Package com.microsoft.graph.security.models

Class Incident

java.lang.Object

com.microsoft.graph.models.Entity

com.microsoft.graph.security.models.Incident

All Implemented Interfaces:

com.microsoft.graph.serializer.IJsonBackedObject

public class Incident
extends Entity
implements com.microsoft.graph.serializer.IJsonBackedObject

The class for the Incident.

Field Summary

Fields

Modifier and Type	Field	Description
AlertCollectionPage	alerts	The Alerts.
String	assignedTo	The Assigned To.
AlertClassification	classification	The Classification.
List<AlertComment>	comments	The Comments.
OffsetDateTime	createdDateTime	The Created Date Time.
List<String>	customTags	The Custom Tags.
AlertDetermination	determination	The Determination.
String	displayName	The Display Name.
String	incidentWebUrl	The Incident Web Url.
OffsetDateTime	lastUpdateDateTime	The Last Update Date Time.
String	redirectIncidentId	The Redirect Incident Id.
AlertSeverity	severity	The Severity.
IncidentStatus	status	The Status.
String	tenantId	The Tenant Id.

Fields inherited from class com.microsoft.graph.models.Entity

id, oDataType

Constructor Summary

Constructors

Constructor	Description
Incident()

Method Summary

Modifier and Type	Method	Description
void	setRawObject(com.microsoft.graph.serializer.ISerializer serializer, com.google.gson.JsonObject json)	Sets the raw JSON object

Methods inherited from class com.microsoft.graph.models.Entity

additionalDataManager

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface com.microsoft.graph.serializer.IJsonBackedObject

additionalDataManager

Field Details

assignedTo

@SerializedName(value="assignedTo",
                alternate="AssignedTo")
@Expose
@Nullable
public String assignedTo

The Assigned To. Owner of the incident, or null if no owner is assigned. Free editable text.

classification

@SerializedName(value="classification",
                alternate="Classification")
@Expose
@Nullable
public AlertClassification classification

The Classification. The specification for the incident. Possible values are: unknown, falsePositive, truePositive, informationalExpectedActivity, unknownFutureValue.

comments

@SerializedName(value="comments",
                alternate="Comments")
@Expose
@Nullable
public List<AlertComment> comments

The Comments. Array of comments created by the Security Operations (SecOps) team when the incident is managed.

createdDateTime

@SerializedName(value="createdDateTime",
                alternate="CreatedDateTime")
@Expose
@Nullable
public OffsetDateTime createdDateTime

The Created Date Time. Time when the incident was first created.

customTags

@SerializedName(value="customTags",
                alternate="CustomTags")
@Expose
@Nullable
public List<String> customTags

The Custom Tags. Array of custom tags associated with an incident.

determination

@SerializedName(value="determination",
                alternate="Determination")
@Expose
@Nullable
public AlertDetermination determination

The Determination. Specifies the determination of the incident. Possible values are: unknown, apt, malware, securityPersonnel, securityTesting, unwantedSoftware, other, multiStagedAttack, compromisedUser, phishing, maliciousUserActivity, clean, insufficientData, confirmedUserActivity, lineOfBusinessApplication, unknownFutureValue.

displayName

@SerializedName(value="displayName",
                alternate="DisplayName")
@Expose
@Nullable
public String displayName

The Display Name. The incident name.

incidentWebUrl

@SerializedName(value="incidentWebUrl",
                alternate="IncidentWebUrl")
@Expose
@Nullable
public String incidentWebUrl

The Incident Web Url. The URL for the incident page in the Microsoft 365 Defender portal.

lastUpdateDateTime

@SerializedName(value="lastUpdateDateTime",
                alternate="LastUpdateDateTime")
@Expose
@Nullable
public OffsetDateTime lastUpdateDateTime

The Last Update Date Time. Time when the incident was last updated.

redirectIncidentId

@SerializedName(value="redirectIncidentId",
                alternate="RedirectIncidentId")
@Expose
@Nullable
public String redirectIncidentId

The Redirect Incident Id. Only populated in case an incident is grouped together with another incident, as part of the logic that processes incidents. In such a case, the status property is redirected.

severity

@SerializedName(value="severity",
                alternate="Severity")
@Expose
@Nullable
public AlertSeverity severity

The Severity. Indicates the possible impact on assets. The higher the severity, the bigger the impact. Typically higher severity items require the most immediate attention. Possible values are: unknown, informational, low, medium, high, unknownFutureValue.

status

@SerializedName(value="status",
                alternate="Status")
@Expose
@Nullable
public IncidentStatus status

The Status. The status of the incident. Possible values are: active, resolved, inProgress, redirected, unknownFutureValue, and awaitingAction.

tenantId

@SerializedName(value="tenantId",
                alternate="TenantId")
@Expose
@Nullable
public String tenantId

The Tenant Id. The Azure Active Directory tenant in which the alert was created.

alerts

@Nullable
public AlertCollectionPage alerts

The Alerts. The list of related alerts. Supports $expand.

Constructor Details

Incident

public Incident()

Method Details

setRawObject

public void setRawObject(@Nonnull
 com.microsoft.graph.serializer.ISerializer serializer,
 @Nonnull
 com.google.gson.JsonObject json)

Sets the raw JSON object

Specified by:

setRawObject in interface com.microsoft.graph.serializer.IJsonBackedObject

Overrides:

setRawObject in class Entity

Parameters:

serializer - the serializer

json - the JSON object to set this object to