Package com.microsoft.graph.security.models

Class Alert

java.lang.Object
com.microsoft.graph.models.Entity
com.microsoft.graph.security.models.Alert
All Implemented Interfaces:
com.microsoft.graph.serializer.IJsonBackedObject
public class Alert extends Entity implements com.microsoft.graph.serializer.IJsonBackedObject
The class for the Alert.

  • Field Details

    • actorDisplayName

      @SerializedName(value="actorDisplayName", alternate="ActorDisplayName") @Expose @Nullable public String actorDisplayName
      The Actor Display Name. The adversary or activity group that is associated with this alert.

    • alertWebUrl

      @SerializedName(value="alertWebUrl", alternate="AlertWebUrl") @Expose @Nullable public String alertWebUrl
      The Alert Web Url. URL for the alert page in the Microsoft 365 Defender portal.

    • assignedTo

      @SerializedName(value="assignedTo", alternate="AssignedTo") @Expose @Nullable public String assignedTo
      The Assigned To. Owner of the alert, or null if no owner is assigned.

    • category

      @SerializedName(value="category", alternate="Category") @Expose @Nullable public String category
      The Category. The attack kill-chain category that the alert belongs to. Aligned with the MITRE ATT&CK framework.

    • classification

      @SerializedName(value="classification", alternate="Classification") @Expose @Nullable public AlertClassification classification
      The Classification. Specifies whether the alert represents a true threat. Possible values are: unknown, falsePositive, truePositive, benignPositive, unknownFutureValue.

    • comments

      @SerializedName(value="comments", alternate="Comments") @Expose @Nullable public List<AlertComment> comments
      The Comments. Array of comments created by the Security Operations (SecOps) team during the alert management process.

    • createdDateTime

      @SerializedName(value="createdDateTime", alternate="CreatedDateTime") @Expose @Nullable public OffsetDateTime createdDateTime
      The Created Date Time. Time when Microsoft 365 Defender created the alert.

    • description

      @SerializedName(value="description", alternate="Description") @Expose @Nullable public String description
      The Description. String value describing each alert.

    • detectionSource

      @SerializedName(value="detectionSource", alternate="DetectionSource") @Expose @Nullable public DetectionSource detectionSource
      The Detection Source. Detection technology or sensor that identified the notable component or activity. Possible values are: unknown, microsoftDefenderForEndpoint, antivirus, smartScreen, customTi, microsoftDefenderForOffice365, automatedInvestigation, microsoftThreatExperts, customDetection, microsoftDefenderForIdentity, cloudAppSecurity, microsoft365Defender, azureAdIdentityProtection, manual, microsoftDataLossPrevention, appGovernancePolicy, appGovernanceDetection, unknownFutureValue, microsoftDefenderForCloud. Note that you must use the Prefer: include-unknown-enum-members request header to get the following value(s) in this evolvable enum: microsoftDefenderForCloud.

    • detectorId

      @SerializedName(value="detectorId", alternate="DetectorId") @Expose @Nullable public String detectorId
      The Detector Id. The ID of the detector that triggered the alert.

    • determination

      @SerializedName(value="determination", alternate="Determination") @Expose @Nullable public AlertDetermination determination
      The Determination. Specifies the result of the investigation, whether the alert represents a true attack and if so, the nature of the attack. Possible values are: unknown, apt, malware, securityPersonnel, securityTesting, unwantedSoftware, other, multiStagedAttack, compromisedUser, phishing, maliciousUserActivity, clean, insufficientData, confirmedUserActivity, lineOfBusinessApplication, unknownFutureValue.

    • evidence

      @SerializedName(value="evidence", alternate="Evidence") @Expose @Nullable public List<AlertEvidence> evidence
      The Evidence. Collection of evidence related to the alert.

    • firstActivityDateTime

      @SerializedName(value="firstActivityDateTime", alternate="FirstActivityDateTime") @Expose @Nullable public OffsetDateTime firstActivityDateTime
      The First Activity Date Time. The earliest activity associated with the alert.

    • incidentId

      @SerializedName(value="incidentId", alternate="IncidentId") @Expose @Nullable public String incidentId
      The Incident Id. Unique identifier to represent the incident this alert resource is associated with.

