AlertProperties Constructors
Definition
Important
Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
Overloads
| AlertProperties() |
Initializes a new instance of the AlertProperties class. |
| AlertProperties(String, String, String, String, String, String, String, String, Nullable<DateTime>, Nullable<DateTime>, IList<ResourceIdentifier>, IList<String>, String, String, IList<IDictionary<String,String>>, String, Nullable<DateTime>, String, Nullable<DateTime>, IList<AlertEntity>, Nullable<Boolean>, String, IDictionary<String,String>, String, IList<String>, IList<String>, AlertPropertiesSupportingEvidence) |
Initializes a new instance of the AlertProperties class. |
AlertProperties()
Initializes a new instance of the AlertProperties class.
public AlertProperties ();Public Sub New ()Applies to
AlertProperties(String, String, String, String, String, String, String, String, Nullable<DateTime>, Nullable<DateTime>, IList<ResourceIdentifier>, IList<String>, String, String, IList<IDictionary<String,String>>, String, Nullable<DateTime>, String, Nullable<DateTime>, IList<AlertEntity>, Nullable<Boolean>, String, IDictionary<String,String>, String, IList<String>, IList<String>, AlertPropertiesSupportingEvidence)
Initializes a new instance of the AlertProperties class.
public AlertProperties (string version = default, string alertType = default, string systemAlertId = default, string productComponentName = default, string alertDisplayName = default, string description = default, string severity = default, string intent = default, DateTime? startTimeUtc = default, DateTime? endTimeUtc = default, System.Collections.Generic.IList<Microsoft.Azure.Management.Security.Models.ResourceIdentifier> resourceIdentifiers = default, System.Collections.Generic.IList<string> remediationSteps = default, string vendorName = default, string status = default, System.Collections.Generic.IList<System.Collections.Generic.IDictionary<string,string>> extendedLinks = default, string alertUri = default, DateTime? timeGeneratedUtc = default, string productName = default, DateTime? processingEndTimeUtc = default, System.Collections.Generic.IList<Microsoft.Azure.Management.Security.Models.AlertEntity> entities = default, bool? isIncident = default, string correlationKey = default, System.Collections.Generic.IDictionary<string,string> extendedProperties = default, string compromisedEntity = default, System.Collections.Generic.IList<string> techniques = default, System.Collections.Generic.IList<string> subTechniques = default, Microsoft.Azure.Management.Security.Models.AlertPropertiesSupportingEvidence supportingEvidence = default);new Microsoft.Azure.Management.Security.Models.AlertProperties : string * string * string * string * string * string * string * string * Nullable<DateTime> * Nullable<DateTime> * System.Collections.Generic.IList<Microsoft.Azure.Management.Security.Models.ResourceIdentifier> * System.Collections.Generic.IList<string> * string * string * System.Collections.Generic.IList<System.Collections.Generic.IDictionary<string, string>> * string * Nullable<DateTime> * string * Nullable<DateTime> * System.Collections.Generic.IList<Microsoft.Azure.Management.Security.Models.AlertEntity> * Nullable<bool> * string * System.Collections.Generic.IDictionary<string, string> * string * System.Collections.Generic.IList<string> * System.Collections.Generic.IList<string> * Microsoft.Azure.Management.Security.Models.AlertPropertiesSupportingEvidence -> Microsoft.Azure.Management.Security.Models.AlertPropertiesPublic Sub New (Optional version As String = Nothing, Optional alertType As String = Nothing, Optional systemAlertId As String = Nothing, Optional productComponentName As String = Nothing, Optional alertDisplayName As String = Nothing, Optional description As String = Nothing, Optional severity As String = Nothing, Optional intent As String = Nothing, Optional startTimeUtc As Nullable(Of DateTime) = Nothing, Optional endTimeUtc As Nullable(Of DateTime) = Nothing, Optional resourceIdentifiers As IList(Of ResourceIdentifier) = Nothing, Optional remediationSteps As IList(Of String) = Nothing, Optional vendorName As String = Nothing, Optional status As String = Nothing, Optional extendedLinks As IList(Of IDictionary(Of String, String)) = Nothing, Optional alertUri As String = Nothing, Optional timeGeneratedUtc As Nullable(Of DateTime) = Nothing, Optional productName As String = Nothing, Optional processingEndTimeUtc As Nullable(Of DateTime) = Nothing, Optional entities As IList(Of AlertEntity) = Nothing, Optional isIncident As Nullable(Of Boolean) = Nothing, Optional correlationKey As String = Nothing, Optional extendedProperties As IDictionary(Of String, String) = Nothing, Optional compromisedEntity As String = Nothing, Optional techniques As IList(Of String) = Nothing, Optional subTechniques As IList(Of String) = Nothing, Optional supportingEvidence As AlertPropertiesSupportingEvidence = Nothing)Parameters
- version
- String
Schema version.
- alertType
- String
Unique identifier for the detection logic (all alert instances from the same detection logic will have the same alertType).
- systemAlertId
- String
Unique identifier for the alert.
- productComponentName
- String
The name of Azure Security Center pricing tier which powering this alert. Learn more: https://docs.microsoft.com/en-us/azure/security-center/security-center-pricing
- alertDisplayName
- String
The display name of the alert.
- description
- String
Description of the suspicious activity that was detected.
- severity
- String
The risk level of the threat that was detected. Learn more: https://docs.microsoft.com/en-us/azure/security-center/security-center-alerts-overview#how-are-alerts-classified. Possible values include: 'Informational', 'Low', 'Medium', 'High'
- intent
- String
The kill chain related intent behind the alert. For list of supported values, and explanations of Azure Security Center's supported kill chain intents. Possible values include: 'Unknown', 'PreAttack', 'InitialAccess', 'Persistence', 'PrivilegeEscalation', 'DefenseEvasion', 'CredentialAccess', 'Discovery', 'LateralMovement', 'Execution', 'Collection', 'Exfiltration', 'CommandAndControl', 'Impact', 'Probing', 'Exploitation'
The UTC time of the first event or activity included in the alert in ISO8601 format.
The UTC time of the last event or activity included in the alert in ISO8601 format.
- resourceIdentifiers
- IList<ResourceIdentifier>
The resource identifiers that can be used to direct the alert to the right product exposure group (tenant, workspace, subscription etc.). There can be multiple identifiers of different type per alert.
- vendorName
- String
The name of the vendor that raises the alert.
- status
- String
The life cycle status of the alert. Possible values include: 'Active', 'InProgress', 'Resolved', 'Dismissed'
- extendedLinks
- IList<IDictionary<String,String>>
Links related to the alert
- alertUri
- String
A direct link to the alert page in Azure Portal.
- productName
- String
The name of the product which published this alert (Microsoft Sentinel, Microsoft Defender for Identity, Microsoft Defender for Endpoint, Microsoft Defender for Office, Microsoft Defender for Cloud Apps, and so on).
- entities
- IList<AlertEntity>
A list of entities related to the alert.
This field determines whether the alert is an incident (a compound grouping of several alerts) or a single alert.
- correlationKey
- String
Key for corelating related alerts. Alerts with the same correlation key considered to be related.
- extendedProperties
- IDictionary<String,String>
Custom properties for the alert.
- compromisedEntity
- String
The display name of the resource most related to this alert.
- supportingEvidence
- AlertPropertiesSupportingEvidence
Changing set of properties depending on the supportingEvidence type.