Azure.ResourceManager.SecurityInsights.Models Namespace
Important
Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
Classes
| AlertRuleTemplateDataSource |
alert rule template data sources. |
| AnomalySecurityMLAnalyticsSettings |
Represents Anomaly Security ML Analytics Settings. |
| ArmSecurityInsightsModelFactory |
Model factory for models. |
| AutomationRuleModifyPropertiesAction |
Describes an automation rule action to modify an object's properties. |
| AutomationRulePropertyArrayChangedValuesCondition |
The AutomationRulePropertyArrayChangedValuesCondition. |
| AutomationRulePropertyValuesChangedCondition |
The AutomationRulePropertyValuesChangedCondition. |
| AutomationRulePropertyValuesCondition |
The AutomationRulePropertyValuesCondition. |
| AutomationRuleRunPlaybookAction |
Describes an automation rule action to run a playbook. |
| AutomationRuleRunPlaybookActionProperties |
The AutomationRuleRunPlaybookActionProperties. |
| McasDataConnector |
Represents MCAS (Microsoft Cloud App Security) data connector. |
| McasDataConnectorDataTypes |
The available data types for MCAS (Microsoft Cloud App Security) data connector. |
| MdatpDataConnector |
Represents MDATP (Microsoft Defender Advanced Threat Protection) data connector. |
| MicrosoftSecurityIncidentCreationAlertRule |
Represents MicrosoftSecurityIncidentCreation rule. |
| MicrosoftSecurityIncidentCreationAlertRuleTemplate |
Represents MicrosoftSecurityIncidentCreation rule template. |
| ScheduledAlertRuleTemplate |
Represents scheduled alert rule template. |
| SecurityInsightsAadDataConnector |
Represents AAD (Azure Active Directory) data connector. |
| SecurityInsightsAatpDataConnector |
Represents AATP (Azure Advanced Threat Protection) data connector. |
| SecurityInsightsAccountEntity |
Represents an account entity. |
| SecurityInsightsAlert |
Represents a security alert entity. |
| SecurityInsightsAlertConfidenceReason |
confidence reason item. |
| SecurityInsightsAlertDetailsOverride |
Settings for how to dynamically override alert static details. |
| SecurityInsightsAlertRuleActionCreateOrUpdateContent |
Action for alert rule. |
| SecurityInsightsAlertRuleEntityMapping |
Single entity mapping for the alert rule. |
| SecurityInsightsAlertsDataTypeOfDataConnector |
Alerts data type for data connectors. |
| SecurityInsightsAscDataConnector |
Represents ASC (Azure Security Center) data connector. |
| SecurityInsightsAutomationRuleAction |
Describes an automation rule action. Please note SecurityInsightsAutomationRuleAction is the base class. According to the scenario, a derived class of the base class might need to be assigned here, or this property needs to be casted to one of the possible derived classes. The available derived classes include AutomationRuleModifyPropertiesAction and AutomationRuleRunPlaybookAction. |
| SecurityInsightsAutomationRuleCondition |
Describes an automation rule condition. Please note SecurityInsightsAutomationRuleCondition is the base class. According to the scenario, a derived class of the base class might need to be assigned here, or this property needs to be casted to one of the possible derived classes. The available derived classes include SecurityInsightsPropertyConditionProperties, SecurityInsightsPropertyArrayChangedConditionProperties and SecurityInsightsPropertyChangedConditionProperties. |
| SecurityInsightsAutomationRuleTriggeringLogic |
Describes automation rule triggering logic. |
| SecurityInsightsAwsCloudTrailDataConnector |
Represents Amazon Web Services CloudTrail data connector. |
| SecurityInsightsAzureResourceEntity |
Represents an azure resource entity. |
| SecurityInsightsBookmarkIncidentInfo |
Describes related incident information for the bookmark. |
| SecurityInsightsClientInfo |
Information on the client (user or application) that made some action. |
| SecurityInsightsCloudApplicationEntity |
Represents a cloud application entity. |
| SecurityInsightsDnsEntity |
Represents a dns entity. |
| SecurityInsightsEntity |
