Alert Interface
public interface Alert
An immutable client-side representation of Alert.
Method Summary
| Modifier and Type | Method and Description |
|---|---|
| abstract String |
alertDisplayName()
Gets the alert |
| abstract String |
alertType()
Gets the alert |
| abstract String |
alertUri()
Gets the alert |
| abstract String |
compromisedEntity()
Gets the compromised |
| abstract String |
correlationKey()
Gets the correlation |
| abstract String |
description()
Gets the description property: Description of the suspicious activity that was detected. |
|
abstract
Offset |
endTimeUtc()
Gets the end |
|
abstract
List<Alert |
entities()
Gets the entities property: A list of entities related to the alert. |
| abstract List<Map<String,String>> |
extendedLinks()
Gets the extended |
| abstract Map<String,String> |
extendedProperties()
Gets the extended |
| abstract String |
id()
Gets the id property: Fully qualified resource Id for the resource. |
|
abstract
Alert |
innerModel()
Gets the inner com. |
| abstract Intent |
intent()
Gets the intent property: The kill chain related intent behind the alert. |
| abstract Boolean |
isIncident()
Gets the is |
| abstract String |
name()
Gets the name property: The name of the resource. |
|
abstract
Offset |
processingEndTimeUtc()
Gets the processing |
| abstract String |
productComponentName()
Gets the product |
| abstract String |
productName()
Gets the product |
| abstract List<String> |
remediationSteps()
Gets the remediation |
|
abstract
List<Resource |
resourceIdentifiers()
Gets the resource |
|
abstract
Alert |
severity()
Gets the severity property: The risk level of the threat that was detected. |
|
abstract
Offset |
startTimeUtc()
Gets the start |
|
abstract
Alert |
status()
Gets the status property: The life cycle status of the alert. |
| abstract List<String> |
subTechniques()
Gets the sub |
|
abstract
Alert |
supportingEvidence()
Gets the supporting |
| abstract String |
systemAlertId()
Gets the system |
| abstract List<String> |
techniques()
Gets the techniques property: kill chain related techniques behind the alert. |
|
abstract
Offset |
timeGeneratedUtc()
Gets the time |
| abstract String |
type()
Gets the type property: The type of the resource. |
| abstract String |
vendorName()
Gets the vendor |
| abstract String |
version()
Gets the version property: Schema version. |
Method Details
alertDisplayName
public abstract String alertDisplayName()
Gets the alertDisplayName property: The display name of the alert.
Returns:
alertType
public abstract String alertType()
Gets the alertType property: Unique identifier for the detection logic (all alert instances from the same detection logic will have the same alertType).
Returns:
alertUri
public abstract String alertUri()
Gets the alertUri property: A direct link to the alert page in Azure Portal.
Returns:
compromisedEntity
public abstract String compromisedEntity()
Gets the compromisedEntity property: The display name of the resource most related to this alert.
Returns:
correlationKey
public abstract String correlationKey()
Gets the correlationKey property: Key for corelating related alerts. Alerts with the same correlation key considered to be related.
Returns:
description
public abstract String description()
Gets the description property: Description of the suspicious activity that was detected.
Returns:
endTimeUtc
public abstract OffsetDateTime endTimeUtc()
Gets the endTimeUtc property: The UTC time of the last event or activity included in the alert in ISO8601 format.
Returns:
entities
public abstract List
Gets the entities property: A list of entities related to the alert.
Returns:
extendedLinks
public abstract List<>
Gets the extendedLinks property: Links related to the alert.
Returns:
extendedProperties
public abstract Map
Gets the extendedProperties property: Custom properties for the alert.
Returns:
id
public abstract String id()
Gets the id property: Fully qualified resource Id for the resource.
Returns:
innerModel
public abstract AlertInner innerModel()
Gets the inner com.azure.resourcemanager.security.fluent.models.AlertInner object.
Returns:
intent
public abstract Intent intent()
Gets the intent property: The kill chain related intent behind the alert. For list of supported values, and explanations of Azure Security Center's supported kill chain intents.
Returns:
isIncident
public abstract Boolean isIncident()
Gets the isIncident property: This field determines whether the alert is an incident (a compound grouping of several alerts) or a single alert.
Returns:
name
public abstract String name()
Gets the name property: The name of the resource.
Returns:
processingEndTimeUtc
public abstract OffsetDateTime processingEndTimeUtc()
Gets the processingEndTimeUtc property: The UTC processing end time of the alert in ISO8601 format.
Returns:
productComponentName
public abstract String productComponentName()
Gets the productComponentName property: The name of Azure Security Center pricing tier which powering this alert. Learn more: https://docs.microsoft.com/en-us/azure/security-center/security-center-pricing.
Returns:
productName
public abstract String productName()
Gets the productName property: The name of the product which published this alert (Microsoft Sentinel, Microsoft Defender for Identity, Microsoft Defender for Endpoint, Microsoft Defender for Office, Microsoft Defender for Cloud Apps, and so on).
Returns:
remediationSteps
public abstract List
Gets the remediationSteps property: Manual action items to take to remediate the alert.
Returns:
resourceIdentifiers
public abstract List
Gets the resourceIdentifiers property: The resource identifiers that can be used to direct the alert to the right product exposure group (tenant, workspace, subscription etc.). There can be multiple identifiers of different type per alert.
Returns:
severity
public abstract AlertSeverity severity()
Gets the severity property: The risk level of the threat that was detected. Learn more: https://docs.microsoft.com/en-us/azure/security-center/security-center-alerts-overview\#how-are-alerts-classified.
Returns:
startTimeUtc
public abstract OffsetDateTime startTimeUtc()
Gets the startTimeUtc property: The UTC time of the first event or activity included in the alert in ISO8601 format.
Returns:
status
public abstract AlertStatus status()
Gets the status property: The life cycle status of the alert.
Returns:
subTechniques
public abstract List
Gets the subTechniques property: Kill chain related sub-techniques behind the alert.
Returns:
supportingEvidence
public abstract AlertPropertiesSupportingEvidence supportingEvidence()
Gets the supportingEvidence property: Changing set of properties depending on the supportingEvidence type.
Returns:
systemAlertId
public abstract String systemAlertId()
Gets the systemAlertId property: Unique identifier for the alert.
Returns:
techniques
public abstract List
Gets the techniques property: kill chain related techniques behind the alert.
Returns:
timeGeneratedUtc
public abstract OffsetDateTime timeGeneratedUtc()
Gets the timeGeneratedUtc property: The UTC time the alert was generated in ISO8601 format.
Returns:
type
public abstract String type()
Gets the type property: The type of the resource.
Returns:
vendorName
public abstract String vendorName()
Gets the vendorName property: The name of the vendor that raises the alert.
Returns:
version
public abstract String version()
Gets the version property: Schema version.
Returns:
Applies to
Azure SDK for Java
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for