Sample alert for Microsoft Sentinel

Snapshot of the entity when an event occurs in Microsoft Sentinel.

The sample alert becomes available after you generate the webhook.

{
    "$id": "1",
    "Version": "3.0",
    "VendorName": "Microsoft",
    "ProviderName": "ASI Scheduled Alerts",
    "ProductName": "Azure Sentinel",
    "ProductComponentName": "Scheduled Alerts",
    "AlertType": "4dc663f5-b613-4518-8a17-a56a17b31899_6d77d754-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
    "StartTimeUtc": "2022-04-06T04:26:44.572Z",
    "EndTimeUtc": "2022-04-06T04:27:06.73Z",
    "TimeGenerated": "2022-04-06T05:30:20.6891354Z",
    "ProcessingEndTime": "2022-04-06T05:30:20.6891325Z",
    "Status": "New",
    "Severity": "Informational",
    "IsIncident": false,
    "ProviderAlertId": "ea8b0bd6-c205-xxxx-xxxx-xxxxxxxxxxxx",
    "SystemAlertId": "77dfe82c-7d04-xxxx-xxxx-xxxxxxxxxxxx",
    "CorrelationKey": null,
    "Intent": "Unknown",
    "ResourceIdentifiers": [
        {
            "$id": "2",
            "WorkspaceId": "4dc663f5-b613-xxxx-xxxx-xxxxxxxxxxxx",
            "WorkspaceSubscriptionId": "70b49f2f-13aa-xxxx-xxxx-xxxxxxxxxxxx",
            "WorkspaceResourceGroup": "itxlab",
            "Type": "LogAnalytics"
        }
    ],
    "WorkspaceId": "4dc663f5-b613-xxxx-xxxx-xxxxxxxxxxxx",
    "WorkspaceSubscriptionId": "70b49f2f-13aa-xxxx-xxxx-xxxxxxxxxxxx",
    "WorkspaceResourceGroup": "itxlab",
    "AlertDisplayName": "Alert Details from AzureActivity",
    "Description": "Alert Details from AzureActivity Desc",
    "ExtendedProperties": {
        "Query Period": "01:00:00",
        "Trigger Operator": "GreaterThan",
        "Trigger Threshold": "0",
        "Correlation Id": "4dc663f5-b613--xxxx-xxxx-xxxxxxxxxxxx_6d77d754-7073--xxxx-xxxx-xxxxxxxxxxxx_63784819817838xxxx",
        "Search Query Results Overall Count": "50",
        "Data Sources": "[\"itxlabwentinelworkspace\"]",
        "Query": "// The query_now parameter represents the time (in UTC) at which the scheduled analytics rule ran to produce this alert.\nset query_now = datetime(2022-04-06T05:25:17.8383213Z);\n AzureActivity  \n| limit 50",
        "Query Start Time UTC": "2022-04-06 04:25:17Z",
        "Query End Time UTC": "2022-04-06 05:25:17Z",
        "Analytic Rule Ids": "[\"6d77d754-7073-494a-xxxx-xxxx-xxxxxxxxxxxx\"]",
        "Event Grouping": "SingleAlert",
        "Analytic Rule Name": "Azure Activity Rule",
        "ProcessedBySentinel": "True",
        "Alert generation status": "Full alert created"
    },
    "Metadata": {
        "WorkspaceRegion": "eastus",
        "SourceTags.SourceEnv": "PROD",
        "TriggeringRuleNames": "[\"6d77d754-7073-494a-xxxx-xxxx-xxxxxxxxxxxx\"]",
        "SentinelWorkspaceRegion": "eastus",
        "SentinelWorkspaceGeography": "unitedstates"
    },
    "Entities": [
        {
            "$id": "3",
            "Address": "199.91.xxx.xx",
            "Type": "ip"
        },
        {
            "$id": "4",
            "Address": "149.96.x.xx",
            "Type": "ip"
        }
    ]
}