ArmSecurityCenterModelFactory.SecurityAlertData Method

Reference

Definition

Namespace:: Azure.ResourceManager.SecurityCenter.Models

Assembly:: Azure.ResourceManager.SecurityCenter.dll

Package:: Azure.ResourceManager.SecurityCenter v1.2.0-beta.5

Source:: ArmSecurityCenterModelFactory.cs

Important

Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.

Initializes a new instance of SecurityAlertData.

public static Azure.ResourceManager.SecurityCenter.SecurityAlertData SecurityAlertData (Azure.Core.ResourceIdentifier id = default, string name = default, Azure.Core.ResourceType resourceType = default, Azure.ResourceManager.Models.SystemData systemData = default, string version = default, string alertType = default, string systemAlertId = default, string productComponentName = default, string alertDisplayName = default, string description = default, Azure.ResourceManager.SecurityCenter.Models.SecurityAlertSeverity? severity = default, Azure.ResourceManager.SecurityCenter.Models.KillChainIntent? intent = default, DateTimeOffset? startOn = default, DateTimeOffset? endOn = default, System.Collections.Generic.IEnumerable<Azure.ResourceManager.SecurityCenter.Models.SecurityAlertResourceIdentifier> resourceIdentifiers = default, System.Collections.Generic.IEnumerable<string> remediationSteps = default, string vendorName = default, Azure.ResourceManager.SecurityCenter.Models.SecurityAlertStatus? status = default, System.Collections.Generic.IEnumerable<System.Collections.Generic.IDictionary<string,string>> extendedLinks = default, Uri alertUri = default, DateTimeOffset? generatedOn = default, string productName = default, DateTimeOffset? processingEndOn = default, System.Collections.Generic.IEnumerable<Azure.ResourceManager.SecurityCenter.Models.SecurityAlertEntity> entities = default, bool? isIncident = default, string correlationKey = default, System.Collections.Generic.IDictionary<string,string> extendedProperties = default, string compromisedEntity = default, System.Collections.Generic.IEnumerable<string> techniques = default, System.Collections.Generic.IEnumerable<string> subTechniques = default, Azure.ResourceManager.SecurityCenter.Models.SecurityAlertSupportingEvidence supportingEvidence = default);

static member SecurityAlertData : Azure.Core.ResourceIdentifier * string * Azure.Core.ResourceType * Azure.ResourceManager.Models.SystemData * string * string * string * string * string * string * Nullable<Azure.ResourceManager.SecurityCenter.Models.SecurityAlertSeverity> * Nullable<Azure.ResourceManager.SecurityCenter.Models.KillChainIntent> * Nullable<DateTimeOffset> * Nullable<DateTimeOffset> * seq<Azure.ResourceManager.SecurityCenter.Models.SecurityAlertResourceIdentifier> * seq<string> * string * Nullable<Azure.ResourceManager.SecurityCenter.Models.SecurityAlertStatus> * seq<System.Collections.Generic.IDictionary<string, string>> * Uri * Nullable<DateTimeOffset> * string * Nullable<DateTimeOffset> * seq<Azure.ResourceManager.SecurityCenter.Models.SecurityAlertEntity> * Nullable<bool> * string * System.Collections.Generic.IDictionary<string, string> * string * seq<string> * seq<string> * Azure.ResourceManager.SecurityCenter.Models.SecurityAlertSupportingEvidence -> Azure.ResourceManager.SecurityCenter.SecurityAlertData

Public Shared Function SecurityAlertData (Optional id As ResourceIdentifier = Nothing, Optional name As String = Nothing, Optional resourceType As ResourceType = Nothing, Optional systemData As SystemData = Nothing, Optional version As String = Nothing, Optional alertType As String = Nothing, Optional systemAlertId As String = Nothing, Optional productComponentName As String = Nothing, Optional alertDisplayName As String = Nothing, Optional description As String = Nothing, Optional severity As Nullable(Of SecurityAlertSeverity) = Nothing, Optional intent As Nullable(Of KillChainIntent) = Nothing, Optional startOn As Nullable(Of DateTimeOffset) = Nothing, Optional endOn As Nullable(Of DateTimeOffset) = Nothing, Optional resourceIdentifiers As IEnumerable(Of SecurityAlertResourceIdentifier) = Nothing, Optional remediationSteps As IEnumerable(Of String) = Nothing, Optional vendorName As String = Nothing, Optional status As Nullable(Of SecurityAlertStatus) = Nothing, Optional extendedLinks As IEnumerable(Of IDictionary(Of String, String)) = Nothing, Optional alertUri As Uri = Nothing, Optional generatedOn As Nullable(Of DateTimeOffset) = Nothing, Optional productName As String = Nothing, Optional processingEndOn As Nullable(Of DateTimeOffset) = Nothing, Optional entities As IEnumerable(Of SecurityAlertEntity) = Nothing, Optional isIncident As Nullable(Of Boolean) = Nothing, Optional correlationKey As String = Nothing, Optional extendedProperties As IDictionary(Of String, String) = Nothing, Optional compromisedEntity As String = Nothing, Optional techniques As IEnumerable(Of String) = Nothing, Optional subTechniques As IEnumerable(Of String) = Nothing, Optional supportingEvidence As SecurityAlertSupportingEvidence = Nothing) As SecurityAlertData

Parameters

id: ResourceIdentifier

The id.

name: String

The name.

resourceType: ResourceType

The resourceType.

systemData: SystemData

The systemData.

version: String

Schema version.

alertType: String

Unique identifier for the detection logic (all alert instances from the same detection logic will have the same alertType).

systemAlertId: String

Unique identifier for the alert.

productComponentName: String

The name of Azure Security Center pricing tier which powering this alert. Learn more: https://docs.microsoft.com/en-us/azure/security-center/security-center-pricing.

alertDisplayName: String

The display name of the alert.

description: String

Description of the suspicious activity that was detected.

severity: Nullable<SecurityAlertSeverity>

The risk level of the threat that was detected. Learn more: https://docs.microsoft.com/en-us/azure/security-center/security-center-alerts-overview#how-are-alerts-classified.

intent: Nullable<KillChainIntent>

The kill chain related intent behind the alert. For list of supported values, and explanations of Azure Security Center's supported kill chain intents.

startOn: Nullable<DateTimeOffset>

The UTC time of the first event or activity included in the alert in ISO8601 format.

endOn: Nullable<DateTimeOffset>

The UTC time of the last event or activity included in the alert in ISO8601 format.

resourceIdentifiers: IEnumerable<SecurityAlertResourceIdentifier>

The resource identifiers that can be used to direct the alert to the right product exposure group (tenant, workspace, subscription etc.). There can be multiple identifiers of different type per alert. Please note SecurityAlertResourceIdentifier is the base class. According to the scenario, a derived class of the base class might need to be assigned here, or this property needs to be casted to one of the possible derived classes. The available derived classes include AzureResourceIdentifier and LogAnalyticsIdentifier.

remediationSteps: IEnumerable<String>

Manual action items to take to remediate the alert.

vendorName: String

The name of the vendor that raises the alert.

status: Nullable<SecurityAlertStatus>

The life cycle status of the alert.

extendedLinks: IEnumerable<IDictionary<String,String>>

Links related to the alert.

alertUri: Uri

A direct link to the alert page in Azure Portal.

generatedOn: Nullable<DateTimeOffset>

The UTC time the alert was generated in ISO8601 format.

productName: String

The name of the product which published this alert (Microsoft Sentinel, Microsoft Defender for Identity, Microsoft Defender for Endpoint, Microsoft Defender for Office, Microsoft Defender for Cloud Apps, and so on).