Added three missing alerts

Author: memildin

articles/security-center/alerts-reference.md

@@ -79,6 +79,9 @@ Below the alerts table is a table describing the Azure Security Center kill chai
 |**Logon by an unfamiliar principal**|There has been a change in the access pattern to SQL Server. Someone has signed in to the server by using an unusual principal (user). In some cases, the alert detects a legitimate action (a new application or developer maintenance). In other cases, the alert detects a malicious action (a former employee or external attacker).|Exploitation|
 |**Attempted logon by a potentially harmful application**|A potentially harmful application has been used to access the database. In some cases, the alert detects penetration testing in action. In other cases, the alert detects an attack that uses common tools.|Probing|
 |**Potential SQL Brute Force attempt**|An abnormally high number of failed sign-ins with different credentials have occurred. In some cases, the alert detects penetration testing in action. In other cases, the alert detects a brute force attack.|Probing|
+|**Logon from an unusual Azure Data Center**|There has been a change in the access pattern to an SQL Server, where someone has signed in to the server from an unusual Azure Data Center. In some cases, the alert detects a legitimate action (a new application or Azure service). In other cases, the alert detects a malicious action (attacker operating from breached resource in Azure).|Probing|
+|**Potentially Unsafe Action**|High privileged SQL command which is commonly used in malicious sessions has been executed in an SQL Server. Those commands are recommended to be disabled by default. In some cases, the alert detects a legitimate action (admin script running). In other cases, the alert detects a malicious action (attacker using SQL trusts to breach Windows layer).|Execution|
+|**Unusual export location**|There has been a change in the export storage destination for a SQL import and export operation. In some cases, the alert detects a legitimate change (new backup destination). In other cases, the alert detects a malicious action (attacker easily exfiltrated data to a file).|Exfiltration|
 ||<a name="alerts-azurestorage"></a><h3>Azure Storage</h3> [Further details and notes](security-center-alerts-data-services.md#azure-storage-)||
 |**Access from an unusual location to a storage account**|Indicates that there was a change in the access pattern to an Azure Storage account. Someone has accessed this account from an IP address considered unfamiliar when compared with recent activity. Either an attacker has gained access to the account, or a legitimate user has connected from a new or unusual geographic location. An example of the latter is remote maintenance from a new application or developer.|Exploitation|
 |**Unusual application accessed a storage account**|Indicates that an unusual application has accessed this storage account. A potential cause is that an attacker has accessed your storage account by using a new application.|Exploitation|