f7dd62\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T07:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"4113b94b-e345-435c-9860-319263f7dd62\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"3\",\r\n \"source IPs\": \"185.53.88.120,177.95.121.11\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T08:00:08.812839Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507043999999999_61e42d8a-87ae-4aad-909c-c68cf39040d4\",\r\n \"name\": \"2518507043999999999_61e42d8a-87ae-4aad-909c-c68cf39040d4\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T07:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 5)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"61e42d8a-87ae-4aad-909c-c68cf39040d4\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"185.53.88.120\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T08:00:08.812839Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507043999999999_61fd9c97-c980-48c2-b39a-defed87af2a2\",\r\n \"name\": \"2518507043999999999_61fd9c97-c980-48c2-b39a-defed87af2a2\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T07:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"61fd9c97-c980-48c2-b39a-defed87af2a2\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"189.211.124.220\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T08:00:08.812839Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507079999999999_1b89d7cb-b586-4a38-ad61-75bbaebf2170\",\r\n \"name\": \"2518507079999999999_1b89d7cb-b586-4a38-ad61-75bbaebf2170\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-03T06:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with security scanner Matched Data: masscan found within REQUEST_HEADERS:User-Agent: masscan/1.0 (https://github.com/robertdavidgraham/masscan)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"1b89d7cb-b586-4a38-ad61-75bbaebf2170\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"185.165.169.28\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T07:00:54.0188006Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507079999999999_c2c1230a-f1d5-4fe1-9aa3-0a77e7299186\",\r\n \"name\": \"2518507079999999999_c2c1230a-f1d5-4fe1-9aa3-0a77e7299186\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T06:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 8)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"c2c1230a-f1d5-4fe1-9aa3-0a77e7299186\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"185.165.169.28\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T07:00:53.5777047Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507079999999999_eac52c76-659b-498e-91f5-525511b48ded\",\r\n \"name\": \"2518507079999999999_eac52c76-659b-498e-91f5-525511b48ded\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T06:00:00Z\",\r\n \"description\": \"Detail:Request Missing a Host Header\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"eac52c76-659b-498e-91f5-525511b48ded\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"185.165.169.28\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T07:00:54.0188006Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507115999999999_3f4c572d-c6c7-440c-84e7-7a3f4cd866af\",\r\n \"name\": \"2518507115999999999_3f4c572d-c6c7-440c-84e7-7a3f4cd866af\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T05:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"3f4c572d-c6c7-440c-84e7-7a3f4cd866af\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"191.19.210.54\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T06:00:38.331985Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507115999999999_537e6f2f-d393-4cdf-a530-3255b9cc34c9\",\r\n \"name\": \"2518507115999999999_537e6f2f-d393-4cdf-a530-3255b9cc34c9\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T05:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 8)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"537e6f2f-d393-4cdf-a530-3255b9cc34c9\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"176.32.33.80,106.75.63.218\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T06:00:38.8618086Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507115999999999_b291073d-47ad-4563-b5be-d3cc4955e3db\",\r\n \"name\": \"2518507115999999999_b291073d-47ad-4563-b5be-d3cc4955e3db\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-03T05:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with scripting/generic HTTP client Matched Data: python-requests found within REQUEST_HEADERS:User-Agent: python-requests/2.6.0 CPython/2.7.5 Linux/3.10.0-957.1.3.el7.x86_64\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"b291073d-47ad-4563-b5be-d3cc4955e3db\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"176.32.33.80\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T06:00:38.8618086Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507115999999999_c9b1c4e8-589e-4c7e-945f-ef107e422d0e\",\r\n \"name\": \"2518507115999999999_c9b1c4e8-589e-4c7e-945f-ef107e422d0e\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T05:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"c9b1c4e8-589e-4c7e-945f-ef107e422d0e\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"3\",\r\n \"source IPs\": \"176.32.33.80,106.75.63.218\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T06:00:38.8618086Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507151999999999_395b050b-039c-42ac-84eb-93d3e7faea3e\",\r\n \"name\": \"2518507151999999999_395b050b-039c-42ac-84eb-93d3e7faea3e\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T04:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"395b050b-039c-42ac-84eb-93d3e7faea3e\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"82.227.32.4\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T05:00:24.7267003Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507151999999999_6db5bd58-9d70-42c8-b0c1-723f6cd5b8e7\",\r\n \"name\": \"2518507151999999999_6db5bd58-9d70-42c8-b0c1-723f6cd5b8e7\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T04:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 5)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"6db5bd58-9d70-42c8-b0c1-723f6cd5b8e7\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"82.227.32.4\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T05:00:24.2392146Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507223999999999_ee9ccd4a-9ffe-4674-93a3-8dce991f38ab\",\r\n \"name\": \"2518507223999999999_ee9ccd4a-9ffe-4674-93a3-8dce991f38ab\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T02:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"ee9ccd4a-9ffe-4674-93a3-8dce991f38ab\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"3\",\r\n \"source IPs\": \"46.201.249.7,91.192.33.145,95.133.40.164\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T03:00:56.5825657Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507295999999999_4fe4d5bf-6672-490d-b840-051c7f68b697\",\r\n \"name\": \"2518507295999999999_4fe4d5bf-6672-490d-b840-051c7f68b697\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"BLOCKING-EVALUATION\",\r\n \"alertName\": \"BLOCKING-EVALUATION\",\r\n \"detectedTimeUtc\": \"2019-03-03T00:00:00Z\",\r\n \"description\": \"Detail:Mandatory rule. Cannot be disabled. Inbound Anomaly Score Exceeded (Total Score: 5)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"4fe4d5bf-6672-490d-b840-051c7f68b697\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"61.62.156.174\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T01:00:28.5948373Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507295999999999_863f36fb-20ad-45d2-9063-2a07be7f4d5f\",\r\n \"name\": \"2518507295999999999_863f36fb-20ad-45d2-9063-2a07be7f4d5f\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-03T00:00:00Z\",\r\n \"description\": \"Detail:Request Missing a Host Header\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"863f36fb-20ad-45d2-9063-2a07be7f4d5f\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"61.62.156.174\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T01:00:29.0871558Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507331999999999_3462bbf4-9200-4fdc-871c-01f2eb234c84\",\r\n \"name\": \"2518507331999999999_3462bbf4-9200-4fdc-871c-01f2eb234c84\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-02T23:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117:80\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"3462bbf4-9200-4fdc-871c-01f2eb234c84\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"3\",\r\n \"source IPs\": \"179.110.96.144,95.85.11.140,185.219.135.195\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T00:00:16.354891Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507331999999999_99ba6c6b-501a-41df-a80a-d3c5fddff4e1\",\r\n \"name\": \"2518507331999999999_99ba6c6b-501a-41df-a80a-d3c5fddff4e1\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-02T23:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"99ba6c6b-501a-41df-a80a-d3c5fddff4e1\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"1\",\r\n \"source IPs\": \"185.219.135.195\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-03T00:00:15.8819814Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507403999999999_7f0e0ee0-50f0-4f6d-87f6-3a386629e3ee\",\r\n \"name\": \"2518507403999999999_7f0e0ee0-50f0-4f6d-87f6-3a386629e3ee\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-02T21:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.4\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"7f0e0ee0-50f0-4f6d-87f6-3a386629e3ee\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"1.245.46.34,200.207.141.250\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-02T22:00:38.1461713Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507403999999999_b8d1e867-333f-4776-bfb1-23dc9d0f3883\",\r\n \"name\": \"2518507403999999999_b8d1e867-333f-4776-bfb1-23dc9d0f3883\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"alertName\": \"PROTOCOL-ENFORCEMENT\",\r\n \"detectedTimeUtc\": \"2019-03-02T21:00:00Z\",\r\n \"description\": \"Detail:Host header is a numeric IP address 13.69.131.117\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"10.1.0.5\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"b8d1e867-333f-4776-bfb1-23dc9d0f3883\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"2\",\r\n \"source IPs\": \"42.51.32.9,200.207.141.250\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-02T22:00:38.6594318Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507439999999999_1b54ab81-5ca3-4ea0-a706-38112361afaa\",\r\n \"name\": \"2518507439999999999_1b54ab81-5ca3-4ea0-a706-38112361afaa\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-02T20:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with security scanner Matched Data: nmap scripting engine found within REQUEST_HEADERS:User-Agent: Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"bc09060f-3280-4734-a595-310679b63b8f.cloudapp.net\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"1b54ab81-5ca3-4ea0-a706-38112361afaa\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"16\",\r\n \"source IPs\": \"52.183.32.182\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-02T21:00:26.0576367Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n },\r\n {\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/westeurope/alerts/2518507439999999999_3e947bdc-233d-4de1-8031-2038a4d74620\",\r\n \"name\": \"2518507439999999999_3e947bdc-233d-4de1-8031-2038a4d74620\",\r\n \"type\": \"Microsoft.Security/Locations/alerts\",\r\n \"properties\": {\r\n \"systemSource\": \"Azure\",\r\n \"vendorName\": \"Microsoft WAF\",\r\n \"alertDisplayName\": \"SCANNER-DETECTION\",\r\n \"alertName\": \"SCANNER-DETECTION\",\r\n \"detectedTimeUtc\": \"2019-03-02T20:00:00Z\",\r\n \"description\": \"Detail:Found User-Agent associated with security scanner Matched Data: nmap scripting engine found within REQUEST_HEADERS:User-Agent: Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)\",\r\n \"remediationSteps\": \"\",\r\n \"actionTaken\": \"Detected\",\r\n \"reportedSeverity\": \"Medium\",\r\n \"compromisedEntity\": \"bc09060f-3280-4734-a595-310679b63b8f.cloudapp.net\",\r\n \"associatedResource\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF\",\r\n \"subscriptionId\": \"487bb485-b5b0-471e-9c0d-10717612f869\",\r\n \"instanceId\": \"3e947bdc-233d-4de1-8031-2038a4d74620\",\r\n \"extendedProperties\": {\r\n \"hit Count\": \"17\",\r\n \"source IPs\": \"52.183.32.182\",\r\n \"management URL\": \"https://portal.azure.com#resource/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Network/applicationGateways/ContosoWAF/overview\",\r\n \"resourceType\": \"Networking\"\r\n },\r\n \"state\": \"Active\",\r\n \"reportedTimeUtc\": \"2019-03-02T21:00:26.0576367Z\",\r\n \"workspaceArmId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourcegroups/defaultresourcegroup-eus/providers/microsoft.operationalinsights/workspaces/defaultworkspace-487bb485-b5b0-471e-9c0d-10717612f869-eus\",\r\n \"confidenceReasons\": [],\r\n \"canBeInvestigated\": true,\r\n \"isIncident\": false,\r\n \"entities\": []\r\n }\r\n }\r\n ],\r\n \"nextLink\": \"https://management.azure.com/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/providers/Microsoft.Security/alerts?api-version=2019-01-01&%24skiptoken=TY%2fLbqMwAEX%2fhcXsCDYBEkeqRmpqmKQFUmMbys482jjhNdhpIFX%2ffTLSLEa6u3N1ru6X0dWTfpHdWRmbLyPFCcWMxAdsbIyj1oPaWFYrOvFRt3WnF%2bJ2GetF2bcbx1la6lKocpSDln2nLGe9Kgpn7ZqFWwDTWcHaRCWoTAhWcOVB%2b33tIWsY%2b09Z1aOyQlmOverf9SKpy8so9WyJph61%2bikGaX7eK3frgw0gMgG854c6y4H257p7qOd9nGdHwAJ%2froIGiBRdEpu7u1MvwwSDeOvHJChvaQr3IUaYZyQXTT5QFl5D7HqknUIeTL8pq0iFIXulUcSDcKacPBcM4ZQy%2bbL9t9Gi5X%2fuZST9SDTcoYDwCrgey4YDDxSkkIwRQ0zc%2bIGfPmaaDWfxl9N9%2fHrze9pUzwJPjLUwFo0PUk6U4MNT%2bPQYccxA2pB9yNAv1uqI%2b0zv5FXSljuVT45v7dTQ1td5svOKjqtie5X8%2fj23OaABOr1lZChsR8anR2R8f%2f8B\"\r\n}",
"StatusCode": 200
},
{
- "RequestUri": "/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/taklei/providers/Microsoft.Security/locations/westeurope/alerts/2518136982923187680_ef6aa4e6-9c60-4405-8f08-f465e8e50cd2/dismiss?api-version=2019-01-01",
