fileEvidence resource type
Namespace: microsoft.graph.security
Important
APIs under the /beta version in Microsoft Graph are subject to change. Use of these APIs in production applications is not supported. To determine whether an API is available in v1.0, use the Version selector.
A file that is reported in the alert as evidence.
Inherits from alertEvidence.
Properties
| Property | Type | Description |
|---|---|---|
| detectionStatus | microsoft.graph.security.detectionStatus | The status of the detection.The possible values are: detected, blocked, prevented, unknownFutureValue. |
| fileDetails | microsoft.graph.security.fileDetails | The file details. |
| mdeDeviceId | String | A unique identifier assigned to a device by Microsoft Defender for Endpoint. |
Relationships
None.
JSON representation
The following JSON representation shows the resource type.
{
"@odata.type": "#microsoft.graph.security.fileEvidence",
"createdDateTime": "String (timestamp)",
"verdict": "String",
"remediationStatus": "String",
"remediationStatusDetails": "String",
"roles": [
"String"
],
"tags": [
"String"
],
"fileDetails": {
"@odata.type": "microsoft.graph.security.fileDetails"
},
"detectionStatus": "String",
"mdeDeviceId": "String"
}