SecurityAlert Class
Represents a security alert entity.
Variables are only populated by the server, and will be ignored when sending a request.
All required parameters must be populated in order to send to Azure.
- Inheritance
-
azure.mgmt.securityinsight.models._models_py3.EntitySecurityAlert
Constructor
SecurityAlert(*, severity: Optional[Union[str, azure.mgmt.securityinsight.models._security_insights_enums.AlertSeverity]] = None, **kwargs)Variables
- id
- str
Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}.
- name
- str
The name of the resource.
- type
- str
The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts".
- system_data
- SystemData
Azure Resource Manager metadata containing createdBy and modifiedBy information.
- kind
- str or EntityKind
Required. The kind of the entity.Constant filled by server. Possible values include: "Account", "Host", "File", "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail".
A bag of custom fields that should be part of the entity and will be presented to the user.
- friendly_name
- str
The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.
- alert_display_name
- str
The display name of the alert.
- alert_type
- str
The type name of the alert.
- compromised_entity
- str
Display name of the main entity being reported on.
- confidence_level
- str or ConfidenceLevel
The confidence level of this alert. Possible values include: "Unknown", "Low", "High".
- confidence_reasons
- list[SecurityAlertPropertiesConfidenceReasonsItem]
The confidence reasons.
- confidence_score
- float
The confidence score of the alert.
- confidence_score_status
- str or ConfidenceScoreStatus
The confidence score calculation status, i.e. indicating if score calculation is pending for this alert, not applicable or final. Possible values include: "NotApplicable", "InProcess", "NotFinal", "Final".
- description
- str
Alert description.
- end_time_utc
- datetime
The impact end time of the alert (the time of the last event contributing to the alert).
- intent
- str or KillChainIntent
Holds the alert intent stage(s) mapping for this alert. Possible values include: "Unknown", "Probing", "Exploitation", "Persistence", "PrivilegeEscalation", "DefenseEvasion", "CredentialAccess", "Discovery", "LateralMovement", "Execution", "Collection", "Exfiltration", "CommandAndControl", "Impact".
- provider_alert_id
- str
The identifier of the alert inside the product which generated the alert.
- processing_end_time
- datetime
The time the alert was made available for consumption.
- product_component_name
- str
The name of a component inside the product which generated the alert.
- product_name
- str
The name of the product which published this alert.
- product_version
- str
The version of the product generating the alert.
- severity
- str or AlertSeverity
The severity of the alert. Possible values include: "High", "Medium", "Low", "Informational".
- start_time_utc
- datetime
The impact start time of the alert (the time of the first event contributing to the alert).
- status
- str or AlertStatus
The lifecycle status of the alert. Possible values include: "Unknown", "New", "Resolved", "Dismissed", "InProgress".
- system_alert_id
- str
Holds the product identifier of the alert for the product.
- tactics
- list[str or AttackTactic]
The tactics of the alert.
- time_generated
- datetime
The time the alert was generated.
- vendor_name
- str
The name of the vendor that raise the alert.
- alert_link
- str
The uri link of the alert.
Feedback
Submit and view feedback for