Alert Class
Definition
Important
Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
Security alert
[Microsoft.Rest.Serialization.JsonTransformation]
public class Alert : Microsoft.Azure.Management.Security.Models.Resource
[<Microsoft.Rest.Serialization.JsonTransformation>]
type Alert = class
inherit Resource
Public Class Alert
Inherits Resource
- Inheritance
- Attributes
Constructors
Properties
AlertDisplayName |
Gets the display name of the alert. |
AlertType |
Gets unique identifier for the detection logic (all alert instances from the same detection logic will have the same alertType). |
AlertUri |
Gets a direct link to the alert page in Azure Portal. |
CompromisedEntity |
Gets the display name of the resource most related to this alert. |
CorrelationKey |
Gets key for corelating related alerts. Alerts with the same correlation key considered to be related. |
Description |
Gets description of the suspicious activity that was detected. |
EndTimeUtc |
Gets the UTC time of the last event or activity included in the alert in ISO8601 format. |
Entities |
Gets a list of entities related to the alert. |
ExtendedLinks |
Gets links related to the alert |
ExtendedProperties |
Gets or sets custom properties for the alert. |
Id |
Gets resource Id (Inherited from Resource) |
Intent |
Gets the kill chain related intent behind the alert. For list of supported values, and explanations of Azure Security Center's supported kill chain intents. Possible values include: 'Unknown', 'PreAttack', 'InitialAccess', 'Persistence', 'PrivilegeEscalation', 'DefenseEvasion', 'CredentialAccess', 'Discovery', 'LateralMovement', 'Execution', 'Collection', 'Exfiltration', 'CommandAndControl', 'Impact', 'Probing', 'Exploitation' |
IsIncident |
Gets this field determines whether the alert is an incident (a compound grouping of several alerts) or a single alert. |
Name |
Gets resource name (Inherited from Resource) |
ProcessingEndTimeUtc |
Gets the UTC processing end time of the alert in ISO8601 format. |
ProductComponentName |
Gets the name of Azure Security Center pricing tier which powering this alert. Learn more: https://docs.microsoft.com/en-us/azure/security-center/security-center-pricing |
ProductName |
Gets the name of the product which published this alert (Microsoft Sentinel, Microsoft Defender for Identity, Microsoft Defender for Endpoint, Microsoft Defender for Office, Microsoft Defender for Cloud Apps, and so on). |
RemediationSteps |
Gets manual action items to take to remediate the alert. |
ResourceIdentifiers |
Gets the resource identifiers that can be used to direct the alert to the right product exposure group (tenant, workspace, subscription etc.). There can be multiple identifiers of different type per alert. |
Severity |
Gets the risk level of the threat that was detected. Learn more: https://docs.microsoft.com/en-us/azure/security-center/security-center-alerts-overview#how-are-alerts-classified. Possible values include: 'Informational', 'Low', 'Medium', 'High' |
StartTimeUtc |
Gets the UTC time of the first event or activity included in the alert in ISO8601 format. |
Status |
Gets the life cycle status of the alert. Possible values include: 'Active', 'InProgress', 'Resolved', 'Dismissed' |
SubTechniques |
Gets kill chain related sub-techniques behind the alert. |
SupportingEvidence |
Gets or sets changing set of properties depending on the supportingEvidence type. |
SystemAlertId |
Gets unique identifier for the alert. |
Techniques |
Gets kill chain related techniques behind the alert. |
TimeGeneratedUtc |
Gets the UTC time the alert was generated in ISO8601 format. |
Type |
Gets resource type (Inherited from Resource) |
VendorName |
Gets the name of the vendor that raises the alert. |
Version |
Gets schema version. |
Extension Methods
ConvertToPSType(Alert) |