> ## Documentation Index
> Fetch the complete documentation index at: https://docs.blinkops.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Get Alert

Get an alert that is associated with a subscription.

<Note>
  External Documentation

  To learn more, visit the [Microsoft Defender For Cloud documentation](https://learn.microsoft.com/en-us/rest/api/defenderforcloud/alerts/get-subscription-level?view=rest-defenderforcloud-2022-01-01\&tabs=HTTP).
</Note>

## Parameters

<div className="integrations-table">
  | Parameter       | Description                                                                          |
  | --------------- | ------------------------------------------------------------------------------------ |
  | ASC Location    | The location of the Azure Security Center which stores the data of the subscription. |
  | Alert Name      | The name of the alert.                                                               |
  | Subscription ID | Azure subscription ID.                                                               |
</div>

## Example Output

```json theme={"dark"}
{
	"id": "/subscriptions/a303ce4e-302e-471a-8188-4dab418ce9ea/resourceGroups/Sample-RG/providers/Microsoft.Security/locations/centralus/alerts/2517131398922676665_f81f517a-b61e-4c7b-9fc5-82ec0d385de1",
	"name": "2517131398922676665_f81f517a-b61e-4c7b-9fc5-82ec0d385de1",
	"type": "Microsoft.Security/Locations/alerts",
	"properties": {
		"status": "Active",
		"timeGeneratedUtc": "2023-07-12T11:21:50.1666649Z",
		"processingEndTimeUtc": "2023-07-12T11:21:49.7323334Z",
		"version": "2022-01-01.0",
		"vendorName": "Microsoft",
		"productName": "Microsoft Defender for Cloud",
		"productComponentName": "App Service",
		"alertType": "SIMULATED_APPS_WpThemeInjection",
		"startTimeUtc": "2023-07-12T11:21:47.7323334Z",
		"endTimeUtc": "2023-07-12T11:21:47.7323334Z",
		"severity": "High",
		"isIncident": false,
		"systemAlertId": "2517131398922676665_f81f517a-b61e-4c7b-9fc5-82ec0d385de1",
		"intent": "Unknown",
		"resourceIdentifiers": [
			{
				"$id": "centralus_1",
				"azureResourceId": "/SUBSCRIPTIONS/a303ce4e-302e-471a-8188-4dab418ce9ea/RESOURCEGROUPS/Sample-RG/providers/Microsoft.Web/sites/Sample-App",
				"type": "AzureResource",
				"azureResourceTenantId": "b903ec40-8a55-469a-81bf-2f6a26736618"
			},
			{
				"$id": "centralus_2",
				"aadTenantId": "b903ec40-8a55-469a-81bf-2f6a26736618",
				"type": "AAD"
			}
		],
		"compromisedEntity": "Sample-App",
		"alertDisplayName": "[SAMPLE ALERT] Suspicious WordPress theme invocation detected",
		"description": "THIS IS A SAMPLE ALERT: The Azure App Service activity log indicates a possible code injection activity on your App Service resource.\r\nThe suspicious activity detected resembles that of a manipulation of WordPress theme to support server side execution of code, followed by a direct web request to invoke the manipulated theme file.\r\nThis type of activity was seen in the past as part of an attack campaign over WordPress.",
		"remediationSteps": [
			"1. If WordPress is installed, make sure that the application is up to date and automatic updates are enabled.",
			"2. If only specific IP addresses should be allowed to access the web app, set IP restrictions (https://docs.microsoft.com/azure/app-service/app-service-ip-restrictions) for it."
		],
		"extendedProperties": {
			"actionTaken": "Detected",
			"sample Source IP Addresses": "00.00.00.00",
			"sample User Agents": "Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64;+rv:48.0)+Gecko/20100101+Firefox/48.0, Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/63.0.3239.132+Safari/537.36",
			"last Event Time": "12/11/2019 12:34:27 AM",
			"sample Referer": "-",
			"sample URIs": "/login.php",
			"resourceType": "App Service"
		},
		"entities": [
			{
				"$id": "centralus_3",
				"hostName": "Sample-App",
				"azureID": "/SUBSCRIPTIONS/a303ce4e-302e-471a-8188-4dab418ce9ea/RESOURCEGROUPS/Sample-RG/providers/Microsoft.Web/sites/Sample-App",
				"asset": false,
				"type": "host"
			},
			{
				"$id": "centralus_4",
				"resourceId": "/SUBSCRIPTIONS/a303ce4e-302e-471a-8188-4dab418ce9ea/RESOURCEGROUPS/Sample-RG/providers/Microsoft.Web/sites/Sample-App",
				"resourceType": "App Service",
				"resourceName": "Sample-App",
				"metadata": {
					"isGraphCenter": true
				},
				"asset": true,
				"type": "azure-resource"
			}
		],
		"alertUri": "https://portal.azure.com/#blade/Microsoft_Azure_Security_AzureDefenderForData/AlertBlade/alertId/2517131398922676665_f81f517a-b61e-4c7b-9fc5-82ec0d385de1/subscriptionId/a303ce4e-302e-471a-8188-4dab418ce9ea/resourceGroup/Sample-RG/referencedFrom/alertDeepLink/location/centralus"
	}
}
```

## Workflow Library Example

[Get Alert with Microsoft Defender for Cloud and Send Results Via Email](https://library.blinkops.com/workflows/get-alert-with-microsoft-defender-for-cloud-and-send-results-via-email)

<div className="iframe-wrapper">
  <div className="iframe-media">
    <img src="https://mintcdn.com/blinkops-2/ojHYuDeYX5FWuN8a/img/Icons/play-box.svg?fit=max&auto=format&n=ojHYuDeYX5FWuN8a&q=85&s=b8af968e71438a9499c3223c9bd29fb2" alt="Workflow Library" width="16" height="16" data-path="img/Icons/play-box.svg" />

    Preview this Workflow on desktop
  </div>

  <iframe className="iframe" src="https://library.blinkops.com/workflows/get-alert-with-microsoft-defender-for-cloud-and-send-results-via-email/canvas" />
</div>
