Share via


Alert Class

Definition

Security alert

[Microsoft.Rest.Serialization.JsonTransformation]
public class Alert : Microsoft.Azure.Management.Security.Models.Resource
[<Microsoft.Rest.Serialization.JsonTransformation>]
type Alert = class
    inherit Resource
Public Class Alert
Inherits Resource
Inheritance
Attributes

Constructors

Alert()

Initializes a new instance of the Alert class.

Alert(String, String, String, String, String, String, String, String, String, String, String, Nullable<DateTime>, Nullable<DateTime>, IList<ResourceIdentifier>, IList<String>, String, String, IList<IDictionary<String, String>>, String, Nullable<DateTime>, String, Nullable<DateTime>, IList<AlertEntity>, Nullable<Boolean>, String, IDictionary<String, String>, String, IList<String>, IList<String>, AlertPropertiesSupportingEvidence)

Initializes a new instance of the Alert class.

Properties

AlertDisplayName

Gets the display name of the alert.

AlertType

Gets unique identifier for the detection logic (all alert instances from the same detection logic will have the same alertType).

AlertUri

Gets a direct link to the alert page in Azure Portal.

CompromisedEntity

Gets the display name of the resource most related to this alert.

CorrelationKey

Gets key for corelating related alerts. Alerts with the same correlation key considered to be related.

Description

Gets description of the suspicious activity that was detected.

EndTimeUtc

Gets the UTC time of the last event or activity included in the alert in ISO8601 format.

Entities

Gets a list of entities related to the alert.

ExtendedLinks

Gets links related to the alert

ExtendedProperties

Gets or sets custom properties for the alert.

Id

Gets resource Id

(Inherited from Resource)
Intent

Gets the kill chain related intent behind the alert. For list of supported values, and explanations of Azure Security Center's supported kill chain intents. Possible values include: 'Unknown', 'PreAttack', 'InitialAccess', 'Persistence', 'PrivilegeEscalation', 'DefenseEvasion', 'CredentialAccess', 'Discovery', 'LateralMovement', 'Execution', 'Collection', 'Exfiltration', 'CommandAndControl', 'Impact', 'Probing', 'Exploitation'

IsIncident

Gets this field determines whether the alert is an incident (a compound grouping of several alerts) or a single alert.

Name

Gets resource name

(Inherited from Resource)
ProcessingEndTimeUtc

Gets the UTC processing end time of the alert in ISO8601 format.

ProductComponentName

Gets the name of Azure Security Center pricing tier which powering this alert. Learn more: https://docs.microsoft.com/en-us/azure/security-center/security-center-pricing

ProductName

Gets the name of the product which published this alert (Microsoft Sentinel, Microsoft Defender for Identity, Microsoft Defender for Endpoint, Microsoft Defender for Office, Microsoft Defender for Cloud Apps, and so on).

RemediationSteps

Gets manual action items to take to remediate the alert.

ResourceIdentifiers

Gets the resource identifiers that can be used to direct the alert to the right product exposure group (tenant, workspace, subscription etc.). There can be multiple identifiers of different type per alert.

Severity

Gets the risk level of the threat that was detected. Learn more: https://docs.microsoft.com/en-us/azure/security-center/security-center-alerts-overview#how-are-alerts-classified. Possible values include: 'Informational', 'Low', 'Medium', 'High'

StartTimeUtc

Gets the UTC time of the first event or activity included in the alert in ISO8601 format.

Status

Gets the life cycle status of the alert. Possible values include: 'Active', 'InProgress', 'Resolved', 'Dismissed'

SubTechniques

Gets kill chain related sub-techniques behind the alert.

SupportingEvidence

Gets or sets changing set of properties depending on the supportingEvidence type.

SystemAlertId

Gets unique identifier for the alert.

Techniques

Gets kill chain related techniques behind the alert.

TimeGeneratedUtc

Gets the UTC time the alert was generated in ISO8601 format.

Type

Gets resource type

(Inherited from Resource)
VendorName

Gets the name of the vendor that raises the alert.

Version

Gets schema version.

Extension Methods

ConvertToPSType(Alert)

Applies to