Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support Namespace
Important
Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
Classes
| AlertDetailTypeConverter |
Alert detail |
| AlertRuleKindTypeConverter |
The kind of the alert rule |
| AlertSeverityTypeConverter |
The severity of the alert |
| AlertStatusTypeConverter |
The lifecycle status of the alert. |
| AntispamMailDirectionTypeConverter |
The directionality of this mail message |
| AttackTacticTypeConverter |
A list of relevant mitre attacks. |
| AutomationRuleActionTypeTypeConverter |
The type of the automation rule action |
| AutomationRulePropertyConditionSupportedOperatorTypeConverter |
The operator to use for evaluation the condition |
| AutomationRulePropertyConditionSupportedPropertyTypeConverter |
The property to evaluate in an automation rule property condition |
| ConfidenceLevelTypeConverter |
The confidence level of this alert. |
| ConfidenceScoreStatusTypeConverter |
The confidence score calculation status, i.e. indicating if score calculation is pending for this alert, not applicable or final. |
| ConnectAuthKindTypeConverter |
The authentication kind used to poll the data |
| ConnectivityTypeTypeConverter |
type of connectivity |
| ContentTypeTypeConverter |
The content type of a source control path. |
| CreatedByTypeTypeConverter |
The type of identity that created the resource. |
| DataConnectorAuthorizationStateTypeConverter |
Describes the state of user's authorization for a connector kind. |
| DataConnectorKindTypeConverter |
The kind of the data connector |
| DataConnectorLicenseStateTypeConverter |
Describes the state of user's license for a connector kind. |
| DataTypeStateTypeConverter |
Describe whether this data type connection is enabled or not. |
| DeliveryActionTypeConverter |
The delivery action of this mail message like Delivered, Blocked, Replaced etc |
| DeliveryLocationTypeConverter |
The delivery location of this mail message like Inbox, JunkFolder etc |
| ElevationTokenTypeConverter |
The elevation token associated with the process. |
| EntityKindTypeConverter |
The kind of the entity |
| EntityMappingTypeTypeConverter |
The V3 type of the mapped entity |
| EntityQueryKindTypeConverter |
The kind of the entity query |
| EntityTimelineKindTypeConverter |
The entity query kind |
| EntityTypeTypeConverter |
The type of the entity |
| EventGroupingAggregationKindTypeConverter |
The event grouping aggregation kinds |
| FileHashAlgorithmTypeConverter |
The hash algorithm type. |
| IncidentClassificationReasonTypeConverter |
The classification reason the incident was closed with |
| IncidentClassificationTypeConverter |
The reason the incident was closed |
| IncidentLabelTypeTypeConverter |
The type of the label |
| IncidentSeverityTypeConverter |
The severity of the incident |
| IncidentStatusTypeConverter |
The status of the incident |
| KillChainIntentTypeConverter |
Holds the alert intent stage(s) mapping for this alert. |
| KindTypeConverter |
The kind of content the metadata is for. |
| MatchingMethodTypeConverter |
Grouping matching method. When method is Selected at least one of groupByEntities, groupByAlertDetails, groupByCustomDetails must be provided and not empty. |
| MicrosoftSecurityProductNameTypeConverter |
The alerts' productName on which the cases will be generated |
| OperatorTypeConverter |
Operator used for list of dependencies in criteria array. |
| OSFamilyTypeConverter |
The operating system type. |
| OutputTypeTypeConverter |
Insights Column type. |
| OwnerTypeTypeConverter |
The type of the owner the incident is assigned to. |
| PermissionProviderScopeTypeConverter |
Permission provider scope |
| PollingFrequencyTypeConverter |
The polling frequency for the TAXII server. |
| ProviderNameTypeConverter |
Provider name |
| RegistryHiveTypeConverter |
the hive that holds the registry key. |
| RegistryValueKindTypeConverter |
Specifies the data types to use when storing values in the registry, or identifies the data type of a value in the registry. |
| RepoTypeTypeConverter |
The type of repository. |
| SettingKindTypeConverter |
The kind of the setting |
| SettingTypeTypeConverter |
The kind of the setting |
| SkuKindTypeConverter |
The kind of the tier |
| SourceKindTypeConverter |