    • incidentWebUrl

      @SerializedName(value="incidentWebUrl", alternate="IncidentWebUrl") @Expose @Nullable public String incidentWebUrl
      The Incident Web Url. URL for the incident page in the Microsoft 365 Defender portal.

    • lastActivityDateTime

      @SerializedName(value="lastActivityDateTime", alternate="LastActivityDateTime") @Expose @Nullable public OffsetDateTime lastActivityDateTime
      The Last Activity Date Time. The oldest activity associated with the alert.

    • lastUpdateDateTime

      @SerializedName(value="lastUpdateDateTime", alternate="LastUpdateDateTime") @Expose @Nullable public OffsetDateTime lastUpdateDateTime
      The Last Update Date Time. Time when the alert was last updated at Microsoft 365 Defender.

    • mitreTechniques

      @SerializedName(value="mitreTechniques", alternate="MitreTechniques") @Expose @Nullable public List<String> mitreTechniques
      The Mitre Techniques. The attack techniques, as aligned with the MITRE ATT&CK framework.

    • providerAlertId

      @SerializedName(value="providerAlertId", alternate="ProviderAlertId") @Expose @Nullable public String providerAlertId
      The Provider Alert Id. The ID of the alert as it appears in the security provider product that generated the alert.

    • recommendedActions

      @SerializedName(value="recommendedActions", alternate="RecommendedActions") @Expose @Nullable public String recommendedActions
      The Recommended Actions. Recommended response and remediation actions to take in the event this alert was generated.

    • resolvedDateTime

      @SerializedName(value="resolvedDateTime", alternate="ResolvedDateTime") @Expose @Nullable public OffsetDateTime resolvedDateTime
      The Resolved Date Time. Time when the alert was resolved.

    • serviceSource

      @SerializedName(value="serviceSource", alternate="ServiceSource") @Expose @Nullable public ServiceSource serviceSource
      The Service Source. The service or product that created this alert. Possible values are: unknown, microsoftDefenderForEndpoint, microsoftDefenderForIdentity, microsoftDefenderForCloudApps, microsoftDefenderForOffice365, microsoft365Defender, azureAdIdentityProtection, microsoftAppGovernance, dataLossPrevention, unknownFutureValue, microsoftDefenderForCloud. Note that you must use the Prefer: include-unknown-enum-members request header to get the following value(s) in this evolvable enum: microsoftDefenderForCloud.

    • severity

      @SerializedName(value="severity", alternate="Severity") @Expose @Nullable public AlertSeverity severity
      The Severity. Indicates the possible impact on assets. The higher the severity the bigger the impact. Typically higher severity items require the most immediate attention. Possible values are: unknown, informational, low, medium, high, unknownFutureValue.

    • status

      @SerializedName(value="status", alternate="Status") @Expose @Nullable public AlertStatus status
      The Status. The status of the alert. Possible values are: new, inProgress, resolved, unknownFutureValue.

    • tenantId

      @SerializedName(value="tenantId", alternate="TenantId") @Expose @Nullable public String tenantId
      The Tenant Id. The Azure Active Directory tenant the alert was created in.

    • threatDisplayName

      @SerializedName(value="threatDisplayName", alternate="ThreatDisplayName") @Expose @Nullable public String threatDisplayName
      The Threat Display Name. The threat associated with this alert.

    • threatFamilyName

      @SerializedName(value="threatFamilyName", alternate="ThreatFamilyName") @Expose @Nullable public String threatFamilyName
      The Threat Family Name. Threat family associated with this alert.

    • title

      @SerializedName(value="title", alternate="Title") @Expose @Nullable public String title
      The Title. Brief identifying string value describing the alert.

  • Constructor Details

    • Alert

      public Alert()

  • Method Details

    • setRawObject

      public void setRawObject(@Nonnull com.microsoft.graph.serializer.ISerializer serializer, @Nonnull com.google.gson.JsonObject json)
      Sets the raw JSON object
      Specified by:
      setRawObject in interface com.microsoft.graph.serializer.IJsonBackedObject
      Overrides:
      setRawObject in class Entity
      Parameters:
      serializer - the serializer
      json - the JSON object to set this object to