Package com.microsoft.graph.models

Class Alert

java.lang.Object
com.microsoft.graph.models.Entity
com.microsoft.graph.models.Alert
All Implemented Interfaces:
com.microsoft.kiota.serialization.AdditionalDataHolder, com.microsoft.kiota.serialization.Parsable, com.microsoft.kiota.store.BackedModel
@Generated("com.microsoft.kiota") public class Alert extends Entity implements com.microsoft.kiota.serialization.Parsable

  • Constructor Details

    • Alert

      public Alert()
      Instantiates a new Alert and sets the default values.

  • Method Details

    • createFromDiscriminatorValue

      @Nonnull public static Alert createFromDiscriminatorValue(@Nonnull com.microsoft.kiota.serialization.ParseNode parseNode)
      Creates a new instance of the appropriate class based on discriminator value
      Parameters:
      parseNode - The parse node to use to read the discriminator value and create the object
      Returns:
      a Alert

    • getActivityGroupName

      @Nullable public String getActivityGroupName()
      Gets the activityGroupName property value. Name or alias of the activity group (attacker) this alert is attributed to.
      Returns:
      a String

    • getAlertDetections

      @Nullable public List<AlertDetection> getAlertDetections()
      Gets the alertDetections property value. The alertDetections property
      Returns:
      a List<AlertDetection>

    • getAssignedTo

      @Nullable public String getAssignedTo()
      Gets the assignedTo property value. Name of the analyst the alert is assigned to for triage, investigation, or remediation (supports update).
      Returns:
      a String

    • getAzureSubscriptionId

      @Nullable public String getAzureSubscriptionId()
      Gets the azureSubscriptionId property value. Azure subscription ID, present if this alert is related to an Azure resource.
      Returns:
      a String

    • getAzureTenantId

      @Nullable public String getAzureTenantId()
      Gets the azureTenantId property value. Microsoft Entra tenant ID. Required.
      Returns:
      a String

    • getCategory

      @Nullable public String getCategory()
      Gets the category property value. Category of the alert (for example, credentialTheft, ransomware).
      Returns:
      a String

    • getClosedDateTime

      @Nullable public OffsetDateTime getClosedDateTime()
      Gets the closedDateTime property value. Time at which the alert was closed. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z (supports update).
      Returns:
      a OffsetDateTime

    • getCloudAppStates

      @Nullable public List<CloudAppSecurityState> getCloudAppStates()
      Gets the cloudAppStates property value. Security-related stateful information generated by the provider about the cloud application/s related to this alert.
      Returns:
      a List<CloudAppSecurityState>

    • getComments

      @Nullable public List<String> getComments()
      Gets the comments property value. Customer-provided comments on alert (for customer alert management) (supports update).
      Returns:
      a List<String>

    • getConfidence

      @Nullable public Integer getConfidence()
      Gets the confidence property value. Confidence of the detection logic (percentage between 1-100).
      Returns:
      a Integer

    • getCreatedDateTime

      @Nullable public OffsetDateTime getCreatedDateTime()
      Gets the createdDateTime property value. Time at which the alert was created by the alert provider. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Required.
      Returns:
      a OffsetDateTime

    • getDescription

      @Nullable public String getDescription()
      Gets the description property value. Alert description.
      Returns:
      a String

    • getDetectionIds

      @Nullable public List<String> getDetectionIds()
      Gets the detectionIds property value. Set of alerts related to this alert entity (each alert is pushed to the SIEM as a separate record).
      Returns:
      a List<String>

    • getEventDateTime

      @Nullable public OffsetDateTime getEventDateTime()
      Gets the eventDateTime property value. Time at which the event or events that served as the trigger to generate the alert occurred. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Required.
      Returns:
      a OffsetDateTime

    • getFeedback

      @Nullable public AlertFeedback getFeedback()
      Gets the feedback property value. Analyst feedback on the alert. Possible values are: unknown, truePositive, falsePositive, benignPositive. Supports update.
      Returns:
      a AlertFeedback

    • getFieldDeserializers

      @Nonnull public Map<String,Consumer<com.microsoft.kiota.serialization.ParseNode>> getFieldDeserializers()
      The deserialization information for the current model
      Specified by:
      getFieldDeserializers in interface com.microsoft.kiota.serialization.Parsable
      Overrides:
      getFieldDeserializers in class Entity
      Returns:
      a Map<String,Consumer<com.microsoft.kiota.serialization.ParseNode>>

    • getFileStates

      @Nullable public List<FileSecurityState> getFileStates()
      Gets the fileStates property value. Security-related stateful information generated by the provider about the file(s) related to this alert.
      Returns:
      a List<FileSecurityState>