- "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvNDg3YmI0ODUtYjViMC00NzFlLTljMGQtMTA3MTc2MTJmODY5L3Jlc291cmNlR3JvdXBzL3Rha2xlaS9wcm92aWRlcnMvTWljcm9zb2Z0LlNlY3VyaXR5L2xvY2F0aW9ucy93ZXN0ZXVyb3BlL2FsZXJ0cy8yNTE4MTM2OTgyOTIzMTg3NjgwX2VmNmFhNGU2LTljNjAtNDQwNS04ZjA4LWY0NjVlOGU1MGNkMi9kaXNtaXNzP2FwaS12ZXJzaW9uPTIwMTktMDEtMDE=",
+ "RequestUri": "/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/rg/providers/Microsoft.Security/locations/centralus/alerts/2518532788749999999_66276b36-db2a-4b2c-84ad-9676fe753a01/dismiss?api-version=2019-01-01",
+ "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvNDg3YmI0ODUtYjViMC00NzFlLTljMGQtMTA3MTc2MTJmODY5L3Jlc291cmNlR3JvdXBzL3JnL3Byb3ZpZGVycy9NaWNyb3NvZnQuU2VjdXJpdHkvbG9jYXRpb25zL2NlbnRyYWx1cy9hbGVydHMvMjUxODUzMjc4ODc0OTk5OTk5OV82NjI3NmIzNi1kYjJhLTRiMmMtODRhZC05Njc2ZmU3NTNhMDEvZGlzbWlzcz9hcGktdmVyc2lvbj0yMDE5LTAxLTAx",
"RequestMethod": "POST",
"RequestBody": "",
"RequestHeaders": {
diff --git a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/TopologyTests/Topology_Get.json b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/TopologyTests/Topology_Get.json
new file mode 100644
index 0000000000000..5bf999a956aa4
--- /dev/null
+++ b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/TopologyTests/Topology_Get.json
@@ -0,0 +1,71 @@
+{
+ "Entries": [
+ {
+ "RequestUri": "/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/MyResourceGroup/providers/Microsoft.Security/locations/westcentralus/topologies/virtualNetworks?api-version=2020-01-01",
+ "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvNDg3YmI0ODUtYjViMC00NzFlLTljMGQtMTA3MTc2MTJmODY5L3Jlc291cmNlR3JvdXBzL015UmVzb3VyY2VHcm91cC9wcm92aWRlcnMvTWljcm9zb2Z0LlNlY3VyaXR5L2xvY2F0aW9ucy93ZXN0Y2VudHJhbHVzL3RvcG9sb2dpZXMvdmlydHVhbE5ldHdvcmtzP2FwaS12ZXJzaW9uPTIwMjAtMDEtMDE=",
+ "RequestMethod": "GET",
+ "RequestBody": "",
+ "RequestHeaders": {
+ "x-ms-client-request-id": [
+ "7fde219e-6962-465c-a220-29d076108854"
+ ],
+ "accept-language": [
+ "en-US"
+ ],
+ "User-Agent": [
+ "FxVersion/4.6.26614.01",
+ "OSName/Windows",
+ "OSVersion/Microsoft.Windows.10.0.18363.",
+ "Microsoft.Azure.Management.Security.SecurityCenterClient/1.1.2.0"
+ ]
+ },
+ "ResponseHeaders": {
+ "Cache-Control": [
+ "no-cache"
+ ],
+ "Date": [
+ "Tue, 21 Apr 2020 13:19:46 GMT"
+ ],
+ "Pragma": [
+ "no-cache"
+ ],
+ "Server": [
+ "Microsoft-HTTPAPI/2.0"
+ ],
+ "x-ms-request-id": [
+ "a7d0145a-4cc0-441a-971c-40f362854203"
+ ],
+ "x-ms-ratelimit-remaining-subscription-resource-requests": [
+ "749"
+ ],
+ "x-ms-correlation-request-id": [
+ "b20950e0-91fe-451e-8450-5e85e9472c68"
+ ],
+ "x-ms-routing-request-id": [
+ "GERMANYWESTCENTRAL:20200421T131947Z:b20950e0-91fe-451e-8450-5e85e9472c68"
+ ],
+ "Strict-Transport-Security": [
+ "max-age=31536000; includeSubDomains"
+ ],
+ "X-Content-Type-Options": [
+ "nosniff"
+ ],
+ "Content-Length": [
+ "1241"
+ ],
+ "Content-Type": [
+ "application/json; charset=utf-8"
+ ],
+ "Expires": [
+ "-1"
+ ]
+ },
+ "ResponseBody": "{\r\n \"type\": \"Microsoft.Security/locations/topologies\",\r\n \"properties\": {\r\n \"calculatedDateTime\": \"2020-04-21T13:18:14.3309894Z\",\r\n \"topologyResources\": [\r\n {\r\n \"resourceId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/MyResourceGroup/providers/Microsoft.Network/virtualNetworks/MyVnet\",\r\n \"severity\": \"Healthy\",\r\n \"networkZones\": \"Internal\",\r\n \"recommendationsExist\": false,\r\n \"topologyScore\": 0,\r\n \"location\": \"westus\",\r\n \"children\": [\r\n {\r\n \"resourceId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/MyResourceGroup/providers/Microsoft.Network/virtualNetworks/MyVnet/subnets/MySubnet\"\r\n }\r\n ]\r\n },\r\n {\r\n \"resourceId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/MyResourceGroup/providers/Microsoft.Network/virtualNetworks/MyVnet2\",\r\n \"severity\": \"Healthy\",\r\n \"networkZones\": \"Internal\",\r\n \"recommendationsExist\": false,\r\n \"topologyScore\": 60,\r\n \"location\": \"eastus\",\r\n \"children\": [\r\n {\r\n \"resourceId\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/MyResourceGroup/providers/Microsoft.Network/virtualNetworks/MyVnet2/subnets/default\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/MyResourceGroup/providers/Microsoft.Security/locations/westcentralus/topologies/virtualNetworks\",\r\n \"name\": \"virtualNetworks\",\r\n \"location\": \"westcentralus\"\r\n}",
+ "StatusCode": 200
+ }
+ ],
+ "Names": {},
+ "Variables": {
+ "SubscriptionId": "487bb485-b5b0-471e-9c0d-10717612f869"
+ }
+}
\ No newline at end of file
diff --git a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/TopologyTests/Topology_List.json b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/TopologyTests/Topology_List.json
new file mode 100644
index 0000000000000..a89c4938f65df
--- /dev/null
+++ b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/SessionRecords/TopologyTests/Topology_List.json
@@ -0,0 +1,71 @@
+{
+ "Entries": [
+ {
+ "RequestUri": "/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/providers/Microsoft.Security/topologies?api-version=2020-01-01",
+ "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvNDg3YmI0ODUtYjViMC00NzFlLTljMGQtMTA3MTc2MTJmODY5L3Byb3ZpZGVycy9NaWNyb3NvZnQuU2VjdXJpdHkvdG9wb2xvZ2llcz9hcGktdmVyc2lvbj0yMDIwLTAxLTAx",
+ "RequestMethod": "GET",
+ "RequestBody": "",
+ "RequestHeaders": {
+ "x-ms-client-request-id": [
+ "fc67e0b0-5cc7-4502-9d7f-196861275f50"
+ ],
+ "accept-language": [
+ "en-US"
+ ],
+ "User-Agent": [
+ "FxVersion/4.6.26614.01",
+ "OSName/Windows",
+ "OSVersion/Microsoft.Windows.10.0.18363.",
+ "Microsoft.Azure.Management.Security.SecurityCenterClient/1.1.2.0"
+ ]
+ },
+ "ResponseHeaders": {
+ "Cache-Control": [
+ "no-cache"
+ ],
+ "Date": [
+ "Tue, 21 Apr 2020 13:19:48 GMT"
+ ],
+ "Pragma": [
+ "no-cache"
+ ],
+ "x-ms-original-request-ids": [
+ "",
+ "",
+ "3dd0d0a1-1bf1-47d4-9eec-4f56ca9d2817"
+ ],
+ "x-ms-ratelimit-remaining-subscription-resource-requests": [
+ "749"
+ ],
+ "x-ms-request-id": [
+ "064bf0d4-afc8-4e14-9b89-b41bb1b7b080"
+ ],
+ "x-ms-correlation-request-id": [
+ "064bf0d4-afc8-4e14-9b89-b41bb1b7b080"
+ ],
+ "x-ms-routing-request-id": [
+ "GERMANYWESTCENTRAL:20200421T131948Z:064bf0d4-afc8-4e14-9b89-b41bb1b7b080"
+ ],
+ "Strict-Transport-Security": [
+ "max-age=31536000; includeSubDomains"
+ ],
+ "X-Content-Type-Options": [
+ "nosniff"
+ ],
+ "Content-Length": [
+ "345081"
+ ],
+ "Content-Type": [
+ "application/json; charset=utf-8"
+ ],
+ "Expires": [
+ "-1"
+ ]
+ },
+ "ResponseBody": "{\r\n \"value\": [\r\n {\r\n \"type\": \"Microsoft.Security\/locations\/topologies\",\r\n \"properties\": {\r\n \"calculatedDateTime\": \"2020-04-21T13:18:14.3309894Z\",\r\n \"topologyResources\": [\r\n {\r\n \"resourceId\": \"\/subscriptions\/487bb485-b5b0-471e-9c0d-10717612f869\/resourceGroups\/MyResourceGroup\/providers\/Microsoft.Network\/virtualNetworks\/MyVnet\",\r\n \"severity\": \"Healthy\",\r\n \"networkZones\": \"Internal\",\r\n \"recommendationsExist\": false,\r\n \"topologyScore\": 0,\r\n \"location\": \"westus\",\r\n \"children\": [\r\n {\r\n \"resourceId\": \"\/subscriptions\/487bb485-b5b0-471e-9c0d-10717612f869\/resourceGroups\/MyResourceGroup\/providers\/Microsoft.Network\/virtualNetworks\/MyVnet\/subnets\/MySubnet\"\r\n }\r\n ]\r\n },\r\n {\r\n \"resourceId\": \"\/subscriptions\/487bb485-b5b0-471e-9c0d-10717612f869\/resourceGroups\/MyResourceGroup\/providers\/Microsoft.Network\/virtualNetworks\/MyVnet2\",\r\n \"severity\": \"Healthy\",\r\n \"networkZones\": \"Internal\",\r\n \"recommendationsExist\": false,\r\n \"topologyScore\": 60,\r\n \"location\": \"eastus\",\r\n \"children\": [\r\n {\r\n \"resourceId\": \"\/subscriptions\/487bb485-b5b0-471e-9c0d-10717612f869\/resourceGroups\/MyResourceGroup\/providers\/Microsoft.Network\/virtualNetworks\/MyVnet2\/subnets\/default\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"id\": \"\/subscriptions\/487bb485-b5b0-471e-9c0d-10717612f869\/resourceGroups\/MyResourceGroup\/providers\/Microsoft.Security\/locations\/westcentralus\/topologies\/virtualNetworks\",\r\n \"name\": \"virtualNetworks\",\r\n \"location\": \"westcentralus\"\r\n },\r\n {\r\n \"type\": \"Microsoft.Security\/locations\/topologies\",\r\n \"properties\": {\r\n \"calculatedDateTime\": \"2020-04-21T13:18:14.3309894Z\",\r\n \"topologyResources\": [\r\n {\r\n \"resourceId\": \"\/subscriptions\/487bb485-b5b0-471e-9c0d-10717612f869\/resourceGroups\/MyResourceGroup\/providers\/Microsoft.Network\/virtualNetworks\/MyVnet\/subnets\/MySubnet\",\r\n \"severity\": \"Healthy\",\r\n \"networkZones\": \"Internal\",\r\n \"recommendationsExist\": false,\r\n \"topologyScore\": 0,\r\n \"parents\": [\r\n {\r\n \"resourceId\": \"\/subscriptions\/487bb485-b5b0-471e-9c0d-10717612f869\/resourceGroups\/MyResourceGroup\/providers\/Microsoft.Network\/virtualNetworks\/MyVnet\"\r\n }\r\n ]\r\n },\r\n {\r\n \"resourceId\": \"\/subscriptions\/487bb485-b5b0-471e-9c0d-10717612f869\/resourceGroups\/MyResourceGroup\/providers\/Microsoft.Network\/virtualNetworks\/MyVnet2\/subnets\/default\",\r\n \"severity\": \"High\",\r\n \"networkZones\": \"Internal\",\r\n \"recommendationsExist\": true,\r\n \"topologyScore\": 60,\r\n \"parents\": [\r\n {\r\n \"resourceId\": \"\/subscriptions\/487bb485-b5b0-471e-9c0d-10717612f869\/resourceGroups\/MyResourceGroup\/providers\/Microsoft.Network\/virtualNetworks\/MyVnet2\"\r\n }\r\n ],\r\n \"children\": [\r\n {\r\n \"resourceId\": \"\/subscriptions\/487bb485-b5b0-471e-9c0d-10717612f869\/resourceGroups\/MyResourceGroup\/providers\/Microsoft.Compute\/virtualMachines\/MyVm2\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"id\": \"\/subscriptions\/487bb485-b5b0-471e-9c0d-10717612f869\/resourceGroups\/MyResourceGroup\/providers\/Microsoft.Security\/locations\/westcentralus\/topologies\/subnets\",\r\n \"name\": \"subnets\",\r\n \"location\": \"westcentralus\"\r\n },\r\n {\r\n \"type\": \"Microsoft.Security\/locations\/topologies\",\r\n \"properties\": {\r\n \"calculatedDateTime\": \"2020-04-21T13:18:14.3309894Z\",\r\n \"topologyResources\": [\r\n {\r\n \"resourceId\": \"\/subscriptions\/487bb485-b5b0-471e-9c0d-10717612f869\/resourceGroups\/MyResourceGroup2\/providers\/Microsoft.Network\/virtualNetworks\/MyVnet3\",\r\n \"severity\": \"Healthy\",\r\n \"networkZones\": \"Internal\",\r\n \"recommendationsExist\": false,\r\n \"topologyScore\": 0,\r\n \"location\": \"westus\",\r\n \"children\": [\r\n {\r\n \"resourceId\": \"\/subscriptions\/487bb485-b5b0-471e-9c0d-10717612f869\/resourceGroups\/MyResourceGroup2\/providers\/Microsoft.Network\/virtualNetworks\/MyVnet3\/subnets\/MySubnet3\"\r\n },\r\n {\r\n \"resourceId\": \"\/subscriptions\/487bb485-b5b0-471e-9c0d-10717612f869\/resourceGroups\/MyResourceGroup2\/providers\/Microsoft.Network\/virtualNetworks\/MyVnet3\/subnets\/private-subnet\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"id\": \"\/subscriptions\/487bb485-b5b0-471e-9c0d-10717612f869\/resourceGroups\/MyResourceGroup2\/providers\/Microsoft.Security\/locations\/westcentralus\/topologies\/virtualNetworks\",\r\n \"name\": \"virtualNetworks\",\r\n \"location\": \"westcentralus\"\r\n }\r\n ]\r\n }",
