Alert interface

Reference

Package:: @azure/arm-security

Security alert

Extends: Resource

Properties

alertDisplayName	The display name of the alert. NOTE: This property will not be serialized. It can only be populated by the server.
alertType	Unique identifier for the detection logic (all alert instances from the same detection logic will have the same alertType). NOTE: This property will not be serialized. It can only be populated by the server.
alertUri	A direct link to the alert page in Azure Portal. NOTE: This property will not be serialized. It can only be populated by the server.
compromisedEntity	The display name of the resource most related to this alert. NOTE: This property will not be serialized. It can only be populated by the server.
correlationKey	Key for corelating related alerts. Alerts with the same correlation key considered to be related. NOTE: This property will not be serialized. It can only be populated by the server.
description	Description of the suspicious activity that was detected. NOTE: This property will not be serialized. It can only be populated by the server.
endTimeUtc	The UTC time of the last event or activity included in the alert in ISO8601 format. NOTE: This property will not be serialized. It can only be populated by the server.
entities	A list of entities related to the alert. NOTE: This property will not be serialized. It can only be populated by the server.
extendedLinks	Links related to the alert NOTE: This property will not be serialized. It can only be populated by the server.
extendedProperties	Custom properties for the alert.
intent	The kill chain related intent behind the alert. For list of supported values, and explanations of Azure Security Center's supported kill chain intents. NOTE: This property will not be serialized. It can only be populated by the server.
isIncident	This field determines whether the alert is an incident (a compound grouping of several alerts) or a single alert. NOTE: This property will not be serialized. It can only be populated by the server.
processingEndTimeUtc	The UTC processing end time of the alert in ISO8601 format. NOTE: This property will not be serialized. It can only be populated by the server.
productComponentName	The name of Azure Security Center pricing tier which powering this alert. Learn more: https://docs.microsoft.com/en-us/azure/security-center/security-center-pricing NOTE: This property will not be serialized. It can only be populated by the server.
productName	The name of the product which published this alert (Microsoft Sentinel, Microsoft Defender for Identity, Microsoft Defender for Endpoint, Microsoft Defender for Office, Microsoft Defender for Cloud Apps, and so on). NOTE: This property will not be serialized. It can only be populated by the server.
remediationSteps	Manual action items to take to remediate the alert. NOTE: This property will not be serialized. It can only be populated by the server.
resourceIdentifiers	The resource identifiers that can be used to direct the alert to the right product exposure group (tenant, workspace, subscription etc.). There can be multiple identifiers of different type per alert. NOTE: This property will not be serialized. It can only be populated by the server.
severity	The risk level of the threat that was detected. Learn more: https://docs.microsoft.com/en-us/azure/security-center/security-center-alerts-overview#how-are-alerts-classified. NOTE: This property will not be serialized. It can only be populated by the server.
startTimeUtc	The UTC time of the first event or activity included in the alert in ISO8601 format. NOTE: This property will not be serialized. It can only be populated by the server.
status	The life cycle status of the alert. NOTE: This property will not be serialized. It can only be populated by the server.
subTechniques	Kill chain related sub-techniques behind the alert. NOTE: This property will not be serialized. It can only be populated by the server.
supportingEvidence	Changing set of properties depending on the supportingEvidence type.
systemAlertId	Unique identifier for the alert. NOTE: This property will not be serialized. It can only be populated by the server.
techniques	kill chain related techniques behind the alert. NOTE: This property will not be serialized. It can only be populated by the server.
timeGeneratedUtc	The UTC time the alert was generated in ISO8601 format. NOTE: This property will not be serialized. It can only be populated by the server.
vendorName	The name of the vendor that raises the alert. NOTE: This property will not be serialized. It can only be populated by the server.
version	Schema version. NOTE: This property will not be serialized. It can only be populated by the server.

Inherited Properties

id	Resource Id NOTE: This property will not be serialized. It can only be populated by the server.
name	Resource name NOTE: This property will not be serialized. It can only be populated by the server.
type	Resource type NOTE: This property will not be serialized. It can only be populated by the server.

Property Details

alertDisplayName

The display name of the alert. NOTE: This property will not be serialized. It can only be populated by the server.

alertDisplayName?: string

Property Value

string

alertType

Unique identifier for the detection logic (all alert instances from the same detection logic will have the same alertType). NOTE: This property will not be serialized. It can only be populated by the server.

alertType?: string

Property Value

string

alertUri

A direct link to the alert page in Azure Portal. NOTE: This property will not be serialized. It can only be populated by the server.

alertUri?: string

Property Value

string

compromisedEntity

The display name of the resource most related to this alert. NOTE: This property will not be serialized. It can only be populated by the server.

compromisedEntity?: string

Property Value

string

correlationKey

Key for corelating related alerts. Alerts with the same correlation key considered to be related. NOTE: This property will not be serialized. It can only be populated by the server.

correlationKey?: string

Property Value

string

description

Description of the suspicious activity that was detected. NOTE: This property will not be serialized. It can only be populated by the server.

description?: string

Property Value

string

endTimeUtc

The UTC time of the last event or activity included in the alert in ISO8601 format. NOTE: This property will not be serialized. It can only be populated by the server.

