SecurityAlertProperties | @azure/arm-securityinsight

SecurityAlert entity property bag.

Hierarchy

EntityCommonProperties
- SecurityAlertProperties

Properties

Optional additionalData

additionalData: undefined | {}

A bag of custom fields that should be part of the entity and will be presented to the user. NOTE: This property will not be serialized. It can only be populated by the server.

Optional alertDisplayName

alertDisplayName: undefined | string

The display name of the alert. NOTE: This property will not be serialized. It can only be populated by the server.

Optional alertLink

alertLink: undefined | string

The uri link of the alert. NOTE: This property will not be serialized. It can only be populated by the server.

Optional alertType

alertType: undefined | string

The type name of the alert. NOTE: This property will not be serialized. It can only be populated by the server.

Optional compromisedEntity

compromisedEntity: undefined | string

Display name of the main entity being reported on. NOTE: This property will not be serialized. It can only be populated by the server.

Optional confidenceLevel

confidenceLevel: ConfidenceLevel

The confidence level of this alert. NOTE: This property will not be serialized. It can only be populated by the server.

Optional confidenceReasons

confidenceReasons: SecurityAlertPropertiesConfidenceReasonsItem[]

The confidence reasons NOTE: This property will not be serialized. It can only be populated by the server.

Optional confidenceScore

confidenceScore: undefined | number

The confidence score of the alert. NOTE: This property will not be serialized. It can only be populated by the server.

Optional confidenceScoreStatus

confidenceScoreStatus: ConfidenceScoreStatus

The confidence score calculation status, i.e. indicating if score calculation is pending for this alert, not applicable or final. NOTE: This property will not be serialized. It can only be populated by the server.

Optional description

description: undefined | string

Alert description. NOTE: This property will not be serialized. It can only be populated by the server.

Optional endTimeUtc

endTimeUtc: Date

The impact end time of the alert (the time of the last event contributing to the alert). NOTE: This property will not be serialized. It can only be populated by the server.

Optional friendlyName

friendlyName: undefined | string

The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. NOTE: This property will not be serialized. It can only be populated by the server.

Optional intent

intent: KillChainIntent

Holds the alert intent stage(s) mapping for this alert. NOTE: This property will not be serialized. It can only be populated by the server.

Optional processingEndTime

processingEndTime: Date

The time the alert was made available for consumption. NOTE: This property will not be serialized. It can only be populated by the server.

Optional productComponentName

productComponentName: undefined | string

The name of a component inside the product which generated the alert. NOTE: This property will not be serialized. It can only be populated by the server.

Optional productName

productName: undefined | string

The name of the product which published this alert. NOTE: This property will not be serialized. It can only be populated by the server.

Optional productVersion

productVersion: undefined | string

The version of the product generating the alert. NOTE: This property will not be serialized. It can only be populated by the server.

Optional providerAlertId

providerAlertId: undefined | string

The identifier of the alert inside the product which generated the alert. NOTE: This property will not be serialized. It can only be populated by the server.

Optional remediationSteps

remediationSteps: string[]

Manual action items to take to remediate the alert. NOTE: This property will not be serialized. It can only be populated by the server.

Optional resourceIdentifiers

resourceIdentifiers: Record<string, unknown>[]

The list of resource identifiers of the alert. NOTE: This property will not be serialized. It can only be populated by the server.

Optional severity

severity: AlertSeverity

The severity of the alert

Optional startTimeUtc

startTimeUtc: Date

The impact start time of the alert (the time of the first event contributing to the alert). NOTE: This property will not be serialized. It can only be populated by the server.

Optional status

status: AlertStatus

The lifecycle status of the alert. NOTE: This property will not be serialized. It can only be populated by the server.

Optional systemAlertId

systemAlertId: undefined | string

Holds the product identifier of the alert for the product. NOTE: This property will not be serialized. It can only be populated by the server.

Optional tactics

tactics: AttackTactic[]

The tactics of the alert NOTE: This property will not be serialized. It can only be populated by the server.

Optional timeGenerated

timeGenerated: Date

The time the alert was generated. NOTE: This property will not be serialized. It can only be populated by the server.

Optional vendorName

vendorName: undefined | string

The name of the vendor that raise the alert. NOTE: This property will not be serialized. It can only be populated by the server.

Interface SecurityAlertProperties

Hierarchy

Index

Properties

Properties

Optional additionalData

Optional alertDisplayName

Optional alertLink

Optional alertType

Optional compromisedEntity

Optional confidenceLevel

Optional confidenceReasons

Optional confidenceScore

Optional confidenceScoreStatus

Optional description

Optional endTimeUtc

Optional friendlyName

Optional intent

Optional processingEndTime

Optional productComponentName

Optional productName

Optional productVersion

Optional providerAlertId

Optional remediationSteps

Optional resourceIdentifiers

Optional severity

Optional startTimeUtc

Optional status

Optional systemAlertId

Optional tactics

Optional timeGenerated

Optional vendorName