class Azure::Security::Mgmt::V2019_01_01::Models::Alert

Security alert

Attributes

action_taken[RW]

@return [String] The action that was taken as a response to the alert (Active, Blocked etc.)

alert_display_name[RW]

@return [String] Display name of the alert type

alert_name[RW]

@return [String] Name of the alert type

associated_resource[RW]

@return [String] Azure resource ID of the associated resource

can_be_investigated[RW]

@return [Boolean] Whether this alert can be investigated with Azure Security Center

compromised_entity[RW]

@return [String] The entity that the incident happened on

confidence_reasons[RW]

@return [Array<AlertConfidenceReason>] reasons the alert got the confidenceScore value

confidence_score[RW]

@return [Float] level of confidence we have on the alert

correlation_key[RW]

@return [String] Alerts with the same CorrelationKey will be grouped together in Ibiza.

description[RW]

@return [String] Description of the incident and what it means

detected_time_utc[RW]

@return [DateTime] The time the incident was detected by the vendor

entities[RW]

@return [Array<AlertEntity>] objects that are related to this alerts

extended_properties[RW]

@return

instance_id[RW]

@return [String] Instance ID of the alert.

is_incident[RW]

@return [Boolean] Whether this alert is for incident type or not (otherwise - single alert)

remediation_steps[RW]

@return [String] Recommended steps to reradiate the incident

reported_severity[RW]

@return [ReportedSeverity] Estimated severity of this alert. Possible values include: 'Informational', 'Low', 'Medium', 'High'

reported_time_utc[RW]

@return [DateTime] The time the incident was reported to Microsoft.Security in UTC

state[RW]

@return [String] State of the alert (Active, Dismissed etc.)

subscription_id[RW]

@return [String] Azure subscription ID of the resource that had the security alert or the subscription ID of the workspace that this resource reports to

system_source[RW]

@return [String] The type of the alerted resource (Azure, Non-Azure)

vendor_name[RW]

@return [String] Name of the vendor that discovered the incident

workspace_arm_id[RW]

@return [String] Azure resource ID of the workspace that the alert was reported to.

Private Class Methods

mapper() click to toggle source

Mapper for Alert class as Ruby Hash. This will be used for serialization/deserialization.

