Merge pull request #104964 from memildin/asc-melvyn-containerwork

fixed a misaligned row

Author: PRMerger6

articles/security-center/alerts-reference.md

@@ -344,7 +344,8 @@ Below the alerts tables is a table describing the Azure Security Center kill cha
 |Alert|Description|Intent ([Learn more](#intentions))|
 |----|----|:----:|
 |**PREVIEW - Azurite toolkit run detected**|A known cloud-environment reconnaissance toolkit run has been detected in your environment. The tool [Azurite](https://github.com/mwrlabs/Azurite) can be used by an attacker (or penetration tester) to map your subscriptions' resources and identify insecure configurations.|-|
-|**PREVIEW – MicroBurst toolkit “Get-AzureDomainInfo” function run detected**|A known cloud-environment reconnaissance toolkit run has been detected in your environment. The tool “MicroBurst” (see https://github.com/NetSPI/MicroBurst) can be used by an attacker (or penetration tester) to map your subscription(s) resources, identify insecure configurations, and leak confidential information.|-||**PREVIEW - Suspicious management session using an inactive account detected**|Subscription activity logs analysis has detected suspicious behavior. A principal not in use for a long period of time is now performing actions that can secure persistence for an attacker.|Persistence|
+|**PREVIEW – MicroBurst toolkit “Get-AzureDomainInfo” function run detected**|A known cloud-environment reconnaissance toolkit run has been detected in your environment. The tool “MicroBurst” (see https://github.com/NetSPI/MicroBurst) can be used by an attacker (or penetration tester) to map your subscription(s) resources, identify insecure configurations, and leak confidential information.|-|
+|**PREVIEW - Suspicious management session using an inactive account detected**|Subscription activity logs analysis has detected suspicious behavior. A principal not in use for a long period of time is now performing actions that can secure persistence for an attacker.|Persistence|
 |**PREVIEW – MicroBurst toolkit “Get-AzurePasswords” function run detected**|A known cloud-environment reconnaissance toolkit run has been detected in your environment. The tool “MicroBurst” (see https://github.com/NetSPI/MicroBurst) can be used by an attacker (or penetration tester) to map your subscription(s) resources, identify insecure configurations, and leak confidential information.|-|
 |**PREVIEW – Suspicious management session using Azure portal detected**|Analysis of your subscription activity logs has detected a suspicious behavior. A principal that doesn’t regularly use the Azure portal (Ibiza) to manage the subscription environment (hasn’t used Azure portal to manage for the last 45 days, or a subscription that it is actively managing), is now using the Azure portal and performing actions that can secure persistence for an attacker.|-|
 |**PREVIEW - Suspicious management session using PowerShell detected**|Subscription activity logs analysis has detected suspicious behavior. A principal that doesn’t regularly use PowerShell to manage the subscription environment is now using PowerShell, and performing actions that can secure persistence for an attacker.|Persistence|