Incident Class
Incident.
Variables are only populated by the server, and will be ignored when sending a request.
- Inheritance
-
azure.mgmt.securityinsight.models._models_py3.ResourceWithEtagIncident
Constructor
Incident(*, etag: str | None = None, title: str | None = None, description: str | None = None, severity: str | _models.IncidentSeverity | None = None, status: str | _models.IncidentStatus | None = None, classification: str | _models.IncidentClassification | None = None, classification_reason: str | _models.IncidentClassificationReason | None = None, classification_comment: str | None = None, owner: _models.IncidentOwnerInfo | None = None, labels: List[_models.IncidentLabel] | None = None, first_activity_time_utc: datetime | None = None, last_activity_time_utc: datetime | None = None, provider_name: str | None = None, provider_incident_id: str | None = None, team_information: _models.TeamInformation | None = None, **kwargs)Keyword-Only Parameters
| Name | Description |
|---|---|
|
etag
|
Etag of the azure resource. |
|
title
|
The title of the incident. |
|
description
|
The description of the incident. |
|
severity
|
The severity of the incident. Known values are: "High", "Medium", "Low", and "Informational". |
|
status
|
The status of the incident. Known values are: "New", "Active", and "Closed". |
|
classification
|
The reason the incident was closed. Known values are: "Undetermined", "TruePositive", "BenignPositive", and "FalsePositive". |
|
classification_reason
|
The classification reason the incident was closed with. Known values are: "SuspiciousActivity", "SuspiciousButExpected", "IncorrectAlertLogic", and "InaccurateData". |
|
classification_comment
|
Describes the reason the incident was closed. |
|
owner
|
Describes a user that the incident is assigned to. |
|
labels
|
List of labels relevant to this incident. |
|
first_activity_time_utc
|
The time of the first activity in the incident. |
|
last_activity_time_utc
|
The time of the last activity in the incident. |
|
provider_name
|
The name of the source provider that generated the incident. |
|
provider_incident_id
|
The incident ID assigned by the incident provider. |
|
team_information
|
Describes a team for the incident. |
Variables
| Name | Description |
|---|---|
|
id
|
Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. |
|
name
|
The name of the resource. |
|
type
|
The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts". |
|
system_data
|
Azure Resource Manager metadata containing createdBy and modifiedBy information. |
|
etag
|
Etag of the azure resource. |
|
title
|
The title of the incident. |
|
description
|
The description of the incident. |
|
severity
|
The severity of the incident. Known values are: "High", "Medium", "Low", and "Informational". |
|
status
|
The status of the incident. Known values are: "New", "Active", and "Closed". |
|
classification
|
The reason the incident was closed. Known values are: "Undetermined", "TruePositive", "BenignPositive", and "FalsePositive". |
|
classification_reason
|
The classification reason the incident was closed with. Known values are: "SuspiciousActivity", "SuspiciousButExpected", "IncorrectAlertLogic", and "InaccurateData". |
|
classification_comment
|
Describes the reason the incident was closed. |
|
owner
|
Describes a user that the incident is assigned to. |
|
labels
|
List of labels relevant to this incident. |
|
first_activity_time_utc
|
The time of the first activity in the incident. |
|
last_activity_time_utc
|
The time of the last activity in the incident. |
|
last_modified_time_utc
|
The last time the incident was updated. |
|
created_time_utc
|
The time the incident was created. |
|
incident_number
|
A sequential number. |
|
additional_data
|
Additional data on the incident. |
|
related_analytic_rule_ids
|
List of resource ids of Analytic rules related to the incident. |
|
incident_url
|
The deep-link url to the incident in Azure portal. |
|
provider_name
|
The name of the source provider that generated the incident. |
|
provider_incident_id
|
The incident ID assigned by the incident provider. |
|
team_information
|
Describes a team for the incident. |
Azure SDK for Python
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for