Merge pull request #238787 from AlizaBernstein/WI-45845-simulate-alerts-on-app-services

WI-45845-simulate-alerts-on-app-services

Author: v-regandowner

articles/defender-for-cloud/alert-validation.md

@@ -2,7 +2,7 @@
 title: Alert validation in Microsoft Defender for Cloud
 description: Learn how to validate that your security alerts are correctly configured in Microsoft Defender for Cloud
 ms.topic: how-to
-ms.date: 10/06/2022
+ms.date: 05/23/2023
 ms.author: dacurwin
 author: dcurwin
 ---
@@ -36,15 +36,15 @@ To create sample alerts:
 1. Select the relevant Microsoft Defender plan/s for which you want to see alerts. 
 1. Select **Create sample alerts**.
 
-    :::image type="content" source="media/alert-validation/create-sample-alerts-procedures.png" alt-text="Steps to create sample alerts in Microsoft Defender for Cloud.":::
+    :::image type="content" source="media/alert-validation/create-sample-alerts-procedures.png" alt-text="Screenshot showing steps to create sample alerts in Microsoft Defender for Cloud." lightbox="media/alert-validation/create-sample-alerts-procedures.png":::
 
     A notification appears letting you know that the sample alerts are being created:
 
-    :::image type="content" source="media/alert-validation/notification-sample-alerts-creation.png" alt-text="Notification that the sample alerts are being generated.":::
+    :::image type="content" source="media/alert-validation/notification-sample-alerts-creation.png" alt-text="Screenshot showing notification that the sample alerts are being generated." lightbox="media/alert-validation/notification-sample-alerts-creation.png":::
 
     After a few minutes, the alerts appear in the security alerts page. They'll also appear anywhere else that you've configured to receive your Microsoft Defender for Cloud security alerts (connected SIEMs, email notifications, and so on).
 
-    :::image type="content" source="media/alert-validation/sample-alerts.png" alt-text="Sample alerts in the security alerts list.":::
+    :::image type="content" source="media/alert-validation/sample-alerts.png" alt-text="Screenshot showing sample alerts in the security alerts list." lightbox="media/alert-validation/sample-alerts.png":::
 
     > [!TIP]
     > The alerts are for simulated resources.
@@ -113,7 +113,7 @@ You can simulate alerts for both of the control plane, and workload alerts with
 **Prerequisites**
 
 - Ensure the Defender for Containers plan is enabled.
-- Ensure the Defender profile\extension is installed 
+- Ensure the Defender profile\extension is installed. 
 
 **To simulate a a Kubernetes workload security alert**:
 
@@ -156,8 +156,23 @@ You can simulate alerts for both of the control plane, and workload alerts with
 
 You can also learn more about defending your Kubernetes nodes and clusters with [Microsoft Defender for Containers](defender-for-containers-introduction.md).
 
+### Simulate alerts for App Service
+
+You can simulate alerts for resources running on [App Service](https://learn.microsoft.com/azure/app-service/overview).
+
+1. Create a new website and wait 24 hours for it to be registered with Defender for Cloud, or use an existing web site. 
+
+1. Once the web site is created, access it using the following URL:
+      1. Open the app service resource blade and copy the domain for the URL from the default domain field.
+       
+          :::image type="content" source="media/alert-validation/copy-default-domain.png" alt-text="Screenshot showing where to copy the default domain." lightbox="media/alert-validation/copy-default-domain.png":::
+
+      1. Copy the website name into the URL: **https://<website name>.azurewebsites.net/This_Will_Generate_ASC_Alert**.
+1.  An alert is generated within about 1-2 hours.
+
 ## Next steps
-This article introduced you to the alerts validation process. Now that you're familiar with this validation, try the following articles:
+
+This article introduced you to the alerts validation process. Now that you're familiar with this validation, explore the following articles:
 
 - [Validating Azure Key Vault threat detection in Microsoft Defender for Cloud](https://techcommunity.microsoft.com/t5/azure-security-center/validating-azure-key-vault-threat-detection-in-azure-security/ba-p/1220336)
 - [Managing and responding to security alerts in Microsoft Defender for Cloud](managing-and-responding-alerts.md) - Learn how to manage alerts, and respond to security incidents in Defender for Cloud.