Interface Alert
public interface Alert
An immutable client-side representation of Alert.
-
Method Summary
Modifier and TypeMethodDescriptionGets the alertDisplayName property: The display name of the alert.Gets the alertType property: Unique identifier for the detection logic (all alert instances from the same detection logic will have the same alertType).alertUri()Gets the alertUri property: A direct link to the alert page in Azure Portal.Gets the compromisedEntity property: The display name of the resource most related to this alert.Gets the correlationKey property: Key for corelating related alerts.Gets the description property: Description of the suspicious activity that was detected.Gets the endTimeUtc property: The UTC time of the last event or activity included in the alert in ISO8601 format.entities()Gets the entities property: A list of entities related to the alert.Gets the extendedLinks property: Links related to the alert.Gets the extendedProperties property: Custom properties for the alert.id()Gets the id property: Fully qualified resource Id for the resource.Gets the inner com.azure.resourcemanager.security.fluent.models.AlertInner object.intent()Gets the intent property: The kill chain related intent behind the alert.Gets the isIncident property: This field determines whether the alert is an incident (a compound grouping of several alerts) or a single alert.name()Gets the name property: The name of the resource.Gets the processingEndTimeUtc property: The UTC processing end time of the alert in ISO8601 format.Gets the productComponentName property: The name of Azure Security Center pricing tier which powering this alert.Gets the productName property: The name of the product which published this alert (Azure Security Center, Azure ATP, Microsoft Defender ATP, O365 ATP, MCAS, and so on).Gets the remediationSteps property: Manual action items to take to remediate the alert.Gets the resourceIdentifiers property: The resource identifiers that can be used to direct the alert to the right product exposure group (tenant, workspace, subscription etc.).severity()Gets the severity property: The risk level of the threat that was detected.Gets the startTimeUtc property: The UTC time of the first event or activity included in the alert in ISO8601 format.status()Gets the status property: The life cycle status of the alert.Gets the subTechniques property: Kill chain related sub-techniques behind the alert.Gets the supportingEvidence property: Changing set of properties depending on the supportingEvidence type.Gets the systemAlertId property: Unique identifier for the alert.Gets the techniques property: kill chain related techniques behind the alert.Gets the timeGeneratedUtc property: The UTC time the alert was generated in ISO8601 format.type()Gets the type property: The type of the resource.Gets the vendorName property: The name of the vendor that raises the alert.version()Gets the version property: Schema version.
-
Method Details
-
id
String id()Gets the id property: Fully qualified resource Id for the resource.- Returns:
- the id value.
-
name
String name()Gets the name property: The name of the resource.- Returns:
- the name value.
-
type
String type()Gets the type property: The type of the resource.- Returns:
- the type value.
-
version
String version()Gets the version property: Schema version.- Returns:
- the version value.
-
alertType
String alertType()Gets the alertType property: Unique identifier for the detection logic (all alert instances from the same detection logic will have the same alertType).- Returns:
- the alertType value.
-
systemAlertId
String systemAlertId()Gets the systemAlertId property: Unique identifier for the alert.- Returns:
- the systemAlertId value.
-
productComponentName
String productComponentName()Gets the productComponentName property: The name of Azure Security Center pricing tier which powering this alert. Learn more: https://docs.microsoft.com/en-us/azure/security-center/security-center-pricing.- Returns:
- the productComponentName value.
-
alertDisplayName
String alertDisplayName()Gets the alertDisplayName property: The display name of the alert.- Returns:
- the alertDisplayName value.
-
description
String description()Gets the description property: Description of the suspicious activity that was detected.- Returns:
- the description value.
-
severity
AlertSeverity severity()Gets the severity property: The risk level of the threat that was detected. Learn more: https://docs.microsoft.com/en-us/azure/security-center/security-center-alerts-overview#how-are-alerts-classified.- Returns:
- the severity value.
-
intent
Intent intent()Gets the intent property: The kill chain related intent behind the alert. For list of supported values, and explanations of Azure Security Center's supported kill chain intents.- Returns:
- the intent value.
-
startTimeUtc
OffsetDateTime startTimeUtc()Gets the startTimeUtc property: The UTC time of the first event or activity included in the alert in ISO8601 format.- Returns:
- the startTimeUtc value.
-
endTimeUtc
OffsetDateTime endTimeUtc()Gets the endTimeUtc property: The UTC time of the last event or activity included in the alert in ISO8601 format.- Returns:
- the endTimeUtc value.
-
resourceIdentifiers
List<ResourceIdentifier> resourceIdentifiers()Gets the resourceIdentifiers property: The resource identifiers that can be used to direct the alert to the right product exposure group (tenant, workspace, subscription etc.). There can be multiple identifiers of different type per alert.- Returns:
- the resourceIdentifiers value.
-
remediationSteps
Gets the remediationSteps property: Manual action items to take to remediate the alert.- Returns:
- the remediationSteps value.
-
vendorName
String vendorName()Gets the vendorName property: The name of the vendor that raises the alert.- Returns:
- the vendorName value.
-
status
AlertStatus status()Gets the status property: The life cycle status of the alert.- Returns:
- the status value.
-
extendedLinks
Gets the extendedLinks property: Links related to the alert.- Returns:
- the extendedLinks value.
-
alertUri
String alertUri()Gets the alertUri property: A direct link to the alert page in Azure Portal.- Returns:
- the alertUri value.
-
timeGeneratedUtc
OffsetDateTime timeGeneratedUtc()Gets the timeGeneratedUtc property: The UTC time the alert was generated in ISO8601 format.- Returns:
- the timeGeneratedUtc value.
-
productName
String productName()Gets the productName property: The name of the product which published this alert (Azure Security Center, Azure ATP, Microsoft Defender ATP, O365 ATP, MCAS, and so on).- Returns:
- the productName value.
-
processingEndTimeUtc
OffsetDateTime processingEndTimeUtc()Gets the processingEndTimeUtc property: The UTC processing end time of the alert in ISO8601 format.- Returns:
- the processingEndTimeUtc value.
-
entities
List<AlertEntity> entities()Gets the entities property: A list of entities related to the alert.- Returns:
- the entities value.
-
isIncident
Boolean isIncident()Gets the isIncident property: This field determines whether the alert is an incident (a compound grouping of several alerts) or a single alert.- Returns:
- the isIncident value.
-
correlationKey
String correlationKey()Gets the correlationKey property: Key for corelating related alerts. Alerts with the same correlation key considered to be related.- Returns:
- the correlationKey value.
-
extendedProperties
Gets the extendedProperties property: Custom properties for the alert.- Returns:
- the extendedProperties value.
-
compromisedEntity
String compromisedEntity()Gets the compromisedEntity property: The display name of the resource most related to this alert.- Returns:
- the compromisedEntity value.
-
techniques
Gets the techniques property: kill chain related techniques behind the alert.- Returns:
- the techniques value.
-
subTechniques
Gets the subTechniques property: Kill chain related sub-techniques behind the alert.- Returns:
- the subTechniques value.
-
supportingEvidence
AlertPropertiesSupportingEvidence supportingEvidence()Gets the supportingEvidence property: Changing set of properties depending on the supportingEvidence type.- Returns:
- the supportingEvidence value.
-
innerModel
AlertInner innerModel()Gets the inner com.azure.resourcemanager.security.fluent.models.AlertInner object.- Returns:
- the inner object.
-