registryValueEvidence resource type
Namespace: microsoft.graph.security
Important
APIs under the /beta version in Microsoft Graph are subject to change. Use of these APIs in production applications is not supported. To determine whether an API is available in v1.0, use the Version selector.
A registry value that is reported in the alert as evidence.
Inherits from alertEvidence.
Properties
| Property | Type | Description |
|---|---|---|
| mdeDeviceId | String | A unique identifier assigned to a device by Microsoft Defender for Endpoint. |
| registryHive | String | Registry hive of the key that the recorded action was applied to. |
| registryKey | String | Registry key that the recorded action was applied to. |
| registryValue | String | Data of the registry value that the recorded action was applied to. |
| registryValueName | String | Name of the registry value that the recorded action was applied to. |
| registryValueType | String | Data type, such as binary or string, of the registry value that the recorded action was applied to. |
Relationships
None.
JSON representation
The following JSON representation shows the resource type.
{
"@odata.type": "#microsoft.graph.security.registryValueEvidence",
"createdDateTime": "String (timestamp)",
"verdict": "String",
"remediationStatus": "String",
"remediationStatusDetails": "String",
"roles": [
"String"
],
"detailedRoles": [
"String"
],
"tags": [
"String"
],
"mdeDeviceId": "String",
"registryKey": "String",
"registryHive": "String",
"registryValue": "String",
"registryValueName": "String",
"registryValueType": "String"
}