Specific entity. Please note SecurityInsightsEntity is the base class. According to the scenario, a derived class of the base class might need to be assigned here, or this property needs to be casted to one of the possible derived classes. The available derived classes include SecurityInsightsAccountEntity, SecurityInsightsAzureResourceEntity, SecurityInsightsHuntingBookmark, SecurityInsightsCloudApplicationEntity, SecurityInsightsDnsEntity, SecurityInsightsFileEntity, SecurityInsightsFileHashEntity, SecurityInsightsHostEntity, SecurityInsightsIotDeviceEntity, SecurityInsightsIPEntity, SecurityInsightsMailClusterEntity, SecurityInsightsMailMessageEntity, SecurityInsightsMailboxEntity, SecurityInsightsMalwareEntity, SecurityInsightsProcessEntity, SecurityInsightsRegistryKeyEntity, SecurityInsightsRegistryValueEntity, SecurityInsightsAlert, SecurityInsightsGroupEntity, SecurityInsightsSubmissionMailEntity and SecurityInsightsUriEntity. |
| SecurityInsightsFieldMapping |
A single field mapping of the mapped entity. |
| SecurityInsightsFileEntity |
Represents a file entity. |
| SecurityInsightsFileHashEntity |
Represents a file hash entity. |
| SecurityInsightsFusionAlertRule |
Represents Fusion alert rule. |
| SecurityInsightsFusionAlertRuleTemplate |
Represents Fusion alert rule template. |
| SecurityInsightsGroupEntity |
Represents a security group entity. |
| SecurityInsightsGroupingConfiguration |
Grouping configuration property bag. |
| SecurityInsightsHostEntity |
Represents a host entity. |
| SecurityInsightsHuntingBookmark |
Represents a Hunting bookmark entity. |
| SecurityInsightsIncidentActionConfiguration |
The SecurityInsightsIncidentActionConfiguration. |
| SecurityInsightsIncidentAdditionalInfo |
Incident additional data property bag. |
| SecurityInsightsIncidentConfiguration |
Incident Configuration property bag. |
| SecurityInsightsIncidentEntitiesMetadata |
Information of a specific aggregation in the incident related entities result. |
| SecurityInsightsIncidentEntitiesResult |
The incident related entities response. |
| SecurityInsightsIncidentLabel |
Represents an incident label. |
| SecurityInsightsIncidentOwnerInfo |
Information on the user an incident is assigned to. |
| SecurityInsightsIotDeviceEntity |
Represents an IoT device entity. |
| SecurityInsightsIPEntity |
Represents an ip entity. |
| SecurityInsightsIPEntityGeoLocation |
The geo-location context attached to the ip entity. |
| SecurityInsightsMailboxEntity |
Represents a mailbox entity. |
| SecurityInsightsMailClusterEntity |
Represents a mail cluster entity. |
| SecurityInsightsMailMessageEntity |
Represents a mail message entity. |
| SecurityInsightsMalwareEntity |
Represents a malware entity. |
| SecurityInsightsOfficeDataConnector |
Represents office data connector. |
| SecurityInsightsOfficeDataConnectorDataTypes |
The available data types for office data connector. |
| SecurityInsightsProcessEntity |
Represents a process entity. |
| SecurityInsightsPropertyArrayChangedConditionProperties |
Describes an automation rule condition that evaluates an array property's value change. |
| SecurityInsightsPropertyChangedConditionProperties |
Describes an automation rule condition that evaluates a property's value change. |
| SecurityInsightsPropertyConditionProperties |
Describes an automation rule condition that evaluates a property's value. |
| SecurityInsightsRegistryKeyEntity |
Represents a registry key entity. |
| SecurityInsightsRegistryValueEntity |
Represents a registry value entity. |
| SecurityInsightsScheduledAlertRule |
Represents scheduled alert rule. |
| SecurityInsightsSubmissionMailEntity |
Represents a submission mail entity. |
| SecurityInsightsThreatIntelligence |
ThreatIntelligence property bag. |
| SecurityInsightsThreatIntelligenceIndicatorData |
Threat intelligence indicator entity. |
| SecurityInsightsTIDataConnector |
Represents threat intelligence data connector. |
| SecurityInsightsUriEntity |
Represents a url entity. |
| SecurityInsightsUserInfo |
User information that made some action. |
| SecurityMLAnalyticsSettingsDataSource |
security ml analytics settings data sources. |
| ThreatIntelligenceAppendTags |
Array of tags to be appended to the threat intelligence indicator. |
| ThreatIntelligenceExternalReference |
Describes external reference. |
| ThreatIntelligenceFilteringCriteria |
Filtering criteria for querying threat intelligence indicators. |
| ThreatIntelligenceGranularMarkingEntity |
Describes threat granular marking model entity. |
| ThreatIntelligenceKillChainPhase |
