Merge pull request #113870 from memildin/asc-melvyn-secureScoreEnhanced

Malware upload alert description updated

Author: PRMerger14

articles/security-center/alerts-reference.md

@@ -290,7 +290,7 @@ Below the alerts tables is a table describing the Azure Security Center kill cha
 |**Access from a Tor exit node to a storage account**|Indicates that this account has been accessed successfully from an IP address that is known as an active exit node of Tor (an anonymizing proxy). The severity of this alert considers the authentication type used (if any), and whether this is the first case of such access. Potential causes can be an attacker who has accessed your storage account by using Tor, or a legitimate user who has accessed your storage account by using Tor.|Probing / Exploitation|High|
 |**Access from an unusual location to a storage account**|Indicates that there was a change in the access pattern to an Azure Storage account. Someone has accessed this account from an IP address considered unfamiliar when compared with recent activity. Either an attacker has gained access to the account, or a legitimate user has connected from a new or unusual geographic location. An example of the latter is remote maintenance from a new application or developer.|Exploitation|Low|
 |**Anonymous access to a storage account**|Indicates that there's a change in the access pattern to a storage account. For instance, the account has been accessed anonymously (without any authentication), which is unexpected compared to the recent access pattern on this account. A potential cause is that an attacker has exploited public read access to a container that holds blob storage.|Exploitation|High|
-|**Potential malware uploaded to a storage account**|Indicates that a blob containing potential malware has been uploaded to a storage account. Potential causes may include an intentional malware upload by an attacker or an unintentional upload, of a potentially malicious blob, by a legitimate user.|LateralMovement|High|
+|**Potential malware uploaded to a storage account**|Indicates that a blob containing potential malware has been uploaded to a storage account . This alert is based hash reputation analysis leveraging the power of Microsoft threat intelligence, which includes hashes for viruses, trojans, spyware and ransomware. Potential causes may include an intentional malware upload by an attacker, or an unintentional upload of a potentially malicious blob by a legitimate user. Learn more about Microsoft’s threat intelligence capabilities here: https://go.microsoft.com/fwlink/?linkid=2128684 |LateralMovement|High|
 |**Unusual access inspection in a storage account**|Indicates that the access permissions of a storage account have been inspected in an unusual way, compared to recent activity on this account. A potential cause is that an attacker has performed reconnaissance for a future attack.|Collection|Medium|
 |**Unusual amount of data extracted from a storage account**|Indicates that an unusually large amount of data has been extracted compared to recent activity on this storage container. A potential cause is that an attacker has extracted a large amount of data from a container that holds blob storage.|Exfiltration|Medium|
 |**Unusual application accessed a storage account**|Indicates that an unusual application has accessed this storage account. A potential cause is that an attacker has accessed your storage account by using a new application.|Exploitation|Medium|