Source type of the content |
| SupportTierTypeConverter |
Type of support for content item |
| TemplateStatusTypeConverter |
The alert rule template status. |
| ThreatIntelligenceSortingCriteriaEnumTypeConverter |
Sorting order (ascending/descending/unsorted). |
| TriggerOperatorTypeConverter |
The operation against the threshold that triggers alert rule. |
| UebaDataSourcesTypeConverter |
The data source that enriched by ueba. |
Structs
| AlertDetail |
Alert detail |
| AlertRuleKind |
The kind of the alert rule |
| AlertSeverity |
The severity of the alert |
| AlertStatus |
The lifecycle status of the alert. |
| AntispamMailDirection |
The directionality of this mail message |
| AttackTactic |
A list of relevant mitre attacks. |
| AutomationRuleActionType |
The type of the automation rule action |
| AutomationRulePropertyConditionSupportedOperator |
The operator to use for evaluation the condition |
| AutomationRulePropertyConditionSupportedProperty |
The property to evaluate in an automation rule property condition |
| ConfidenceLevel |
The confidence level of this alert. |
| ConfidenceScoreStatus |
The confidence score calculation status, i.e. indicating if score calculation is pending for this alert, not applicable or final. |
| ConnectAuthKind |
The authentication kind used to poll the data |
| ConnectivityType |
type of connectivity |
| ContentType |
The content type of a source control path. |
| CreatedByType |
The type of identity that created the resource. |
| DataConnectorAuthorizationState |
Describes the state of user's authorization for a connector kind. |
| DataConnectorKind |
The kind of the data connector |
| DataConnectorLicenseState |
Describes the state of user's license for a connector kind. |
| DataTypeState |
Describe whether this data type connection is enabled or not. |
| DeliveryAction |
The delivery action of this mail message like Delivered, Blocked, Replaced etc |
| DeliveryLocation |
The delivery location of this mail message like Inbox, JunkFolder etc |
| ElevationToken |
The elevation token associated with the process. |
| EntityKind |
The kind of the entity |
| EntityMappingType |
The V3 type of the mapped entity |
| EntityQueryKind |
The kind of the entity query |
| EntityTimelineKind |
The entity query kind |
| EntityType |
The type of the entity |
| EventGroupingAggregationKind |
The event grouping aggregation kinds |
| FileHashAlgorithm |
The hash algorithm type. |
| IncidentClassification |
The reason the incident was closed |
| IncidentClassificationReason |
The classification reason the incident was closed with |
| IncidentLabelType |
The type of the label |
| IncidentSeverity |
The severity of the incident |
| IncidentStatus |
The status of the incident |
| KillChainIntent |
Holds the alert intent stage(s) mapping for this alert. |
| Kind |
The kind of content the metadata is for. |
| MatchingMethod |
Grouping matching method. When method is Selected at least one of groupByEntities, groupByAlertDetails, groupByCustomDetails must be provided and not empty. |
| MicrosoftSecurityProductName |
The alerts' productName on which the cases will be generated |
| Operator |
Operator used for list of dependencies in criteria array. |
| OSFamily |
The operating system type. |
| OutputType |
Insights Column type. |
| OwnerType |
The type of the owner the incident is assigned to. |
| PermissionProviderScope |
Permission provider scope |
| PollingFrequency |
The polling frequency for the TAXII server. |
| ProviderName |
Provider name |
| RegistryHive |
the hive that holds the registry key. |
| RegistryValueKind |
Specifies the data types to use when storing values in the registry, or identifies the data type of a value in the registry. |
| RepoType |
The type of repository. |
| SettingKind |
The kind of the setting |
| SettingType |
The kind of the setting |
| SkuKind |
The kind of the tier |
| SourceKind |
Source type of the content |
| SupportTier |
Type of support for content item |
| TemplateStatus |
The alert rule template status. |
| ThreatIntelligenceSortingCriteriaEnum |
Sorting order (ascending/descending/unsorted). |
| TriggerOperator |
The operation against the threshold that triggers alert rule. |
| UebaDataSources |
The data source that enriched by ueba. |