Describes threat kill chain phase entity. |
| ThreatIntelligenceMetric |
Describes threat intelligence metric. |
| ThreatIntelligenceMetricEntity |
Describes threat intelligence metric entity. |
| ThreatIntelligenceMetrics |
Threat intelligence metrics. |
| ThreatIntelligenceParsedPattern |
Describes parsed pattern entity. |
| ThreatIntelligenceParsedPatternTypeValue |
Describes threat kill chain phase entity. |
| ThreatIntelligenceSortingCriteria |
List of available columns for sorting. |
Structs
| AnomalySecurityMLAnalyticsSettingsStatus |
The anomaly SecurityMLAnalyticsSettings status. |
| AntispamMailDirection |
The directionality of this mail message. |
| AutomationRulePropertyArrayChangedConditionSupportedArrayType |
The AutomationRulePropertyArrayChangedConditionSupportedArrayType. |
| AutomationRulePropertyArrayChangedConditionSupportedChangeType |
The AutomationRulePropertyArrayChangedConditionSupportedChangeType. |
| AutomationRulePropertyChangedConditionSupportedChangedType |
The AutomationRulePropertyChangedConditionSupportedChangedType. |
| AutomationRulePropertyChangedConditionSupportedPropertyType |
The AutomationRulePropertyChangedConditionSupportedPropertyType. |
| AutomationRulePropertyConditionSupportedOperator |
The AutomationRulePropertyConditionSupportedOperator. |
| AutomationRulePropertyConditionSupportedProperty |
The property to evaluate in an automation rule property condition. |
| EventGroupingAggregationKind |
The event grouping aggregation kinds. |
| MicrosoftSecurityProductName |
The alerts' productName on which the cases will be generated. |
| SecurityInsightsAlertConfidenceLevel |
The confidence level of this alert. |
| SecurityInsightsAlertConfidenceScoreStatus |
The confidence score calculation status, i.e. indicating if score calculation is pending for this alert, not applicable or final. |
| SecurityInsightsAlertDetail |
Alert detail. |
| SecurityInsightsAlertRuleEntityMappingType |
The V3 type of the mapped entity. |
| SecurityInsightsAlertRuleTemplateStatus |
The alert rule template status. |
| SecurityInsightsAlertSeverity |
The severity of the alert. |
| SecurityInsightsAlertStatus |
The lifecycle status of the alert. |
| SecurityInsightsAttackTactic |
The severity for alerts created by this alert rule. |
| SecurityInsightsDataTypeConnectionState |
Describe whether this data type connection is enabled or not. |
| SecurityInsightsEntityKind |
The kind of the entity. |
| SecurityInsightsFileHashAlgorithm |
The hash algorithm type. |
| SecurityInsightsGroupingMatchingMethod |
Grouping matching method. When method is Selected at least one of groupByEntities, groupByAlertDetails, groupByCustomDetails must be provided and not empty. |
| SecurityInsightsIncidentClassification |
The reason the incident was closed. |
| SecurityInsightsIncidentClassificationReason |
The classification reason the incident was closed with. |
| SecurityInsightsIncidentLabelType |
The type of the label. |
| SecurityInsightsIncidentOwnerType |
The type of the owner the incident is assigned to. |
| SecurityInsightsIncidentSeverity |
The severity of the incident. |
| SecurityInsightsIncidentStatus |
The status of the incident. |
| SecurityInsightsKillChainIntent |
Holds the alert intent stage(s) mapping for this alert. |
| SecurityInsightsRegistryHive |
the hive that holds the registry key. |
| SecurityInsightsRegistryValueKind |
Specifies the data types to use when storing values in the registry, or identifies the data type of a value in the registry. |
| Source |
The source of the watchlist. |
| ThreatIntelligenceSortingOrder |
Sorting order (ascending/descending/unsorted). |
| TriggersOn |
The TriggersOn. |
| TriggersWhen |
The TriggersWhen. |
Enums
| SecurityInsightsAlertRuleTriggerOperator |
The operation against the threshold that triggers alert rule. |
| SecurityInsightsHostOSFamily |
The operating system type. |
| SecurityInsightsMailMessageDeliveryAction |
The delivery action of this mail message like Delivered, Blocked, Replaced etc. |
| SecurityInsightsMailMessageDeliveryLocation |
The delivery location of this mail message like Inbox, JunkFolder etc. |
| SecurityInsightsProcessElevationToken |
The elevation token associated with the process. |
Azure SDK for .NET
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for