SecurityAlertData Class

Definition

A class representing the SecurityAlert data model. Security alert

public class SecurityAlertData : Azure.ResourceManager.Models.ResourceData
public class SecurityAlertData : Azure.ResourceManager.Models.ResourceData, System.ClientModel.Primitives.IJsonModel<Azure.ResourceManager.SecurityCenter.SecurityAlertData>, System.ClientModel.Primitives.IPersistableModel<Azure.ResourceManager.SecurityCenter.SecurityAlertData>
type SecurityAlertData = class
    inherit ResourceData
type SecurityAlertData = class
    inherit ResourceData
    interface IJsonModel<SecurityAlertData>
    interface IPersistableModel<SecurityAlertData>
Public Class SecurityAlertData
Inherits ResourceData
Public Class SecurityAlertData
Inherits ResourceData
Implements IJsonModel(Of SecurityAlertData), IPersistableModel(Of SecurityAlertData)
Inheritance
SecurityAlertData
Implements

Constructors

SecurityAlertData()

Initializes a new instance of SecurityAlertData.

Properties

AlertDisplayName

The display name of the alert.

AlertType

Unique identifier for the detection logic (all alert instances from the same detection logic will have the same alertType).

AlertUri

A direct link to the alert page in Azure Portal.

CompromisedEntity

The display name of the resource most related to this alert.

CorrelationKey

Key for corelating related alerts. Alerts with the same correlation key considered to be related.

Description

Description of the suspicious activity that was detected.

EndOn

The UTC time of the last event or activity included in the alert in ISO8601 format.

Entities

A list of entities related to the alert.

ExtendedLinks

Links related to the alert.

ExtendedProperties

Custom properties for the alert.

GeneratedOn

The UTC time the alert was generated in ISO8601 format.

Id

Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}.

(Inherited from ResourceData)
Intent

The kill chain related intent behind the alert. For list of supported values, and explanations of Azure Security Center's supported kill chain intents.

IsIncident

This field determines whether the alert is an incident (a compound grouping of several alerts) or a single alert.

Name

The name of the resource.

(Inherited from ResourceData)
ProcessingEndOn

The UTC processing end time of the alert in ISO8601 format.

ProductComponentName

The name of Azure Security Center pricing tier which powering this alert. Learn more: https://docs.microsoft.com/en-us/azure/security-center/security-center-pricing.

ProductName

The name of the product which published this alert (Microsoft Sentinel, Microsoft Defender for Identity, Microsoft Defender for Endpoint, Microsoft Defender for Office, Microsoft Defender for Cloud Apps, and so on).

RemediationSteps

Manual action items to take to remediate the alert.

ResourceIdentifiers

The resource identifiers that can be used to direct the alert to the right product exposure group (tenant, workspace, subscription etc.). There can be multiple identifiers of different type per alert. Please note SecurityAlertResourceIdentifier is the base class. According to the scenario, a derived class of the base class might need to be assigned here, or this property needs to be casted to one of the possible derived classes. The available derived classes include AzureResourceIdentifier and LogAnalyticsIdentifier.

ResourceType

The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts".

(Inherited from ResourceData)
Severity

The risk level of the threat that was detected. Learn more: https://docs.microsoft.com/en-us/azure/security-center/security-center-alerts-overview#how-are-alerts-classified.

StartOn

The UTC time of the first event or activity included in the alert in ISO8601 format.

Status

The life cycle status of the alert.

SubTechniques

Kill chain related sub-techniques behind the alert.

SupportingEvidence

Changing set of properties depending on the supportingEvidence type.

SystemAlertId

Unique identifier for the alert.

SystemData

Azure Resource Manager metadata containing createdBy and modifiedBy information.

(Inherited from ResourceData)
Techniques

kill chain related techniques behind the alert.

VendorName

The name of the vendor that raises the alert.

Version

Schema version.

Methods

JsonModelWriteCore(Utf8JsonWriter, ModelReaderWriterOptions) (Inherited from ResourceData)

Explicit Interface Implementations

IJsonModel<SecurityAlertData>.Create(Utf8JsonReader, ModelReaderWriterOptions)

Reads one JSON value (including objects or arrays) from the provided reader and converts it to a model.

IJsonModel<SecurityAlertData>.Write(Utf8JsonWriter, ModelReaderWriterOptions)

Writes the model to the provided Utf8JsonWriter.

IPersistableModel<SecurityAlertData>.Create(BinaryData, ModelReaderWriterOptions)

Converts the provided BinaryData into a model.

IPersistableModel<SecurityAlertData>.GetFormatFromOptions(ModelReaderWriterOptions)

Gets the data interchange format (JSON, Xml, etc) that the model uses when communicating with the service.

IPersistableModel<SecurityAlertData>.Write(ModelReaderWriterOptions)

Writes the model into a BinaryData.

Applies to