java.lang.Object
com.azure.core.management.ProxyResource
com.azure.resourcemanager.security.fluent.models.AlertInner

public final class AlertInner extends com.azure.core.management.ProxyResource
Security alert.
  • Constructor Details

    • AlertInner

      public AlertInner()
  • Method Details

    • version

      public String version()
      Get the version property: Schema version.
      Returns:
      the version value.
    • alertType

      public String alertType()
      Get the alertType property: Unique identifier for the detection logic (all alert instances from the same detection logic will have the same alertType).
      Returns:
      the alertType value.
    • systemAlertId

      public String systemAlertId()
      Get the systemAlertId property: Unique identifier for the alert.
      Returns:
      the systemAlertId value.
    • productComponentName

      public String productComponentName()
      Get the productComponentName property: The name of Azure Security Center pricing tier which powering this alert. Learn more: https://docs.microsoft.com/en-us/azure/security-center/security-center-pricing.
      Returns:
      the productComponentName value.
    • alertDisplayName

      public String alertDisplayName()
      Get the alertDisplayName property: The display name of the alert.
      Returns:
      the alertDisplayName value.
    • description

      public String description()
      Get the description property: Description of the suspicious activity that was detected.
      Returns:
      the description value.
    • severity

      public AlertSeverity severity()
      Get the severity property: The risk level of the threat that was detected. Learn more: https://docs.microsoft.com/en-us/azure/security-center/security-center-alerts-overview#how-are-alerts-classified.
      Returns:
      the severity value.
    • intent

      public Intent intent()
      Get the intent property: The kill chain related intent behind the alert. For list of supported values, and explanations of Azure Security Center's supported kill chain intents.
      Returns:
      the intent value.
    • startTimeUtc

      public OffsetDateTime startTimeUtc()
      Get the startTimeUtc property: The UTC time of the first event or activity included in the alert in ISO8601 format.
      Returns:
      the startTimeUtc value.
    • endTimeUtc

      public OffsetDateTime endTimeUtc()
      Get the endTimeUtc property: The UTC time of the last event or activity included in the alert in ISO8601 format.
      Returns:
      the endTimeUtc value.
    • resourceIdentifiers

      public List<ResourceIdentifier> resourceIdentifiers()
      Get the resourceIdentifiers property: The resource identifiers that can be used to direct the alert to the right product exposure group (tenant, workspace, subscription etc.). There can be multiple identifiers of different type per alert.
      Returns:
      the resourceIdentifiers value.
    • remediationSteps

      public List<String> remediationSteps()
      Get the remediationSteps property: Manual action items to take to remediate the alert.
      Returns:
      the remediationSteps value.
    • vendorName

      public String vendorName()
      Get the vendorName property: The name of the vendor that raises the alert.
      Returns:
      the vendorName value.
    • status

      public AlertStatus status()
      Get the status property: The life cycle status of the alert.
      Returns:
      the status value.
    • extendedLinks

      public List<Map<String,String>> extendedLinks()
      Get the extendedLinks property: Links related to the alert.
      Returns:
      the extendedLinks value.
    • alertUri

      public String alertUri()
      Get the alertUri property: A direct link to the alert page in Azure Portal.
      Returns:
      the alertUri value.
    • timeGeneratedUtc

      public OffsetDateTime timeGeneratedUtc()
      Get the timeGeneratedUtc property: The UTC time the alert was generated in ISO8601 format.
      Returns:
      the timeGeneratedUtc value.
    • productName

      public String productName()
      Get the productName property: The name of the product which published this alert (Azure Security Center, Azure ATP, Microsoft Defender ATP, O365 ATP, MCAS, and so on).
      Returns:
      the productName value.
    • processingEndTimeUtc

      public OffsetDateTime processingEndTimeUtc()
      Get the processingEndTimeUtc property: The UTC processing end time of the alert in ISO8601 format.
      Returns:
      the processingEndTimeUtc value.
    • entities

      public List<AlertEntity> entities()
      Get the entities property: A list of entities related to the alert.
      Returns:
      the entities value.
    • isIncident

      public Boolean isIncident()
      Get the isIncident property: This field determines whether the alert is an incident (a compound grouping of several alerts) or a single alert.
      Returns:
      the isIncident value.
    • correlationKey

      public String correlationKey()
      Get the correlationKey property: Key for corelating related alerts. Alerts with the same correlation key considered to be related.
      Returns:
      the correlationKey value.
    • extendedProperties

      public Map<String,String> extendedProperties()
      Get the extendedProperties property: Custom properties for the alert.
      Returns:
      the extendedProperties value.
    • withExtendedProperties

      public AlertInner withExtendedProperties(Map<String,String> extendedProperties)
      Set the extendedProperties property: Custom properties for the alert.
      Parameters:
      extendedProperties - the extendedProperties value to set.
      Returns:
      the AlertInner object itself.
    • compromisedEntity

      public String compromisedEntity()
      Get the compromisedEntity property: The display name of the resource most related to this alert.
      Returns:
      the compromisedEntity value.
    • techniques

      public List<String> techniques()
      Get the techniques property: kill chain related techniques behind the alert.
      Returns:
      the techniques value.
    • subTechniques

      public List<String> subTechniques()
      Get the subTechniques property: Kill chain related sub-techniques behind the alert.
      Returns:
      the subTechniques value.
    • supportingEvidence

      public AlertPropertiesSupportingEvidence supportingEvidence()
      Get the supportingEvidence property: Changing set of properties depending on the supportingEvidence type.
      Returns:
      the supportingEvidence value.
    • withSupportingEvidence

      public AlertInner withSupportingEvidence(AlertPropertiesSupportingEvidence supportingEvidence)
      Set the supportingEvidence property: Changing set of properties depending on the supportingEvidence type.
      Parameters:
      supportingEvidence - the supportingEvidence value to set.
      Returns:
      the AlertInner object itself.
    • validate

      public void validate()
      Validates the instance.
      Throws:
      IllegalArgumentException - thrown if the instance is not valid.