Package com.microsoft.graph.models

Class ServicePrincipalRiskDetection

java.lang.Object
com.microsoft.graph.models.Entity
com.microsoft.graph.models.ServicePrincipalRiskDetection
All Implemented Interfaces:
com.microsoft.graph.serializer.IJsonBackedObject
public class ServicePrincipalRiskDetection extends Entity implements com.microsoft.graph.serializer.IJsonBackedObject
The class for the Service Principal Risk Detection.

  • Field Details

    • activity

      @SerializedName(value="activity", alternate="Activity") @Expose @Nullable public ActivityType activity
      The Activity. Indicates the activity type the detected risk is linked to. The possible values are: signin, servicePrincipal. Note that you must use the Prefer: include-unknown-enum-members request header to get the following value(s) in this evolvable enum: servicePrincipal.

    • activityDateTime

      @SerializedName(value="activityDateTime", alternate="ActivityDateTime") @Expose @Nullable public OffsetDateTime activityDateTime
      The Activity Date Time. Date and time when the risky activity occurred. The DateTimeOffset type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z

    • additionalInfo

      @SerializedName(value="additionalInfo", alternate="AdditionalInfo") @Expose @Nullable public String additionalInfo
      The Additional Info. Additional information associated with the risk detection. This string value is represented as a JSON object with the quotations escaped.

    • appId

      @SerializedName(value="appId", alternate="AppId") @Expose @Nullable public String appId
      The App Id. The unique identifier for the associated application.

    • correlationId

      @SerializedName(value="correlationId", alternate="CorrelationId") @Expose @Nullable public String correlationId
      The Correlation Id. Correlation ID of the sign-in activity associated with the risk detection. This property is null if the risk detection is not associated with a sign-in activity.

    • detectedDateTime

      @SerializedName(value="detectedDateTime", alternate="DetectedDateTime") @Expose @Nullable public OffsetDateTime detectedDateTime
      The Detected Date Time. Date and time when the risk was detected. The DateTimeOffset type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.

    • detectionTimingType

      @SerializedName(value="detectionTimingType", alternate="DetectionTimingType") @Expose @Nullable public RiskDetectionTimingType detectionTimingType
      The Detection Timing Type. Timing of the detected risk , whether real-time or offline. The possible values are: notDefined, realtime, nearRealtime, offline, unknownFutureValue.

    • ipAddress

      @SerializedName(value="ipAddress", alternate="IpAddress") @Expose @Nullable public String ipAddress
      The Ip Address. Provides the IP address of the client from where the risk occurred.

    • keyIds

      @SerializedName(value="keyIds", alternate="KeyIds") @Expose @Nullable public List<String> keyIds
      The Key Ids. The unique identifier for the key credential associated with the risk detection.

    • lastUpdatedDateTime

      @SerializedName(value="lastUpdatedDateTime", alternate="LastUpdatedDateTime") @Expose @Nullable public OffsetDateTime lastUpdatedDateTime
      The Last Updated Date Time. Date and time when the risk detection was last updated.

    • location

      @SerializedName(value="location", alternate="Location") @Expose @Nullable public SignInLocation location
      The Location. Location from where the sign-in was initiated.

    • requestId

      @SerializedName(value="requestId", alternate="RequestId") @Expose @Nullable public String requestId
      The Request Id. Request identifier of the sign-in activity associated with the risk detection. This property is null if the risk detection is not associated with a sign-in activity. Supports $filter (eq).

    • riskDetail

      @SerializedName(value="riskDetail", alternate="RiskDetail") @Expose @Nullable public RiskDetail riskDetail
      The Risk Detail. Details of the detected risk. Note: Details for this property are only available for Workload Identities Premium customers. Events in tenants without this license will be returned hidden. The possible values are: none, hidden, adminConfirmedServicePrincipalCompromised, adminDismissedAllRiskForServicePrincipal. Note that you must use the Prefer: include-unknown-enum-members request header to get the following value(s) in this evolvable enum: adminConfirmedServicePrincipalCompromised , adminDismissedAllRiskForServicePrincipal.

    • riskEventType

      @SerializedName(value="riskEventType", alternate="RiskEventType") @Expose @Nullable public String riskEventType
      The Risk Event Type. The type of risk event detected. The possible values are: investigationsThreatIntelligence, generic, adminConfirmedServicePrincipalCompromised, suspiciousSignins, leakedCredentials, anomalousServicePrincipalActivity, maliciousApplication, suspiciousApplication.

    • riskLevel

      @SerializedName(value="riskLevel", alternate="RiskLevel") @Expose @Nullable public RiskLevel riskLevel
      The Risk Level. Level of the detected risk. Note: Details for this property are only available for Workload Identities Premium customers. Events in tenants without this license will be returned hidden. The possible values are: low, medium, high, hidden, none.

    • riskState

      @SerializedName(value="riskState", alternate="RiskState") @Expose @Nullable public RiskState riskState
      The Risk State. The state of a detected risky service principal or sign-in activity. The possible values are: none, dismissed, atRisk, confirmedCompromised.

    • servicePrincipalDisplayName

      @SerializedName(value="servicePrincipalDisplayName", alternate="ServicePrincipalDisplayName") @Expose @Nullable public String servicePrincipalDisplayName
      The Service Principal Display Name. The display name for the service principal.

    • servicePrincipalId

      @SerializedName(value="servicePrincipalId", alternate="ServicePrincipalId") @Expose @Nullable public String servicePrincipalId
      The Service Principal Id. The unique identifier for the service principal. Supports $filter (eq).

    • source

      @SerializedName(value="source", alternate="Source") @Expose @Nullable public String source
      The Source. Source of the risk detection. For example, identityProtection.

    • tokenIssuerType

      @SerializedName(value="tokenIssuerType", alternate="TokenIssuerType") @Expose @Nullable public TokenIssuerType tokenIssuerType
      The Token Issuer Type. Indicates the type of token issuer for the detected sign-in risk. The possible values are: AzureAD.

  • Constructor Details

    • ServicePrincipalRiskDetection

      public ServicePrincipalRiskDetection()

  • Method Details

    • setRawObject

      public void setRawObject(@Nonnull com.microsoft.graph.serializer.ISerializer serializer, @Nonnull com.google.gson.JsonObject json)
      Sets the raw JSON object
      Specified by:
      setRawObject in interface com.microsoft.graph.serializer.IJsonBackedObject
      Overrides:
      setRawObject in class Entity
      Parameters:
      serializer - the serializer
      json - the JSON object to set this object to