kubernetesClusterEvidence resource type

Namespace: microsoft.graph.security

Important

APIs under the /beta version in Microsoft Graph are subject to change. Use of these APIs in production applications is not supported. To determine whether an API is available in v1.0, use the Version selector.

Represents a Kubernetes cluster.

Inherits from alertEvidence.

Properties

Property Type Description
cloudResource microsoft.graph.security.alertEvidence The cloud identifier of the cluster. Can be either an amazonResourceEvidence, azureResourceEvidence, or googleCloudResourceEvidence object.
createdDateTime DateTimeOffset The date and time when the evidence was created and added to the alert. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Inherited from alertEvidence.
distribution String The distribution type of the cluster.
name String The cluster name.
platform microsoft.graph.security.kubernetesPlatform The platform the cluster runs on. Possible values are: unknown, aks, eks, gke, arc, unknownFutureValue.
remediationStatus microsoft.graph.security.evidenceRemediationStatus Status of the remediation action taken. The possible values are: none, remediated, prevented, blocked, notFound, unknownFutureValue. Inherited from alertEvidence.
remediationStatusDetails String Details about the remediation status. Inherited from alertEvidence.
roles microsoft.graph.security.evidenceRole collection One or more roles that an evidence entity represents in an alert. For example, an IP address that is associated with an attacker has the evidence role Attacker. Possible values are: unknown, contextual, scanned, source, destination, created, added, compromised, edited, attacked, attacker, commandAndControl, loaded, suspicious, policyViolator, unknownFutureValue. Inherited from alertEvidence.
tags String collection Array of custom tags associated with an evidence instance. For example, to denote a group of devices or high value assets. Inherited from alertEvidence.
verdict microsoft.graph.security.evidenceVerdict The decision reached by automated investigation. The possible values are: unknown, suspicious, malicious, noThreatsFound, unknownFutureValue. Inherited from alertEvidence.
version String The kubernetes version of the cluster.

kubernetesPlatform values

Member Description
unknown An unknown platform for forward compatibility.
aks Azure Kubernetes Service.
eks Amazon Elastic Kubernetes Service.
gke Google Kubernetes Engine.
arc Azure Arc-connected cluster.
unknownFutureValue Evolvable enumeration sentinel value. Do not use.

Relationships

None.

JSON representation

The following JSON representation shows the resource type.

{
  "@odata.type": "#microsoft.graph.security.kubernetesClusterEvidence",
  "cloudResource": {
    "@odata.type": "microsoft.graph.security.alertEvidence"
  },
  "createdDateTime": "String (timestamp)",
  "distribution": "String",
  "name": "String",
  "platform": "String",
  "remediationStatus": "String",
  "remediationStatusDetails": "String",
  "roles": ["String"],
  "tags": ["String"],
  "verdict": "String",
  "version": "String"
}