Merge pull request #164527 from dotanpatrich/patch-3

add AppServices_DataEgressArtifacts and AppServices_SuspectDownloadAr…

Author: v-ccolin

articles/security-center/alerts-reference.md

@@ -241,8 +241,9 @@ At the bottom of this page, there's a table describing the Azure Security Center
 | **Vulnerability scanner detected**<br>(AppServices_WpScanner)                                                                            | Azure App Service activity log indicates that a possible vulnerability scanner was used on your App Service resource.<br>The suspicious activity detected resembles that of tools targeting WordPress applications.<br>If your App Service resource isn’t hosting a WordPress site, it isn’t vulnerable to this specific code injection exploit and you can safely suppress this alert for the resource. To learn how to suppress Azure Defender alerts, see https://docs.microsoft.com/azure/security-center/alerts-suppression-rules.<br>(Applies to: App Service on Windows and App Service on Linux)                                                                                                                                                                                            | PreAttack                                                          | Medium   |
 | **Web fingerprinting detected**<br>(AppServices_WebFingerprinting)                                                                       | Azure App Service activity log indicates a possible web fingerprinting activity on your App Service resource.<br>The suspicious activity detected is associated with a tool called Blind Elephant. The tool fingerprint web servers and tries to detect the installed applications and version.<br>Attackers often use this tool for probing the web application to find vulnerabilities.<br>(Applies to: App Service on Windows and App Service on Linux)                                                                                                                                                                                                                                                                                                                                          | PreAttack                                                          | Medium   |
 | **Website is tagged as malicious in threat intelligence feed**<br>(AppServices_SmartScreen)                                              | Your website as described below is marked as a malicious site by Windows SmartScreen. If you think this is a false positive, contact Windows SmartScreen via report feedback link provided.<br>(Applies to: App Service on Windows and App Service on Linux)                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        | Collection                                                         | Medium   |
-|                                                                                                                                          |                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                     |
-
+| **Possible loss of data detected**<br>(AppServices_DataEgressArtifacts)| Analysis of host/device data detected a possible data egress condition. Attackers will often egress data from machines they have compromised.<br>(Applies to: App Service on Linux)|Collection, Exfiltration|Medium||
+| **Detected suspicious file download**<br>(AppServices_SuspectDownloadArtifacts)|Analysis of host data has detected suspicious download of remote file.<br>(Applies to: App Service on Linux)|Persistence|Medium|
+|||||
 
 
 ## <a name="alerts-k8scluster"></a>Alerts for containers - Kubernetes clusters