endTimeUtc?: Date

Property Value

Date

entities

A list of entities related to the alert. NOTE: This property will not be serialized. It can only be populated by the server.

entities?: AlertEntity[]

Property Value

AlertEntity[]

extendedLinks

Links related to the alert NOTE: This property will not be serialized. It can only be populated by the server.

extendedLinks?: {[propertyName: string]: string}[]

Property Value

{[propertyName: string]: string}[]

extendedProperties

Custom properties for the alert.

extendedProperties?: {[propertyName: string]: string}

Property Value

{[propertyName: string]: string}

intent

The kill chain related intent behind the alert. For list of supported values, and explanations of Azure Security Center's supported kill chain intents. NOTE: This property will not be serialized. It can only be populated by the server.

intent?: string

Property Value

string

isIncident

This field determines whether the alert is an incident (a compound grouping of several alerts) or a single alert. NOTE: This property will not be serialized. It can only be populated by the server.

isIncident?: boolean

Property Value

boolean

processingEndTimeUtc

The UTC processing end time of the alert in ISO8601 format. NOTE: This property will not be serialized. It can only be populated by the server.

processingEndTimeUtc?: Date

Property Value

Date

productComponentName

The name of Azure Security Center pricing tier which powering this alert. Learn more: https://docs.microsoft.com/en-us/azure/security-center/security-center-pricing NOTE: This property will not be serialized. It can only be populated by the server.

productComponentName?: string

Property Value

string

productName

The name of the product which published this alert (Microsoft Sentinel, Microsoft Defender for Identity, Microsoft Defender for Endpoint, Microsoft Defender for Office, Microsoft Defender for Cloud Apps, and so on). NOTE: This property will not be serialized. It can only be populated by the server.

productName?: string

Property Value

string

remediationSteps

Manual action items to take to remediate the alert. NOTE: This property will not be serialized. It can only be populated by the server.

remediationSteps?: string[]

Property Value

string[]

resourceIdentifiers

The resource identifiers that can be used to direct the alert to the right product exposure group (tenant, workspace, subscription etc.). There can be multiple identifiers of different type per alert. NOTE: This property will not be serialized. It can only be populated by the server.

resourceIdentifiers?: ResourceIdentifierUnion[]

Property Value

ResourceIdentifierUnion[]

severity

The risk level of the threat that was detected. Learn more: https://docs.microsoft.com/en-us/azure/security-center/security-center-alerts-overview#how-are-alerts-classified. NOTE: This property will not be serialized. It can only be populated by the server.

severity?: string

Property Value

string

startTimeUtc

The UTC time of the first event or activity included in the alert in ISO8601 format. NOTE: This property will not be serialized. It can only be populated by the server.

startTimeUtc?: Date

Property Value

Date

status

The life cycle status of the alert. NOTE: This property will not be serialized. It can only be populated by the server.

status?: string

Property Value

string

subTechniques

Kill chain related sub-techniques behind the alert. NOTE: This property will not be serialized. It can only be populated by the server.

subTechniques?: string[]

Property Value

string[]

supportingEvidence

Changing set of properties depending on the supportingEvidence type.

supportingEvidence?: AlertPropertiesSupportingEvidence

Property Value

AlertPropertiesSupportingEvidence

systemAlertId

Unique identifier for the alert. NOTE: This property will not be serialized. It can only be populated by the server.

systemAlertId?: string

Property Value

string

techniques

kill chain related techniques behind the alert. NOTE: This property will not be serialized. It can only be populated by the server.

techniques?: string[]

Property Value

string[]

timeGeneratedUtc

The UTC time the alert was generated in ISO8601 format. NOTE: This property will not be serialized. It can only be populated by the server.

timeGeneratedUtc?: Date

Property Value

Date

vendorName

The name of the vendor that raises the alert. NOTE: This property will not be serialized. It can only be populated by the server.

vendorName?: string

Property Value

string

version

Schema version. NOTE: This property will not be serialized. It can only be populated by the server.

version?: string

Property Value

string

Inherited Property Details

id

Resource Id NOTE: This property will not be serialized. It can only be populated by the server.

id?: string

Property Value

string

Inherited From Resource.id

name

Resource name NOTE: This property will not be serialized. It can only be populated by the server.

name?: string

Property Value

string

Inherited From Resource.name

type

Resource type NOTE: This property will not be serialized. It can only be populated by the server.

type?: string

Property Value

string

Inherited From Resource.type

Share via

Alert interface

Properties

Inherited Properties

Property Details

alertDisplayName

Property Value

alertType

Property Value

alertUri

Property Value

compromisedEntity

Property Value

correlationKey

Property Value

description

Property Value

endTimeUtc

Property Value

entities

Property Value

extendedLinks

Property Value

extendedProperties

Property Value

intent

Property Value

isIncident

Property Value

processingEndTimeUtc

Property Value

productComponentName

Property Value

productName

Property Value

remediationSteps

Property Value

resourceIdentifiers

Property Value

severity

Property Value

startTimeUtc

Property Value

status

Property Value

subTechniques

Property Value

supportingEvidence

Property Value

systemAlertId

Property Value

techniques

Property Value

timeGeneratedUtc

Property Value

vendorName

Property Value

version

Property Value

Inherited Property Details

id

Property Value

name

Property Value

type

Property Value

Additional resources