{
  "id": "/subscriptions/<subscriptionId>/resourceGroups/<resourcegroup>/providers/Microsoft.Security/locations/centralus/alerts/<Guid>",
  "name": "random_guid",
  "type": "Microsoft.Security/Locations/alerts",
  "properties": {
    "status": "Active",
    "timeGeneratedUtc": "2023-02-22T11:21:18.7076993Z",
    "processingEndTimeUtc": "2023-02-22T11:21:17.4013532Z",
    "version": "2022-01-01.1",
    "vendorName": "Microsoft",
    "productName": "Microsoft Defender for Cloud",
    "productComponentName": "Azure SQL Database",
    "alertType": "SQL.DB_VulnerabilityToSqlInjection",
    "startTimeUtc": "2023-02-22T11:21:13.9123406Z",
    "endTimeUtc": "2023-02-22T11:21:13.9123406Z",
    "severity": "Medium",
    "isIncident": false,
    "systemAlertId": "id",
    "correlationKey": "correlationKey",
    "intent": "PreAttack",
    "resourceIdentifiers": [
      {
        "$id": "centralus_1",
        "azureResourceId": "/subscriptions/<subscriptionId>/resourceGroups/<resourcegroup>/providers/Microsoft.Sql/servers/<servername>/databases/<dbname>",
        "type": "AzureResource",
        "azureResourceTenantId": "azureResourceTenantId"
      },
      {
        "$id": "centralus_2",
        "workspaceId": "workspaceId",
        "type": "LogAnalytics"
      }
    ],
    "compromisedEntity": "compromisedEntity",
    "alertDisplayName": "A possible vulnerability to SQL Injection",
    "description": "description details",
    "remediationSteps": [
      "Read more about [SQL Injection](https://go.microsoft.com/fwlink/?linkid=2106894) threats and best practices for safe application code."
    ],
    "extendedProperties": {
      "alert Id": "alert Id",
      "compromised entity": "entity name",
      "client IP address": "ip address",
      "client principal name": "emailID",
      "client application": "Framework Microsoft SqlClient Data Provider",
      "threat ID": "6",
      "potential causes": "Defect in application code constructing faulty SQL statements; application code doesn't sanitize user input and was exploited to inject malicious SQL statements",
      "vulnerable statement": "statement",
      "vulnerable pattern": "pattern",
      "injection Point (offset: 39, length: 2)": "''\n'",
      "injection Point (offset: 49, length: 2)": "'  '",
      "injection Point (offset: 64, length: 1)": "' '",
      "detection reason": "update [MT].[Response_2023] set Status=0 , Votes=0 where Title =0;",
      "sql Error (offset: 161, line: 5, column: 53)": "Incorrect syntax near 's'.",
      "sql Error (offset: 179, line: 5, column: 71)": "Unclosed quotation mark after the character string '';'.",
      "resourceType": "SQL Database",
      "killChainIntent": "PreAttack"
    },
    "entities": [
      {
        "$id": "centralus_3",
        "resourceId": "/subscriptions/<subscriptionId>/resourceGroups/<resourcegroup>/providers/Microsoft.Sql/servers/<servername>/databases/<dbname>",
        "type": "azure-resource"
      },
      {
        "$id": "centralus_4",
        "address": "IP Address",
        "location": {
          "countryCode": "US",
          "countryName": "United States",
          "state": "Iowa",
          "city": "Des Moines",
          "longitude": -93.60652,
          "latitude": 41.60044,
          "asn": 8075,
          "carrier": "carrier",
          "organization": "organization"
        },
        "type": "ip"
      },
      {
        "$id": "id",
        "name": "emaoilID",
        "type": "account"
      },
      {
        "$id": "centralus_6",
        "sourceAddress": {
          "$ref": "centralus_4"
        },
        "destinationPort": 1433,
        "protocol": "Tcp",
        "type": "network-connection"
      }
    ],
    "alertUri": "alertUri"
  }
}