SecurityAlertData Class

Reference

Definition

Namespace:: Azure.ResourceManager.SecurityCenter

Assembly:: Azure.ResourceManager.SecurityCenter.dll

Package:: Azure.ResourceManager.SecurityCenter v1.1.0

Package:: Azure.ResourceManager.SecurityCenter v1.2.0-beta.5

Source:: SecurityAlertData.cs

Source:: SecurityAlertData.cs

Important

Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.

A class representing the SecurityAlert data model. Security alert

public class SecurityAlertData : Azure.ResourceManager.Models.ResourceData

public class SecurityAlertData : Azure.ResourceManager.Models.ResourceData, System.ClientModel.Primitives.IJsonModel<Azure.ResourceManager.SecurityCenter.SecurityAlertData>, System.ClientModel.Primitives.IPersistableModel<Azure.ResourceManager.SecurityCenter.SecurityAlertData>

type SecurityAlertData = class
    inherit ResourceData

type SecurityAlertData = class
    inherit ResourceData
    interface IJsonModel<SecurityAlertData>
    interface IPersistableModel<SecurityAlertData>

Public Class SecurityAlertData
Inherits ResourceData

Public Class SecurityAlertData
Inherits ResourceData
Implements IJsonModel(Of SecurityAlertData), IPersistableModel(Of SecurityAlertData)

Inheritance: Object

ResourceData
SecurityAlertData

Implements: IJsonModel<SecurityAlertData> IPersistableModel<SecurityAlertData> IPersistableModel<T>

Constructors

SecurityAlertData()

Initializes a new instance of SecurityAlertData.

Properties

AlertDisplayName	The display name of the alert.
AlertType	Unique identifier for the detection logic (all alert instances from the same detection logic will have the same alertType).
AlertUri	A direct link to the alert page in Azure Portal.
CompromisedEntity	The display name of the resource most related to this alert.
CorrelationKey	Key for corelating related alerts. Alerts with the same correlation key considered to be related.
Description	Description of the suspicious activity that was detected.
EndOn	The UTC time of the last event or activity included in the alert in ISO8601 format.
Entities	A list of entities related to the alert.
ExtendedLinks	Links related to the alert.
ExtendedProperties	Custom properties for the alert.
GeneratedOn	The UTC time the alert was generated in ISO8601 format.
Id	Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. (Inherited from ResourceData)
Intent	The kill chain related intent behind the alert. For list of supported values, and explanations of Azure Security Center's supported kill chain intents.
IsIncident	This field determines whether the alert is an incident (a compound grouping of several alerts) or a single alert.
Name	The name of the resource. (Inherited from ResourceData)
ProcessingEndOn	The UTC processing end time of the alert in ISO8601 format.
ProductComponentName	The name of Azure Security Center pricing tier which powering this alert. Learn more: https://docs.microsoft.com/en-us/azure/security-center/security-center-pricing.
ProductName	The name of the product which published this alert (Microsoft Sentinel, Microsoft Defender for Identity, Microsoft Defender for Endpoint, Microsoft Defender for Office, Microsoft Defender for Cloud Apps, and so on).
RemediationSteps	Manual action items to take to remediate the alert.
ResourceIdentifiers	The resource identifiers that can be used to direct the alert to the right product exposure group (tenant, workspace, subscription etc.). There can be multiple identifiers of different type per alert. Please note SecurityAlertResourceIdentifier is the base class. According to the scenario, a derived class of the base class might need to be assigned here, or this property needs to be casted to one of the possible derived classes. The available derived classes include AzureResourceIdentifier and LogAnalyticsIdentifier.
ResourceType	The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts". (Inherited from ResourceData)
Severity	The risk level of the threat that was detected. Learn more: https://docs.microsoft.com/en-us/azure/security-center/security-center-alerts-overview#how-are-alerts-classified.
StartOn	The UTC time of the first event or activity included in the alert in ISO8601 format.
Status	The life cycle status of the alert.
SubTechniques	Kill chain related sub-techniques behind the alert.
SupportingEvidence	Changing set of properties depending on the supportingEvidence type.
SystemAlertId	Unique identifier for the alert.
SystemData	Azure Resource Manager metadata containing createdBy and modifiedBy information. (Inherited from ResourceData)
Techniques	kill chain related techniques behind the alert.
VendorName	The name of the vendor that raises the alert.
Version	Schema version.

Methods

JsonModelWriteCore(Utf8JsonWriter, ModelReaderWriterOptions)

(Inherited from ResourceData)

Explicit Interface Implementations

IJsonModel<SecurityAlertData>.Create(Utf8JsonReader, ModelReaderWriterOptions)	Reads one JSON value (including objects or arrays) from the provided reader and converts it to a model.
IJsonModel<SecurityAlertData>.Write(Utf8JsonWriter, ModelReaderWriterOptions)	Writes the model to the provided Utf8JsonWriter.
IPersistableModel<SecurityAlertData>.Create(BinaryData, ModelReaderWriterOptions)	Converts the provided BinaryData into a model.
IPersistableModel<SecurityAlertData>.GetFormatFromOptions(ModelReaderWriterOptions)	Gets the data interchange format (JSON, Xml, etc) that the model uses when communicating with the service.
IPersistableModel<SecurityAlertData>.Write(ModelReaderWriterOptions)	Writes the model into a BinaryData.

Applies to

Udostępnij za pośrednictwem