你当前正在访问 Microsoft Azure Global Edition 技术文档网站。 如果需要访问由世纪互联运营的 Microsoft Azure 中国技术文档网站,请访问 https://docs.azure.cn。
AlertProperties Class
Definition
Important
Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
describes security alert properties.
public class AlertPropertiestype AlertProperties = classPublic Class AlertProperties- Inheritance
-
AlertProperties
Constructors
| AlertProperties() |
Initializes a new instance of the AlertProperties class. |
| AlertProperties(String, String, String, String, String, String, String, String, Nullable<DateTime>, Nullable<DateTime>, IList<ResourceIdentifier>, IList<String>, String, String, IList<IDictionary<String,String>>, String, Nullable<DateTime>, String, Nullable<DateTime>, IList<AlertEntity>, Nullable<Boolean>, String, IDictionary<String,String>, String, IList<String>, IList<String>, AlertPropertiesSupportingEvidence) |
Initializes a new instance of the AlertProperties class. |
Properties
| AlertDisplayName |
Gets the display name of the alert. |
| AlertType |
Gets unique identifier for the detection logic (all alert instances from the same detection logic will have the same alertType). |
| AlertUri |
Gets a direct link to the alert page in Azure Portal. |
| CompromisedEntity |
Gets the display name of the resource most related to this alert. |
| CorrelationKey |
Gets key for corelating related alerts. Alerts with the same correlation key considered to be related. |
| Description |
Gets description of the suspicious activity that was detected. |
| EndTimeUtc |
Gets the UTC time of the last event or activity included in the alert in ISO8601 format. |
| Entities |
Gets a list of entities related to the alert. |
| ExtendedLinks |
Gets links related to the alert |
| ExtendedProperties |
Gets or sets custom properties for the alert. |
| Intent |
Gets the kill chain related intent behind the alert. For list of supported values, and explanations of Azure Security Center's supported kill chain intents. Possible values include: 'Unknown', 'PreAttack', 'InitialAccess', 'Persistence', 'PrivilegeEscalation', 'DefenseEvasion', 'CredentialAccess', 'Discovery', 'LateralMovement', 'Execution', 'Collection', 'Exfiltration', 'CommandAndControl', 'Impact', 'Probing', 'Exploitation' |
| IsIncident |
Gets this field determines whether the alert is an incident (a compound grouping of several alerts) or a single alert. |
| ProcessingEndTimeUtc |
Gets the UTC processing end time of the alert in ISO8601 format. |
| ProductComponentName |
Gets the name of Azure Security Center pricing tier which powering this alert. Learn more: https://docs.microsoft.com/en-us/azure/security-center/security-center-pricing |
| ProductName |
Gets the name of the product which published this alert (Microsoft Sentinel, Microsoft Defender for Identity, Microsoft Defender for Endpoint, Microsoft Defender for Office, Microsoft Defender for Cloud Apps, and so on). |
| RemediationSteps |
Gets manual action items to take to remediate the alert. |
| ResourceIdentifiers |
Gets the resource identifiers that can be used to direct the alert to the right product exposure group (tenant, workspace, subscription etc.). There can be multiple identifiers of different type per alert. |
| Severity |
Gets the risk level of the threat that was detected. Learn more: https://docs.microsoft.com/en-us/azure/security-center/security-center-alerts-overview#how-are-alerts-classified. Possible values include: 'Informational', 'Low', 'Medium', 'High' |
| StartTimeUtc |
Gets the UTC time of the first event or activity included in the alert in ISO8601 format. |
| Status |
Gets the life cycle status of the alert. Possible values include: 'Active', 'InProgress', 'Resolved', 'Dismissed' |
| SubTechniques |
Gets kill chain related sub-techniques behind the alert. |
| SupportingEvidence |
Gets or sets changing set of properties depending on the supportingEvidence type. |
| SystemAlertId |
Gets unique identifier for the alert. |
| Techniques |
Gets kill chain related techniques behind the alert. |
| TimeGeneratedUtc |
Gets the UTC time the alert was generated in ISO8601 format. |
| VendorName |
Gets the name of the vendor that raises the alert. |
| Version |
Gets schema version. |