Get Alert

{
	"id": "/subscriptions/a303ce4e-302e-471a-8188-4dab418ce9ea/resourceGroups/Sample-RG/providers/Microsoft.Security/locations/centralus/alerts/2517131398922676665_f81f517a-b61e-4c7b-9fc5-82ec0d385de1",
	"name": "2517131398922676665_f81f517a-b61e-4c7b-9fc5-82ec0d385de1",
	"type": "Microsoft.Security/Locations/alerts",
	"properties": {
		"status": "Active",
		"timeGeneratedUtc": "2023-07-12T11:21:50.1666649Z",
		"processingEndTimeUtc": "2023-07-12T11:21:49.7323334Z",
		"version": "2022-01-01.0",
		"vendorName": "Microsoft",
		"productName": "Microsoft Defender for Cloud",
		"productComponentName": "App Service",
		"alertType": "SIMULATED_APPS_WpThemeInjection",
		"startTimeUtc": "2023-07-12T11:21:47.7323334Z",
		"endTimeUtc": "2023-07-12T11:21:47.7323334Z",
		"severity": "High",
		"isIncident": false,
		"systemAlertId": "2517131398922676665_f81f517a-b61e-4c7b-9fc5-82ec0d385de1",
		"intent": "Unknown",
		"resourceIdentifiers": [
			{
				"$id": "centralus_1",
				"azureResourceId": "/SUBSCRIPTIONS/a303ce4e-302e-471a-8188-4dab418ce9ea/RESOURCEGROUPS/Sample-RG/providers/Microsoft.Web/sites/Sample-App",
				"type": "AzureResource",
				"azureResourceTenantId": "b903ec40-8a55-469a-81bf-2f6a26736618"
			},
			{
				"$id": "centralus_2",
				"aadTenantId": "b903ec40-8a55-469a-81bf-2f6a26736618",
				"type": "AAD"
			}
		],
		"compromisedEntity": "Sample-App",
		"alertDisplayName": "[SAMPLE ALERT] Suspicious WordPress theme invocation detected",
		"description": "THIS IS A SAMPLE ALERT: The Azure App Service activity log indicates a possible code injection activity on your App Service resource.\r\nThe suspicious activity detected resembles that of a manipulation of WordPress theme to support server side execution of code, followed by a direct web request to invoke the manipulated theme file.\r\nThis type of activity was seen in the past as part of an attack campaign over WordPress.",
		"remediationSteps": [
			"1. If WordPress is installed, make sure that the application is up to date and automatic updates are enabled.",
			"2. If only specific IP addresses should be allowed to access the web app, set IP restrictions (https://docs.microsoft.com/azure/app-service/app-service-ip-restrictions) for it."
		],
		"extendedProperties": {
			"actionTaken": "Detected",
			"sample Source IP Addresses": "00.00.00.00",
			"sample User Agents": "Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64;+rv:48.0)+Gecko/20100101+Firefox/48.0, Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/63.0.3239.132+Safari/537.36",
			"last Event Time": "12/11/2019 12:34:27 AM",
			"sample Referer": "-",
			"sample URIs": "/login.php",
			"resourceType": "App Service"
		},
		"entities": [
			{
				"$id": "centralus_3",
				"hostName": "Sample-App",
				"azureID": "/SUBSCRIPTIONS/a303ce4e-302e-471a-8188-4dab418ce9ea/RESOURCEGROUPS/Sample-RG/providers/Microsoft.Web/sites/Sample-App",
				"asset": false,
				"type": "host"
			},
			{
				"$id": "centralus_4",
				"resourceId": "/SUBSCRIPTIONS/a303ce4e-302e-471a-8188-4dab418ce9ea/RESOURCEGROUPS/Sample-RG/providers/Microsoft.Web/sites/Sample-App",
				"resourceType": "App Service",
				"resourceName": "Sample-App",
				"metadata": {
					"isGraphCenter": true
				},
				"asset": true,
				"type": "azure-resource"
			}
		],
		"alertUri": "https://portal.azure.com/#blade/Microsoft_Azure_Security_AzureDefenderForData/AlertBlade/alertId/2517131398922676665_f81f517a-b61e-4c7b-9fc5-82ec0d385de1/subscriptionId/a303ce4e-302e-471a-8188-4dab418ce9ea/resourceGroup/Sample-RG/referencedFrom/alertDeepLink/location/centralus"
	}
}