Package com.microsoft.graph.models

Class Alert

java.lang.Object
com.microsoft.graph.models.Entity
com.microsoft.graph.models.Alert
All Implemented Interfaces:
com.microsoft.graph.serializer.IJsonBackedObject
public class Alert extends Entity implements com.microsoft.graph.serializer.IJsonBackedObject
The class for the Alert.

  • Field Details

    • activityGroupName

      @SerializedName(value="activityGroupName", alternate="ActivityGroupName") @Expose @Nullable public String activityGroupName
      The Activity Group Name. Name or alias of the activity group (attacker) this alert is attributed to.

    • alertDetections

      @SerializedName(value="alertDetections", alternate="AlertDetections") @Expose @Nullable public List<AlertDetection> alertDetections
      The Alert Detections.

    • assignedTo

      @SerializedName(value="assignedTo", alternate="AssignedTo") @Expose @Nullable public String assignedTo
      The Assigned To. Name of the analyst the alert is assigned to for triage, investigation, or remediation (supports update).

    • azureSubscriptionId

      @SerializedName(value="azureSubscriptionId", alternate="AzureSubscriptionId") @Expose @Nullable public String azureSubscriptionId
      The Azure Subscription Id. Azure subscription ID, present if this alert is related to an Azure resource.

    • azureTenantId

      @SerializedName(value="azureTenantId", alternate="AzureTenantId") @Expose @Nullable public String azureTenantId
      The Azure Tenant Id. Azure Active Directory tenant ID. Required.

    • category

      @SerializedName(value="category", alternate="Category") @Expose @Nullable public String category
      The Category. Category of the alert (for example, credentialTheft, ransomware, etc.).

    • closedDateTime

      @SerializedName(value="closedDateTime", alternate="ClosedDateTime") @Expose @Nullable public OffsetDateTime closedDateTime
      The Closed Date Time. Time at which the alert was closed. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z (supports update).

    • cloudAppStates

      @SerializedName(value="cloudAppStates", alternate="CloudAppStates") @Expose @Nullable public List<CloudAppSecurityState> cloudAppStates
      The Cloud App States. Security-related stateful information generated by the provider about the cloud application/s related to this alert.

    • comments

      @SerializedName(value="comments", alternate="Comments") @Expose @Nullable public List<String> comments
      The Comments. Customer-provided comments on alert (for customer alert management) (supports update).

    • confidence

      @SerializedName(value="confidence", alternate="Confidence") @Expose @Nullable public Integer confidence
      The Confidence. Confidence of the detection logic (percentage between 1-100).

    • createdDateTime

      @SerializedName(value="createdDateTime", alternate="CreatedDateTime") @Expose @Nullable public OffsetDateTime createdDateTime
      The Created Date Time. Time at which the alert was created by the alert provider. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Required.

    • description

      @SerializedName(value="description", alternate="Description") @Expose @Nullable public String description
      The Description. Alert description.

    • detectionIds

      @SerializedName(value="detectionIds", alternate="DetectionIds") @Expose @Nullable public List<String> detectionIds
      The Detection Ids. Set of alerts related to this alert entity (each alert is pushed to the SIEM as a separate record).

    • eventDateTime

      @SerializedName(value="eventDateTime", alternate="EventDateTime") @Expose @Nullable public OffsetDateTime eventDateTime
      The Event Date Time. Time at which the event(s) that served as the trigger(s) to generate the alert occurred. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Required.

    • feedback

      @SerializedName(value="feedback", alternate="Feedback") @Expose @Nullable public AlertFeedback feedback
      The Feedback. Analyst feedback on the alert. Possible values are: unknown, truePositive, falsePositive, benignPositive. (supports update)

    • fileStates

      @SerializedName(value="fileStates", alternate="FileStates") @Expose @Nullable public List<FileSecurityState> fileStates
      The File States. Security-related stateful information generated by the provider about the file(s) related to this alert.

    • historyStates

      @SerializedName(value="historyStates", alternate="HistoryStates") @Expose @Nullable public List<AlertHistoryState> historyStates
      The History States.

    • hostStates

      @SerializedName(value="hostStates", alternate="HostStates") @Expose @Nullable public List<HostSecurityState> hostStates
      The Host States. Security-related stateful information generated by the provider about the host(s) related to this alert.

    • incidentIds

      @SerializedName(value="incidentIds", alternate="IncidentIds") @Expose @Nullable public List<String> incidentIds
      The Incident Ids. IDs of incidents related to current alert.

    • investigationSecurityStates

      @SerializedName(value="investigationSecurityStates", alternate="InvestigationSecurityStates") @Expose @Nullable public List<InvestigationSecurityState> investigationSecurityStates
      The Investigation Security States.

    • lastEventDateTime

      @SerializedName(value="lastEventDateTime", alternate="LastEventDateTime") @Expose @Nullable public OffsetDateTime lastEventDateTime
      The Last Event Date Time.