# File lib/2019-01-01/generated/azure_mgmt_security/models/alert.rb, line 99
def self.mapper()
  {
    client_side_validation: true,
    required: false,
    serialized_name: 'Alert',
    type: {
      name: 'Composite',
      class_name: 'Alert',
      model_properties: {
        id: {
          client_side_validation: true,
          required: false,
          read_only: true,
          serialized_name: 'id',
          type: {
            name: 'String'
          }
        },
        name: {
          client_side_validation: true,
          required: false,
          read_only: true,
          serialized_name: 'name',
          type: {
            name: 'String'
          }
        },
        type: {
          client_side_validation: true,
          required: false,
          read_only: true,
          serialized_name: 'type',
          type: {
            name: 'String'
          }
        },
        state: {
          client_side_validation: true,
          required: false,
          read_only: true,
          serialized_name: 'properties.state',
          type: {
            name: 'String'
          }
        },
        reported_time_utc: {
          client_side_validation: true,
          required: false,
          read_only: true,
          serialized_name: 'properties.reportedTimeUtc',
          type: {
            name: 'DateTime'
          }
        },
        vendor_name: {
          client_side_validation: true,
          required: false,
          read_only: true,
          serialized_name: 'properties.vendorName',
          type: {
            name: 'String'
          }
        },
        alert_name: {
          client_side_validation: true,
          required: false,
          read_only: true,
          serialized_name: 'properties.alertName',
          type: {
            name: 'String'
          }
        },
        alert_display_name: {
          client_side_validation: true,
          required: false,
          read_only: true,
          serialized_name: 'properties.alertDisplayName',
          type: {
            name: 'String'
          }
        },
        detected_time_utc: {
          client_side_validation: true,
          required: false,
          read_only: true,
          serialized_name: 'properties.detectedTimeUtc',
          type: {
            name: 'DateTime'
          }
        },
        description: {
          client_side_validation: true,
          required: false,
          read_only: true,
          serialized_name: 'properties.description',
          type: {
            name: 'String'
          }
        },
        remediation_steps: {
          client_side_validation: true,
          required: false,
          read_only: true,
          serialized_name: 'properties.remediationSteps',
          type: {
            name: 'String'
          }
        },
        action_taken: {
          client_side_validation: true,
          required: false,
          read_only: true,
          serialized_name: 'properties.actionTaken',
          type: {
            name: 'String'
          }
        },
        reported_severity: {
          client_side_validation: true,
          required: false,
          read_only: true,
          serialized_name: 'properties.reportedSeverity',
          type: {
            name: 'String'
          }
        },
        compromised_entity: {
          client_side_validation: true,
          required: false,
          read_only: true,
          serialized_name: 'properties.compromisedEntity',
          type: {
            name: 'String'
          }
        },
        associated_resource: {
          client_side_validation: true,
          required: false,
          read_only: true,
          serialized_name: 'properties.associatedResource',
          type: {
            name: 'String'
          }
        },
        extended_properties: {
          client_side_validation: true,
          required: false,
          serialized_name: 'properties.extendedProperties',
          type: {
            name: 'Dictionary',
            value: {
                client_side_validation: true,
                required: false,
                serialized_name: 'ObjectElementType',
                type: {
                  name: 'Object'
                }
            }
          }
        },
        system_source: {
          client_side_validation: true,
          required: false,
          read_only: true,
          serialized_name: 'properties.systemSource',
          type: {
            name: 'String'
          }
        },
        can_be_investigated: {
          client_side_validation: true,
          required: false,
          read_only: true,
          serialized_name: 'properties.canBeInvestigated',
          type: {
            name: 'Boolean'
          }
        },
        is_incident: {
          client_side_validation: true,
          required: false,
          read_only: true,
          serialized_name: 'properties.isIncident',
          type: {
            name: 'Boolean'
          }
        },
        entities: {
          client_side_validation: true,
          required: false,
          serialized_name: 'properties.entities',
          type: {
            name: 'Sequence',
            element: {
                client_side_validation: true,
                required: false,
                serialized_name: 'AlertEntityElementType',
                type: {
                  name: 'Composite',
                  class_name: 'AlertEntity'
                }
            }
          }
        },
        confidence_score: {
          client_side_validation: true,
          required: false,
          read_only: true,
          serialized_name: 'properties.confidenceScore',
          constraints: {
            InclusiveMaximum: 1,
            InclusiveMinimum: 0
          },
          type: {
            name: 'Double'
          }
        },
        confidence_reasons: {
          client_side_validation: true,
          required: false,
          serialized_name: 'properties.confidenceReasons',
          type: {
            name: 'Sequence',
            element: {
                client_side_validation: true,
                required: false,
                serialized_name: 'AlertConfidenceReasonElementType',
                type: {
                  name: 'Composite',
                  class_name: 'AlertConfidenceReason'
                }
            }
          }
        },
        subscription_id: {
          client_side_validation: true,
          required: false,
          read_only: true,
          serialized_name: 'properties.subscriptionId',
          type: {
            name: 'String'
          }
        },
        instance_id: {
          client_side_validation: true,
          required: false,
          read_only: true,
          serialized_name: 'properties.instanceId',
          type: {
            name: 'String'
          }
        },
        workspace_arm_id: {
          client_side_validation: true,
          required: false,
          read_only: true,
          serialized_name: 'properties.workspaceArmId',
          type: {
            name: 'String'
          }
        },
        correlation_key: {
          client_side_validation: true,
          required: false,
          read_only: true,
          serialized_name: 'properties.correlationKey',
          type: {
            name: 'String'
          }
        }
      }
    }
  }
end