ArmSecurityCenterModelFactory.SecurityAlertData Method
Definition
Important
Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
Initializes a new instance of SecurityAlertData.
public static Azure.ResourceManager.SecurityCenter.SecurityAlertData SecurityAlertData (Azure.Core.ResourceIdentifier id = default, string name = default, Azure.Core.ResourceType resourceType = default, Azure.ResourceManager.Models.SystemData systemData = default, string version = default, string alertType = default, string systemAlertId = default, string productComponentName = default, string alertDisplayName = default, string description = default, Azure.ResourceManager.SecurityCenter.Models.SecurityAlertSeverity? severity = default, Azure.ResourceManager.SecurityCenter.Models.KillChainIntent? intent = default, DateTimeOffset? startOn = default, DateTimeOffset? endOn = default, System.Collections.Generic.IEnumerable<Azure.ResourceManager.SecurityCenter.Models.SecurityAlertResourceIdentifier> resourceIdentifiers = default, System.Collections.Generic.IEnumerable<string> remediationSteps = default, string vendorName = default, Azure.ResourceManager.SecurityCenter.Models.SecurityAlertStatus? status = default, System.Collections.Generic.IEnumerable<System.Collections.Generic.IDictionary<string,string>> extendedLinks = default, Uri alertUri = default, DateTimeOffset? generatedOn = default, string productName = default, DateTimeOffset? processingEndOn = default, System.Collections.Generic.IEnumerable<Azure.ResourceManager.SecurityCenter.Models.SecurityAlertEntity> entities = default, bool? isIncident = default, string correlationKey = default, System.Collections.Generic.IDictionary<string,string> extendedProperties = default, string compromisedEntity = default, System.Collections.Generic.IEnumerable<string> techniques = default, System.Collections.Generic.IEnumerable<string> subTechniques = default, Azure.ResourceManager.SecurityCenter.Models.SecurityAlertSupportingEvidence supportingEvidence = default);
static member SecurityAlertData : Azure.Core.ResourceIdentifier * string * Azure.Core.ResourceType * Azure.ResourceManager.Models.SystemData * string * string * string * string * string * string * Nullable<Azure.ResourceManager.SecurityCenter.Models.SecurityAlertSeverity> * Nullable<Azure.ResourceManager.SecurityCenter.Models.KillChainIntent> * Nullable<DateTimeOffset> * Nullable<DateTimeOffset> * seq<Azure.ResourceManager.SecurityCenter.Models.SecurityAlertResourceIdentifier> * seq<string> * string * Nullable<Azure.ResourceManager.SecurityCenter.Models.SecurityAlertStatus> * seq<System.Collections.Generic.IDictionary<string, string>> * Uri * Nullable<DateTimeOffset> * string * Nullable<DateTimeOffset> * seq<Azure.ResourceManager.SecurityCenter.Models.SecurityAlertEntity> * Nullable<bool> * string * System.Collections.Generic.IDictionary<string, string> * string * seq<string> * seq<string> * Azure.ResourceManager.SecurityCenter.Models.SecurityAlertSupportingEvidence -> Azure.ResourceManager.SecurityCenter.SecurityAlertData
Public Shared Function SecurityAlertData (Optional id As ResourceIdentifier = Nothing, Optional name As String = Nothing, Optional resourceType As ResourceType = Nothing, Optional systemData As SystemData = Nothing, Optional version As String = Nothing, Optional alertType As String = Nothing, Optional systemAlertId As String = Nothing, Optional productComponentName As String = Nothing, Optional alertDisplayName As String = Nothing, Optional description As String = Nothing, Optional severity As Nullable(Of SecurityAlertSeverity) = Nothing, Optional intent As Nullable(Of KillChainIntent) = Nothing, Optional startOn As Nullable(Of DateTimeOffset) = Nothing, Optional endOn As Nullable(Of DateTimeOffset) = Nothing, Optional resourceIdentifiers As IEnumerable(Of SecurityAlertResourceIdentifier) = Nothing, Optional remediationSteps As IEnumerable(Of String) = Nothing, Optional vendorName As String = Nothing, Optional status As Nullable(Of SecurityAlertStatus) = Nothing, Optional extendedLinks As IEnumerable(Of IDictionary(Of String, String)) = Nothing, Optional alertUri As Uri = Nothing, Optional generatedOn As Nullable(Of DateTimeOffset) = Nothing, Optional productName As String = Nothing, Optional processingEndOn As Nullable(Of DateTimeOffset) = Nothing, Optional entities As IEnumerable(Of SecurityAlertEntity) = Nothing, Optional isIncident As Nullable(Of Boolean) = Nothing, Optional correlationKey As String = Nothing, Optional extendedProperties As IDictionary(Of String, String) = Nothing, Optional compromisedEntity As String = Nothing, Optional techniques As IEnumerable(Of String) = Nothing, Optional subTechniques As IEnumerable(Of String) = Nothing, Optional supportingEvidence As SecurityAlertSupportingEvidence = Nothing) As SecurityAlertData
Parameters
The id.
