codingoutloud/azure-activity-log-security.json

## azure-activity-log-security.json
<!--
Actual activity-log entry, redacted (...) and anonymized.
category = "Security"
level = "Informational"

The threatName and threatID values under properties match this:
     https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?name=Trojan%3AScript%2FConteban.A!ml&threatid=2147735508
-->

{
    "channels": "Operation",
    "correlationId": "...",
    "description": "Antimalware Action Taken. Microsoft Antimalware has taken an action to protect this machine from malware or other potentially unwanted software.",
    "eventDataId": "...",
    "eventName": {
        "value": "Antimalware Action Taken",
        "localizedValue": "Antimalware Action Taken"
    },
    "category": {
        "value": "Security",
        "localizedValue": "Security"
    },
    "eventTimestamp": "2021-31-01T23:59:59Z",
    "id": "/subscriptions/.../resourceGroups/myrg/providers/Microsoft.Security/locations/eastus/alerts/.../events/.../ticks/...",
    "level": "Informational",
    "operationId": "...",
    "operationName": {
        "value": "Microsoft.Security/locations/alerts/activate/action",
        "localizedValue": "Activate Alert"
    },
    "resourceGroupName": "myrg",
    "resourceProviderName": {
        "value": "Microsoft.Security",
        "localizedValue": "Microsoft.Security"
    },
    "resourceType": {
        "value": "Microsoft.Security/locations/alerts",
        "localizedValue": "Microsoft.Security/locations/alerts"
    },
    "resourceId": "/subscriptions/.../resourceGroups/myrg/providers/Microsoft.Security/locations/eastus/alerts/...",
    "status": {
        "value": "Active",
        "localizedValue": "Active"
    },
    "subStatus": {
        "value": "",
        "localizedValue": ""
    },
    "submissionTimestamp": "2021-11-19T23:46:41.1573581Z",
    "subscriptionId": "...",
    "tenantId": "",
    "properties": {
        "actionTaken": "Blocked",
        "threatStatus": "Quarantined",
        "protectionType": "Windows Defender",
        "threatName": "Trojan:Script/Conteban.A!ml",
        "category": "Trojan",
        "threatID": "2147735508",
        "filePath": "c:\\users\\myname\\Downloads\\BadFile.zip",
        "resourceType": "Virtual Machine",
        "severity": "Low",
        "intent": "[\"Unknown\"]",
        "compromisedEntity": "myvm.example.org",
        "remediationSteps": "[\"No user action is necessary\"]",
        "attackedResourceType": "Virtual Machine"
    },
    "relatedEvents": []
}
	<!--
	Actual activity-log entry, redacted (...) and anonymized.
	category = "Security"
	level = "Informational"

	The threatName and threatID values under properties match this:
	https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?name=Trojan%3AScript%2FConteban.A!ml&threatid=2147735508
	-->

	{
	"channels": "Operation",
	"correlationId": "...",
	"description": "Antimalware Action Taken. Microsoft Antimalware has taken an action to protect this machine from malware or other potentially unwanted software.",
	"eventDataId": "...",
	"eventName": {
	"value": "Antimalware Action Taken",
	"localizedValue": "Antimalware Action Taken"
	},
	"category": {
	"value": "Security",
	"localizedValue": "Security"
	},
	"eventTimestamp": "2021-31-01T23:59:59Z",
	"id": "/subscriptions/.../resourceGroups/myrg/providers/Microsoft.Security/locations/eastus/alerts/.../events/.../ticks/...",
	"level": "Informational",
	"operationId": "...",
	"operationName": {
	"value": "Microsoft.Security/locations/alerts/activate/action",
	"localizedValue": "Activate Alert"
	},
	"resourceGroupName": "myrg",
	"resourceProviderName": {
	"value": "Microsoft.Security",
	"localizedValue": "Microsoft.Security"
	},
	"resourceType": {
	"value": "Microsoft.Security/locations/alerts",
	"localizedValue": "Microsoft.Security/locations/alerts"
	},
	"resourceId": "/subscriptions/.../resourceGroups/myrg/providers/Microsoft.Security/locations/eastus/alerts/...",
	"status": {
	"value": "Active",
	"localizedValue": "Active"
	},
	"subStatus": {
	"value": "",
	"localizedValue": ""
	},
	"submissionTimestamp": "2021-11-19T23:46:41.1573581Z",
	"subscriptionId": "...",
	"tenantId": "",
	"properties": {
	"actionTaken": "Blocked",
	"threatStatus": "Quarantined",
	"protectionType": "Windows Defender",
	"threatName": "Trojan:Script/Conteban.A!ml",
	"category": "Trojan",
	"threatID": "2147735508",
	"filePath": "c:\\users\\myname\\Downloads\\BadFile.zip",
	"resourceType": "Virtual Machine",
	"severity": "Low",
	"intent": "[\"Unknown\"]",
	"compromisedEntity": "myvm.example.org",
	"remediationSteps": "[\"No user action is necessary\"]",
	"attackedResourceType": "Virtual Machine"
	},
	"relatedEvents": []
	}