+ "StatusCode": 200
+ }
+ ],
+ "Names": {},
+ "Variables": {}
+}
\ No newline at end of file
diff --git a/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/Topology/TopologyTests.cs b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/Topology/TopologyTests.cs
new file mode 100644
index 0000000000000..dd696b347658f
--- /dev/null
+++ b/sdk/securitycenter/Microsoft.Azure.Management.SecurityCenter/tests/Topology/TopologyTests.cs
@@ -0,0 +1,88 @@
+using System.Net;
+using Microsoft.Azure.Management.Security;
+using Microsoft.Azure.Management.Security.Models;
+using Microsoft.Azure.Test.HttpRecorder;
+using Microsoft.Rest.Azure;
+using Microsoft.Rest.ClientRuntime.Azure.TestFramework;
+using SecurityCenter.Tests.Helpers;
+using Xunit;
+
+namespace SecurityCenter.Tests
+{
+ public class TopologyTests : TestBase
+ {
+ #region Test setup
+
+ public static TestEnvironment TestEnvironment { get; private set; }
+
+ private static SecurityCenterClient GetSecurityCenterClient(MockContext context)
+ {
+ if (TestEnvironment == null && HttpMockServer.Mode == HttpRecorderMode.Record)
+ {
+ TestEnvironment = TestEnvironmentFactory.GetTestEnvironment();
+ }
+
+ var handler = new RecordedDelegatingHandler { StatusCodeToReturn = HttpStatusCode.OK, IsPassThrough = true };
+
+ var securityCenterClient = HttpMockServer.Mode == HttpRecorderMode.Record
+ ? context.GetServiceClient(TestEnvironment, handlers: handler)
+ : context.GetServiceClient(handlers: handler);
+
+ securityCenterClient.AscLocation = "westcentralus";
+
+ return securityCenterClient;
+ }
+
+ #endregion
+
+ #region Topology Tests
+ [Fact]
+ public void Topology_List()
+ {
+ using (var context = MockContext.Start(this.GetType()))
+ {
+ var securityCenterClient = GetSecurityCenterClient(context);
+ var topologiesResources = securityCenterClient.Topology.List();
+ ValidateTopologiesResources(topologiesResources);
+ }
+ }
+
+ [Fact]
+ public void Topology_Get()
+ {
+ using (var context = MockContext.Start(this.GetType()))
+ {
+ var securityCenterClient = GetSecurityCenterClient(context);
+ var topologyResource = securityCenterClient.Topology.Get("MyResourceGroup", "virtualNetworks");
+ ValidateTopologyResource(topologyResource);
+ }
+ }
+
+ #endregion
+
+ #region Validations
+
+ private void ValidateTopologiesResources(IPage topologiesResources)
+ {
+ Assert.True(topologiesResources.IsAny());
+
+ topologiesResources.ForEach(ValidateTopologyResource);
+ }
+
+ private void ValidateTopologyResource(TopologyResource topologyResource)
+ {
+ Assert.NotNull(topologyResource);
+ Assert.NotNull(topologyResource.CalculatedDateTime);
+ topologyResource.TopologyResources?.ForEach(singleTopologyResource =>
+ {
+ Assert.NotNull(singleTopologyResource);
+ Assert.NotNull(singleTopologyResource.ResourceId);
+ Assert.NotNull(singleTopologyResource.RecommendationsExist);
+ Assert.NotNull(singleTopologyResource.TopologyScore);
+ Assert.NotNull(singleTopologyResource.NetworkZones);
+ });
+ }
+
+ #endregion
+ }
+}