- name
- String
The name.
- resourceType
- ResourceType
The resourceType.
- systemData
- SystemData
The systemData.
- version
- String
Schema version.
- alertType
- String
Unique identifier for the detection logic (all alert instances from the same detection logic will have the same alertType).
- systemAlertId
- String
Unique identifier for the alert.
- productComponentName
- String
The name of Azure Security Center pricing tier which powering this alert. Learn more: https://docs.microsoft.com/en-us/azure/security-center/security-center-pricing.
- alertDisplayName
- String
The display name of the alert.
- description
- String
Description of the suspicious activity that was detected.
- severity
- Nullable<SecurityAlertSeverity>
The risk level of the threat that was detected. Learn more: https://docs.microsoft.com/en-us/azure/security-center/security-center-alerts-overview#how-are-alerts-classified.
- intent
- Nullable<KillChainIntent>
The kill chain related intent behind the alert. For list of supported values, and explanations of Azure Security Center's supported kill chain intents.
- startOn
- Nullable<DateTimeOffset>
The UTC time of the first event or activity included in the alert in ISO8601 format.
- endOn
- Nullable<DateTimeOffset>
The UTC time of the last event or activity included in the alert in ISO8601 format.
- resourceIdentifiers
- IEnumerable<SecurityAlertResourceIdentifier>
The resource identifiers that can be used to direct the alert to the right product exposure group (tenant, workspace, subscription etc.). There can be multiple identifiers of different type per alert. Please note SecurityAlertResourceIdentifier is the base class. According to the scenario, a derived class of the base class might need to be assigned here, or this property needs to be casted to one of the possible derived classes. The available derived classes include AzureResourceIdentifier and LogAnalyticsIdentifier.
- remediationSteps
- IEnumerable<String>
Manual action items to take to remediate the alert.
- vendorName
- String
The name of the vendor that raises the alert.
- status
- Nullable<SecurityAlertStatus>
The life cycle status of the alert.
- extendedLinks
- IEnumerable<IDictionary<String,String>>
Links related to the alert.
- alertUri
- Uri
A direct link to the alert page in Azure Portal.
- generatedOn
- Nullable<DateTimeOffset>
The UTC time the alert was generated in ISO8601 format.
- productName
- String
The name of the product which published this alert (Microsoft Sentinel, Microsoft Defender for Identity, Microsoft Defender for Endpoint, Microsoft Defender for Office, Microsoft Defender for Cloud Apps, and so on).
- processingEndOn
- Nullable<DateTimeOffset>
The UTC processing end time of the alert in ISO8601 format.
- entities
- IEnumerable<SecurityAlertEntity>
A list of entities related to the alert.
This field determines whether the alert is an incident (a compound grouping of several alerts) or a single alert.
- correlationKey
- String
Key for corelating related alerts. Alerts with the same correlation key considered to be related.
- extendedProperties
- IDictionary<String,String>
Custom properties for the alert.
- compromisedEntity
- String
The display name of the resource most related to this alert.
- techniques
- IEnumerable<String>
kill chain related techniques behind the alert.
- subTechniques
- IEnumerable<String>
Kill chain related sub-techniques behind the alert.
- supportingEvidence
- SecurityAlertSupportingEvidence
Changing set of properties depending on the supportingEvidence type.
Returns
A new SecurityAlertData instance for mocking.