Package com.microsoft.graph.security.models

Class AlertEvidence

java.lang.Object
com.microsoft.graph.security.models.AlertEvidence
All Implemented Interfaces:
com.microsoft.graph.serializer.IJsonBackedObject
Direct Known Subclasses:
AmazonResourceEvidence, AnalyzedMessageEvidence, AzureResourceEvidence, BlobContainerEvidence, BlobEvidence, CloudApplicationEvidence, ContainerEvidence, ContainerImageEvidence, ContainerRegistryEvidence, DeviceEvidence, FileEvidence, GoogleCloudResourceEvidence, IpEvidence, KubernetesClusterEvidence, KubernetesControllerEvidence, KubernetesNamespaceEvidence, KubernetesPodEvidence, KubernetesSecretEvidence, KubernetesServiceAccountEvidence, KubernetesServiceEvidence, MailboxEvidence, MailClusterEvidence, OauthApplicationEvidence, ProcessEvidence, RegistryKeyEvidence, RegistryValueEvidence, SecurityGroupEvidence, UrlEvidence, UserEvidence
public class AlertEvidence extends Object implements com.microsoft.graph.serializer.IJsonBackedObject
The class for the Alert Evidence.

  • Field Details

    • oDataType

      @SerializedName("@odata.type") @Expose @Nullable public String oDataType
      the OData type of the object as returned by the service

    • createdDateTime

      @SerializedName(value="createdDateTime", alternate="CreatedDateTime") @Expose @Nullable public OffsetDateTime createdDateTime
      The Created Date Time. The date and time when the evidence was created and added to the alert. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.

    • detailedRoles

      @SerializedName(value="detailedRoles", alternate="DetailedRoles") @Expose @Nullable public List<String> detailedRoles
      The Detailed Roles. Detailed description of the entity role/s in an alert. Values are free-form.

    • remediationStatus

      @SerializedName(value="remediationStatus", alternate="RemediationStatus") @Expose @Nullable public EvidenceRemediationStatus remediationStatus
      The Remediation Status. Status of the remediation action taken. The possible values are: none, remediated, prevented, blocked, notFound, unknownFutureValue.

    • remediationStatusDetails

      @SerializedName(value="remediationStatusDetails", alternate="RemediationStatusDetails") @Expose @Nullable public String remediationStatusDetails
      The Remediation Status Details. Details about the remediation status.

    • roles

      @SerializedName(value="roles", alternate="Roles") @Expose @Nullable public List<EvidenceRole> roles
      The Roles. The role/s that an evidence entity represents in an alert, e.g., an IP address that is associated with an attacker will have the evidence role Attacker.

    • tags

      @SerializedName(value="tags", alternate="Tags") @Expose @Nullable public List<String> tags
      The Tags. Array of custom tags associated with an evidence instance, for example, to denote a group of devices, high-value assets, etc.

    • verdict

      @SerializedName(value="verdict", alternate="Verdict") @Expose @Nullable public EvidenceVerdict verdict
      The Verdict. The decision reached by automated investigation. The possible values are: unknown, suspicious, malicious, noThreatsFound, unknownFutureValue.

  • Constructor Details

    • AlertEvidence

      public AlertEvidence()

  • Method Details

    • additionalDataManager

      @Nonnull public final com.microsoft.graph.serializer.AdditionalDataManager additionalDataManager()
      Specified by:
      additionalDataManager in interface com.microsoft.graph.serializer.IJsonBackedObject

    • setRawObject

      public void setRawObject(@Nonnull com.microsoft.graph.serializer.ISerializer serializer, @Nonnull com.google.gson.JsonObject json)
      Sets the raw JSON object
      Specified by:
      setRawObject in interface com.microsoft.graph.serializer.IJsonBackedObject
      Parameters:
      serializer - the serializer
      json - the JSON object to set this object to