Feedback Edit

MailClusterEntity Class

  • Reference

Represents a mail cluster entity.

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to Azure.

Inheritance
azure.mgmt.securityinsight.models._models_py3.Entity
MailClusterEntity

Constructor

MailClusterEntity(**kwargs)

Variables

id
str

Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}.

name
str

The name of the resource.

type
str

The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts".

system_data
SystemData

Azure Resource Manager metadata containing createdBy and modifiedBy information.

kind
str or EntityKind

Required. The kind of the entity.Constant filled by server. Possible values include: "Account", "Host", "File", "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail".

additional_data
dict[str, any]

A bag of custom fields that should be part of the entity and will be presented to the user.

friendly_name
str

The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.

network_message_ids
list[str]

The mail message IDs that are part of the mail cluster.

count_by_delivery_status
any

Count of mail messages by DeliveryStatus string representation.

count_by_threat_type
any

Count of mail messages by ThreatType string representation.

count_by_protection_status
any

Count of mail messages by ProtectionStatus string representation.

threats
list[str]

The threats of mail messages that are part of the mail cluster.

query
str

The query that was used to identify the messages of the mail cluster.

query_time
datetime

The query time.

mail_count
int

The number of mail messages that are part of the mail cluster.

is_volume_anomaly
bool

Is this a volume anomaly mail cluster.

source
str

The source of the mail cluster (default is 'O365 ATP').

cluster_source_identifier
str

The id of the cluster source.

cluster_source_type
str

The type of the cluster source.

cluster_query_start_time
datetime

The cluster query start time.

cluster_query_end_time
datetime

The cluster query end time.

cluster_group
str

The cluster group.