Class AlertInner
java.lang.Object
com.azure.core.management.ProxyResource
com.azure.resourcemanager.security.fluent.models.AlertInner
public final class AlertInner
extends com.azure.core.management.ProxyResource
Security alert.
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionGet the alertDisplayName property: The display name of the alert.Get the alertType property: Unique identifier for the detection logic (all alert instances from the same detection logic will have the same alertType).alertUri()
Get the alertUri property: A direct link to the alert page in Azure Portal.Get the compromisedEntity property: The display name of the resource most related to this alert.Get the correlationKey property: Key for corelating related alerts.Get the description property: Description of the suspicious activity that was detected.Get the endTimeUtc property: The UTC time of the last event or activity included in the alert in ISO8601 format.entities()
Get the entities property: A list of entities related to the alert.Get the extendedLinks property: Links related to the alert.Get the extendedProperties property: Custom properties for the alert.intent()
Get the intent property: The kill chain related intent behind the alert.Get the isIncident property: This field determines whether the alert is an incident (a compound grouping of several alerts) or a single alert.Get the processingEndTimeUtc property: The UTC processing end time of the alert in ISO8601 format.Get the productComponentName property: The name of Azure Security Center pricing tier which powering this alert.Get the productName property: The name of the product which published this alert (Azure Security Center, Azure ATP, Microsoft Defender ATP, O365 ATP, MCAS, and so on).Get the remediationSteps property: Manual action items to take to remediate the alert.Get the resourceIdentifiers property: The resource identifiers that can be used to direct the alert to the right product exposure group (tenant, workspace, subscription etc.).severity()
Get the severity property: The risk level of the threat that was detected.Get the startTimeUtc property: The UTC time of the first event or activity included in the alert in ISO8601 format.status()
Get the status property: The life cycle status of the alert.Get the subTechniques property: Kill chain related sub-techniques behind the alert.Get the supportingEvidence property: Changing set of properties depending on the supportingEvidence type.Get the systemAlertId property: Unique identifier for the alert.Get the techniques property: kill chain related techniques behind the alert.Get the timeGeneratedUtc property: The UTC time the alert was generated in ISO8601 format.void
validate()
Validates the instance.Get the vendorName property: The name of the vendor that raises the alert.version()
Get the version property: Schema version.withExtendedProperties
(Map<String, String> extendedProperties) Set the extendedProperties property: Custom properties for the alert.withSupportingEvidence
(AlertPropertiesSupportingEvidence supportingEvidence) Set the supportingEvidence property: Changing set of properties depending on the supportingEvidence type.Methods inherited from class com.azure.core.management.ProxyResource
id, name, type
-
Constructor Details
-
AlertInner
public AlertInner()
-
-
Method Details
-
version
Get the version property: Schema version.- Returns:
- the version value.
-
alertType
Get the alertType property: Unique identifier for the detection logic (all alert instances from the same detection logic will have the same alertType).- Returns:
- the alertType value.
-
systemAlertId
Get the systemAlertId property: Unique identifier for the alert.- Returns:
- the systemAlertId value.
-
productComponentName
Get the productComponentName property: The name of Azure Security Center pricing tier which powering this alert. Learn more: https://docs.microsoft.com/en-us/azure/security-center/security-center-pricing.- Returns:
- the productComponentName value.
-
alertDisplayName
Get the alertDisplayName property: The display name of the alert.- Returns:
- the alertDisplayName value.
-
description
Get the description property: Description of the suspicious activity that was detected.- Returns:
- the description value.
-
severity
Get the severity property: The risk level of the threat that was detected. Learn more: https://docs.microsoft.com/en-us/azure/security-center/security-center-alerts-overview#how-are-alerts-classified.- Returns:
- the severity value.
-
intent
Get the intent property: The kill chain related intent behind the alert. For list of supported values, and explanations of Azure Security Center's supported kill chain intents.- Returns:
- the intent value.
-
startTimeUtc
Get the startTimeUtc property: The UTC time of the first event or activity included in the alert in ISO8601 format.- Returns:
- the startTimeUtc value.
-
endTimeUtc
Get the endTimeUtc property: The UTC time of the last event or activity included in the alert in ISO8601 format.- Returns:
- the endTimeUtc value.
-
resourceIdentifiers
Get the resourceIdentifiers property: The resource identifiers that can be used to direct the alert to the right product exposure group (tenant, workspace, subscription etc.). There can be multiple identifiers of different type per alert.- Returns:
- the resourceIdentifiers value.
-
remediationSteps
Get the remediationSteps property: Manual action items to take to remediate the alert.- Returns:
- the remediationSteps value.
-
vendorName
Get the vendorName property: The name of the vendor that raises the alert.- Returns:
- the vendorName value.
-
status
Get the status property: The life cycle status of the alert.- Returns:
- the status value.
-
extendedLinks
Get the extendedLinks property: Links related to the alert.- Returns:
- the extendedLinks value.
-
alertUri
Get the alertUri property: A direct link to the alert page in Azure Portal.- Returns:
- the alertUri value.
-
timeGeneratedUtc
Get the timeGeneratedUtc property: The UTC time the alert was generated in ISO8601 format.- Returns:
- the timeGeneratedUtc value.
-
productName
Get the productName property: The name of the product which published this alert (Azure Security Center, Azure ATP, Microsoft Defender ATP, O365 ATP, MCAS, and so on).- Returns:
- the productName value.
-
processingEndTimeUtc
Get the processingEndTimeUtc property: The UTC processing end time of the alert in ISO8601 format.- Returns:
- the processingEndTimeUtc value.
-
entities
Get the entities property: A list of entities related to the alert.- Returns:
- the entities value.
-
isIncident
Get the isIncident property: This field determines whether the alert is an incident (a compound grouping of several alerts) or a single alert.- Returns:
- the isIncident value.
-
correlationKey
Get the correlationKey property: Key for corelating related alerts. Alerts with the same correlation key considered to be related.- Returns:
- the correlationKey value.
-
extendedProperties
Get the extendedProperties property: Custom properties for the alert.- Returns:
- the extendedProperties value.
-
withExtendedProperties
Set the extendedProperties property: Custom properties for the alert.- Parameters:
extendedProperties
- the extendedProperties value to set.- Returns:
- the AlertInner object itself.
-
compromisedEntity
Get the compromisedEntity property: The display name of the resource most related to this alert.- Returns:
- the compromisedEntity value.
-
techniques
Get the techniques property: kill chain related techniques behind the alert.- Returns:
- the techniques value.
-
subTechniques
Get the subTechniques property: Kill chain related sub-techniques behind the alert.- Returns:
- the subTechniques value.
-
supportingEvidence
Get the supportingEvidence property: Changing set of properties depending on the supportingEvidence type.- Returns:
- the supportingEvidence value.
-
withSupportingEvidence
Set the supportingEvidence property: Changing set of properties depending on the supportingEvidence type.- Parameters:
supportingEvidence
- the supportingEvidence value to set.- Returns:
- the AlertInner object itself.
-
validate
public void validate()Validates the instance.- Throws:
IllegalArgumentException
- thrown if the instance is not valid.
-