Optional
Readonly
alertThe display name of the alert. NOTE: This property will not be serialized. It can only be populated by the server.
Optional
Readonly
alertUnique identifier for the detection logic (all alert instances from the same detection logic will have the same alertType). NOTE: This property will not be serialized. It can only be populated by the server.
Optional
Readonly
alertA direct link to the alert page in Azure Portal. NOTE: This property will not be serialized. It can only be populated by the server.
Optional
Readonly
compromisedThe display name of the resource most related to this alert. NOTE: This property will not be serialized. It can only be populated by the server.
Optional
Readonly
correlationKey for corelating related alerts. Alerts with the same correlation key considered to be related. NOTE: This property will not be serialized. It can only be populated by the server.
Optional
Readonly
descriptionDescription of the suspicious activity that was detected. NOTE: This property will not be serialized. It can only be populated by the server.
Optional
Readonly
endThe UTC time of the last event or activity included in the alert in ISO8601 format. NOTE: This property will not be serialized. It can only be populated by the server.
Optional
Readonly
entitiesA list of entities related to the alert. NOTE: This property will not be serialized. It can only be populated by the server.
Optional
Readonly
extendedLinks related to the alert NOTE: This property will not be serialized. It can only be populated by the server.
Optional
extendedCustom properties for the alert.
Optional
Readonly
idResource Id NOTE: This property will not be serialized. It can only be populated by the server.
Optional
Readonly
intentThe kill chain related intent behind the alert. For list of supported values, and explanations of Azure Security Center's supported kill chain intents. NOTE: This property will not be serialized. It can only be populated by the server.
Optional
Readonly
isThis field determines whether the alert is an incident (a compound grouping of several alerts) or a single alert. NOTE: This property will not be serialized. It can only be populated by the server.
Optional
Readonly
nameResource name NOTE: This property will not be serialized. It can only be populated by the server.
Optional
Readonly
processingThe UTC processing end time of the alert in ISO8601 format. NOTE: This property will not be serialized. It can only be populated by the server.
Optional
Readonly
productThe name of Azure Security Center pricing tier which powering this alert. Learn more: https://docs.microsoft.com/en-us/azure/security-center/security-center-pricing NOTE: This property will not be serialized. It can only be populated by the server.
Optional
Readonly
productThe name of the product which published this alert (Azure Security Center, Azure ATP, Microsoft Defender ATP, O365 ATP, MCAS, and so on). NOTE: This property will not be serialized. It can only be populated by the server.
Optional
Readonly
remediationManual action items to take to remediate the alert. NOTE: This property will not be serialized. It can only be populated by the server.
Optional
Readonly
resourceThe resource identifiers that can be used to direct the alert to the right product exposure group (tenant, workspace, subscription etc.). There can be multiple identifiers of different type per alert. NOTE: This property will not be serialized. It can only be populated by the server.
Optional
Readonly
severityThe risk level of the threat that was detected. Learn more: https://docs.microsoft.com/en-us/azure/security-center/security-center-alerts-overview#how-are-alerts-classified. NOTE: This property will not be serialized. It can only be populated by the server.
Optional
Readonly
startThe UTC time of the first event or activity included in the alert in ISO8601 format. NOTE: This property will not be serialized. It can only be populated by the server.
Optional
Readonly
statusThe life cycle status of the alert. NOTE: This property will not be serialized. It can only be populated by the server.
Optional
Readonly
subKill chain related sub-techniques behind the alert. NOTE: This property will not be serialized. It can only be populated by the server.
Optional
supportingChanging set of properties depending on the supportingEvidence type.
Optional
Readonly
systemUnique identifier for the alert. NOTE: This property will not be serialized. It can only be populated by the server.
Optional
Readonly
techniqueskill chain related techniques behind the alert. NOTE: This property will not be serialized. It can only be populated by the server.
Optional
Readonly
timeThe UTC time the alert was generated in ISO8601 format. NOTE: This property will not be serialized. It can only be populated by the server.
Optional
Readonly
typeResource type NOTE: This property will not be serialized. It can only be populated by the server.
Optional
Readonly
vendorThe name of the vendor that raises the alert. NOTE: This property will not be serialized. It can only be populated by the server.
Optional
Readonly
versionSchema version. NOTE: This property will not be serialized. It can only be populated by the server.
Generated using TypeDoc
Security alert