Package version:

Interface Alert

Security alert

Hierarchy

Properties

alertDisplayName? alertType? alertUri? compromisedEntity? correlationKey? description? endTimeUtc? entities? extendedLinks? extendedProperties? id? intent? isIncident? name? processingEndTimeUtc? productComponentName? productName? remediationSteps? resourceIdentifiers? severity? startTimeUtc? status? subTechniques? supportingEvidence? systemAlertId? techniques? timeGeneratedUtc? type? vendorName? version?

Properties

Optional Readonly alertDisplayName

alertDisplayName?: string

The display name of the alert. NOTE: This property will not be serialized. It can only be populated by the server.

Optional Readonly alertType

alertType?: string

Unique identifier for the detection logic (all alert instances from the same detection logic will have the same alertType). NOTE: This property will not be serialized. It can only be populated by the server.

Optional Readonly alertUri

alertUri?: string

A direct link to the alert page in Azure Portal. NOTE: This property will not be serialized. It can only be populated by the server.

Optional Readonly compromisedEntity

compromisedEntity?: string

The display name of the resource most related to this alert. NOTE: This property will not be serialized. It can only be populated by the server.

Optional Readonly correlationKey

correlationKey?: string

Key for corelating related alerts. Alerts with the same correlation key considered to be related. NOTE: This property will not be serialized. It can only be populated by the server.

Optional Readonly description

description?: string

Description of the suspicious activity that was detected. NOTE: This property will not be serialized. It can only be populated by the server.

Optional Readonly endTimeUtc

endTimeUtc?: Date

The UTC time of the last event or activity included in the alert in ISO8601 format. NOTE: This property will not be serialized. It can only be populated by the server.

Optional Readonly entities

entities?: AlertEntity[]

A list of entities related to the alert. NOTE: This property will not be serialized. It can only be populated by the server.

Optional Readonly extendedLinks

extendedLinks?: {
    [propertyName: string]: string;
}[]

Links related to the alert NOTE: This property will not be serialized. It can only be populated by the server.

Optional extendedProperties

extendedProperties?: {
    [propertyName: string]: string;
}

Custom properties for the alert.

Type declaration

  • [propertyName: string]: string

Optional Readonly id

id?: string

Resource Id NOTE: This property will not be serialized. It can only be populated by the server.

Optional Readonly intent

intent?: string

The kill chain related intent behind the alert. For list of supported values, and explanations of Azure Security Center's supported kill chain intents. NOTE: This property will not be serialized. It can only be populated by the server.

Optional Readonly isIncident

isIncident?: boolean

This field determines whether the alert is an incident (a compound grouping of several alerts) or a single alert. NOTE: This property will not be serialized. It can only be populated by the server.

Optional Readonly name

name?: string

Resource name NOTE: This property will not be serialized. It can only be populated by the server.

Optional Readonly processingEndTimeUtc

processingEndTimeUtc?: Date

The UTC processing end time of the alert in ISO8601 format. NOTE: This property will not be serialized. It can only be populated by the server.

Optional Readonly productComponentName

productComponentName?: string

The name of Azure Security Center pricing tier which powering this alert. Learn more: https://docs.microsoft.com/en-us/azure/security-center/security-center-pricing NOTE: This property will not be serialized. It can only be populated by the server.

Optional Readonly productName

productName?: string

The name of the product which published this alert (Azure Security Center, Azure ATP, Microsoft Defender ATP, O365 ATP, MCAS, and so on). NOTE: This property will not be serialized. It can only be populated by the server.

Optional Readonly remediationSteps

remediationSteps?: string[]

Manual action items to take to remediate the alert. NOTE: This property will not be serialized. It can only be populated by the server.

Optional Readonly resourceIdentifiers

resourceIdentifiers?: ResourceIdentifierUnion[]

The resource identifiers that can be used to direct the alert to the right product exposure group (tenant, workspace, subscription etc.). There can be multiple identifiers of different type per alert. NOTE: This property will not be serialized. It can only be populated by the server.

Optional Readonly severity

severity?: string

The risk level of the threat that was detected. Learn more: https://docs.microsoft.com/en-us/azure/security-center/security-center-alerts-overview#how-are-alerts-classified. NOTE: This property will not be serialized. It can only be populated by the server.

Optional Readonly startTimeUtc

startTimeUtc?: Date

The UTC time of the first event or activity included in the alert in ISO8601 format. NOTE: This property will not be serialized. It can only be populated by the server.

Optional Readonly status

status?: string

The life cycle status of the alert. NOTE: This property will not be serialized. It can only be populated by the server.

Optional Readonly subTechniques

subTechniques?: string[]

Kill chain related sub-techniques behind the alert. NOTE: This property will not be serialized. It can only be populated by the server.

Optional supportingEvidence

supportingEvidence?: AlertPropertiesSupportingEvidence

Changing set of properties depending on the supportingEvidence type.

Optional Readonly systemAlertId

systemAlertId?: string

Unique identifier for the alert. NOTE: This property will not be serialized. It can only be populated by the server.

Optional Readonly techniques

techniques?: string[]

kill chain related techniques behind the alert. NOTE: This property will not be serialized. It can only be populated by the server.

Optional Readonly timeGeneratedUtc

timeGeneratedUtc?: Date

The UTC time the alert was generated in ISO8601 format. NOTE: This property will not be serialized. It can only be populated by the server.

Optional Readonly type

type?: string

Resource type NOTE: This property will not be serialized. It can only be populated by the server.

Optional Readonly vendorName

vendorName?: string

The name of the vendor that raises the alert. NOTE: This property will not be serialized. It can only be populated by the server.

Optional Readonly version

version?: string

Schema version. NOTE: This property will not be serialized. It can only be populated by the server.

Settings

Member Visibility

Theme

Generated using TypeDoc