SecurityAlertProperties interface
SecurityAlert entity property bag.
- Extends
Properties
| alert |
The display name of the alert. |
| alert |
The uri link of the alert. |
| alert |
The type name of the alert. |
| compromised |
Display name of the main entity being reported on. |
| confidence |
The confidence level of this alert. |
| confidence |
The confidence reasons |
| confidence |
The confidence score of the alert. |
| confidence |
The confidence score calculation status, i.e. indicating if score calculation is pending for this alert, not applicable or final. |
| description | Alert description. |
| end |
The impact end time of the alert (the time of the last event contributing to the alert). |
| intent | Holds the alert intent stage(s) mapping for this alert. |
| processing |
The time the alert was made available for consumption. |
| product |
The name of a component inside the product which generated the alert. |
| product |
The name of the product which published this alert. |
| product |
The version of the product generating the alert. |
| provider |
The identifier of the alert inside the product which generated the alert. |
| remediation |
Manual action items to take to remediate the alert. |
| resource |
The list of resource identifiers of the alert. |
| severity | The severity of the alert |
| start |
The impact start time of the alert (the time of the first event contributing to the alert). |
| status | The lifecycle status of the alert. |
| system |
Holds the product identifier of the alert for the product. |
| tactics | The tactics of the alert |
| time |
The time the alert was generated. |
| vendor |
The name of the vendor that raise the alert. |
Inherited Properties
| additional |
A bag of custom fields that should be part of the entity and will be presented to the user. |
| friendly |
The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. |
Property Details
alertDisplayName
The display name of the alert.
alertDisplayName?: stringProperty Value
string
alertLink
The uri link of the alert.
alertLink?: stringProperty Value
string
alertType
The type name of the alert.
alertType?: stringProperty Value
string
compromisedEntity
Display name of the main entity being reported on.
compromisedEntity?: stringProperty Value
string
confidenceLevel
The confidence level of this alert.
confidenceLevel?: stringProperty Value
string
confidenceReasons
The confidence reasons
confidenceReasons?: SecurityAlertPropertiesConfidenceReasonsItem[]Property Value
confidenceScore
The confidence score of the alert.
confidenceScore?: numberProperty Value
number
confidenceScoreStatus
The confidence score calculation status, i.e. indicating if score calculation is pending for this alert, not applicable or final.
confidenceScoreStatus?: stringProperty Value
string
description
Alert description.
description?: stringProperty Value
string
endTimeUtc
The impact end time of the alert (the time of the last event contributing to the alert).
endTimeUtc?: DateProperty Value
Date
intent
Holds the alert intent stage(s) mapping for this alert.
intent?: stringProperty Value
string
processingEndTime
The time the alert was made available for consumption.
processingEndTime?: DateProperty Value
Date
productComponentName
The name of a component inside the product which generated the alert.
productComponentName?: stringProperty Value
string
productName
The name of the product which published this alert.
productName?: stringProperty Value
string
productVersion
The version of the product generating the alert.
productVersion?: stringProperty Value
string
providerAlertId
The identifier of the alert inside the product which generated the alert.
providerAlertId?: stringProperty Value
string
remediationSteps
Manual action items to take to remediate the alert.
remediationSteps?: string[]Property Value
string[]
resourceIdentifiers
The list of resource identifiers of the alert.
resourceIdentifiers?: any[]Property Value
any[]
severity
The severity of the alert
severity?: stringProperty Value
string
startTimeUtc
The impact start time of the alert (the time of the first event contributing to the alert).
startTimeUtc?: DateProperty Value
Date
status
The lifecycle status of the alert.
status?: stringProperty Value
string
systemAlertId
Holds the product identifier of the alert for the product.
systemAlertId?: stringProperty Value
string
tactics
The tactics of the alert
tactics?: string[]Property Value
string[]
timeGenerated
The time the alert was generated.
timeGenerated?: DateProperty Value
Date
vendorName
The name of the vendor that raise the alert.
vendorName?: stringProperty Value
string
Inherited Property Details
additionalData
A bag of custom fields that should be part of the entity and will be presented to the user.
additionalData?: Record<string, any>Property Value
Record<string, any>
Inherited From EntityCommonProperties.additionalData
friendlyName
The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated.
friendlyName?: stringProperty Value
string
Inherited From EntityCommonProperties.friendlyName