    • lastModifiedDateTime

      @SerializedName(value="lastModifiedDateTime", alternate="LastModifiedDateTime") @Expose @Nullable public OffsetDateTime lastModifiedDateTime
      The Last Modified Date Time. Time at which the alert entity was last modified. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.

    • malwareStates

      @SerializedName(value="malwareStates", alternate="MalwareStates") @Expose @Nullable public List<MalwareState> malwareStates
      The Malware States. Threat Intelligence pertaining to malware related to this alert.

    • messageSecurityStates

      @SerializedName(value="messageSecurityStates", alternate="MessageSecurityStates") @Expose @Nullable public List<MessageSecurityState> messageSecurityStates
      The Message Security States.

    • networkConnections

      @SerializedName(value="networkConnections", alternate="NetworkConnections") @Expose @Nullable public List<NetworkConnection> networkConnections
      The Network Connections. Security-related stateful information generated by the provider about the network connection(s) related to this alert.

    • processes

      @SerializedName(value="processes", alternate="Processes") @Expose @Nullable public List<Process> processes
      The Processes. Security-related stateful information generated by the provider about the process or processes related to this alert.

    • recommendedActions

      @SerializedName(value="recommendedActions", alternate="RecommendedActions") @Expose @Nullable public List<String> recommendedActions
      The Recommended Actions. Vendor/provider recommended action(s) to take as a result of the alert (for example, isolate machine, enforce2FA, reimage host).

    • registryKeyStates

      @SerializedName(value="registryKeyStates", alternate="RegistryKeyStates") @Expose @Nullable public List<RegistryKeyState> registryKeyStates
      The Registry Key States. Security-related stateful information generated by the provider about the registry keys related to this alert.

    • securityResources

      @SerializedName(value="securityResources", alternate="SecurityResources") @Expose @Nullable public List<SecurityResource> securityResources
      The Security Resources. Resources related to current alert. For example, for some alerts this can have the Azure Resource value.

    • severity

      @SerializedName(value="severity", alternate="Severity") @Expose @Nullable public AlertSeverity severity
      The Severity. Alert severity - set by vendor/provider. Possible values are: unknown, informational, low, medium, high. Required.

    • sourceMaterials

      @SerializedName(value="sourceMaterials", alternate="SourceMaterials") @Expose @Nullable public List<String> sourceMaterials
      The Source Materials. Hyperlinks (URIs) to the source material related to the alert, for example, provider's user interface for alerts or log search, etc.

    • status

      @SerializedName(value="status", alternate="Status") @Expose @Nullable public AlertStatus status
      The Status. Alert lifecycle status (stage). Possible values are: unknown, newAlert, inProgress, resolved. (supports update). Required.

    • tags

      @SerializedName(value="tags", alternate="Tags") @Expose @Nullable public List<String> tags
      The Tags. User-definable labels that can be applied to an alert and can serve as filter conditions (for example 'HVA', 'SAW', etc.) (supports update).

    • title

      @SerializedName(value="title", alternate="Title") @Expose @Nullable public String title
      The Title. Alert title. Required.

    • triggers

      @SerializedName(value="triggers", alternate="Triggers") @Expose @Nullable public List<AlertTrigger> triggers
      The Triggers. Security-related information about the specific properties that triggered the alert (properties appearing in the alert). Alerts might contain information about multiple users, hosts, files, ip addresses. This field indicates which properties triggered the alert generation.

    • uriClickSecurityStates

      @SerializedName(value="uriClickSecurityStates", alternate="UriClickSecurityStates") @Expose @Nullable public List<UriClickSecurityState> uriClickSecurityStates
      The Uri Click Security States.

    • userStates

      @SerializedName(value="userStates", alternate="UserStates") @Expose @Nullable public List<UserSecurityState> userStates
      The User States. Security-related stateful information generated by the provider about the user accounts related to this alert.

    • vendorInformation

      @SerializedName(value="vendorInformation", alternate="VendorInformation") @Expose @Nullable public SecurityVendorInformation vendorInformation
      The Vendor Information. Complex type containing details about the security product/service vendor, provider, and subprovider (for example, vendor=Microsoft; provider=Windows Defender ATP; subProvider=AppLocker). Required.

    • vulnerabilityStates

      @SerializedName(value="vulnerabilityStates", alternate="VulnerabilityStates") @Expose @Nullable public List<VulnerabilityState> vulnerabilityStates
      The Vulnerability States. Threat intelligence pertaining to one or more vulnerabilities related to this alert.

  • Constructor Details

    • Alert

      public Alert()

  • Method Details

    • setRawObject

      public void setRawObject(@Nonnull com.microsoft.graph.serializer.ISerializer serializer, @Nonnull com.google.gson.JsonObject json)
      Sets the raw JSON object
      Specified by:
      setRawObject in interface com.microsoft.graph.serializer.IJsonBackedObject
      Overrides:
      setRawObject in class Entity
      Parameters:
      serializer - the serializer
      json - the JSON object to set this object to