    • getHistoryStates

      @Nullable public List<AlertHistoryState> getHistoryStates()
      Gets the historyStates property value. The historyStates property
      Returns:
      a List<AlertHistoryState>

    • getHostStates

      @Nullable public List<HostSecurityState> getHostStates()
      Gets the hostStates property value. Security-related stateful information generated by the provider about the host(s) related to this alert.
      Returns:
      a List<HostSecurityState>

    • getIncidentIds

      @Nullable public List<String> getIncidentIds()
      Gets the incidentIds property value. IDs of incidents related to current alert.
      Returns:
      a List<String>

    • getInvestigationSecurityStates

      @Nullable public List<InvestigationSecurityState> getInvestigationSecurityStates()
      Gets the investigationSecurityStates property value. The investigationSecurityStates property
      Returns:
      a List<InvestigationSecurityState>

    • getLastEventDateTime

      @Nullable public OffsetDateTime getLastEventDateTime()
      Gets the lastEventDateTime property value. The lastEventDateTime property
      Returns:
      a OffsetDateTime

    • getLastModifiedDateTime

      @Nullable public OffsetDateTime getLastModifiedDateTime()
      Gets the lastModifiedDateTime property value. Time at which the alert entity was last modified. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.
      Returns:
      a OffsetDateTime

    • getMalwareStates

      @Nullable public List<MalwareState> getMalwareStates()
      Gets the malwareStates property value. Threat Intelligence pertaining to malware related to this alert.
      Returns:
      a List<MalwareState>

    • getMessageSecurityStates

      @Nullable public List<MessageSecurityState> getMessageSecurityStates()
      Gets the messageSecurityStates property value. The messageSecurityStates property
      Returns:
      a List<MessageSecurityState>

    • getNetworkConnections

      @Nullable public List<NetworkConnection> getNetworkConnections()
      Gets the networkConnections property value. Security-related stateful information generated by the provider about the network connection(s) related to this alert.
      Returns:
      a List<NetworkConnection>

    • getProcesses

      @Nullable public List<Process> getProcesses()
      Gets the processes property value. Security-related stateful information generated by the provider about the process or processes related to this alert.
      Returns:
      a List<Process>

    • getRecommendedActions

      @Nullable public List<String> getRecommendedActions()
      Gets the recommendedActions property value. Vendor/provider recommended action(s) to take as a result of the alert (for example, isolate machine, enforce2FA, reimage host).
      Returns:
      a List<String>

    • getRegistryKeyStates

      @Nullable public List<RegistryKeyState> getRegistryKeyStates()
      Gets the registryKeyStates property value. Security-related stateful information generated by the provider about the registry keys related to this alert.
      Returns:
      a List<RegistryKeyState>

    • getSecurityResources

      @Nullable public List<SecurityResource> getSecurityResources()
      Gets the securityResources property value. Resources related to current alert. For example, for some alerts this can have the Azure Resource value.
      Returns:
      a List<SecurityResource>

    • getSeverity

      @Nullable public AlertSeverity getSeverity()
      Gets the severity property value. The severity property
      Returns:
      a AlertSeverity

    • getSourceMaterials

      @Nullable public List<String> getSourceMaterials()
      Gets the sourceMaterials property value. Hyperlinks (URIs) to the source material related to the alert, for example, provider's user interface for alerts or log search.
      Returns:
      a List<String>

    • getStatus

      @Nullable public AlertStatus getStatus()
      Gets the status property value. The status property
      Returns:
      a AlertStatus

    • getTags

      @Nullable public List<String> getTags()
      Gets the tags property value. User-definable labels that can be applied to an alert and can serve as filter conditions (for example 'HVA', 'SAW') (supports update).
      Returns:
      a List<String>

    • getTitle

      @Nullable public String getTitle()
      Gets the title property value. Alert title. Required.
      Returns:
      a String

    • getTriggers

      @Nullable public List<AlertTrigger> getTriggers()
      Gets the triggers property value. Security-related information about the specific properties that triggered the alert (properties appearing in the alert). Alerts might contain information about multiple users, hosts, files, ip addresses. This field indicates which properties triggered the alert generation.
      Returns:
      a List<AlertTrigger>

    • getUriClickSecurityStates

      @Nullable public List<UriClickSecurityState> getUriClickSecurityStates()
      Gets the uriClickSecurityStates property value. The uriClickSecurityStates property
      Returns:
      a List<UriClickSecurityState>

    • getUserStates

      @Nullable public List<UserSecurityState> getUserStates()
      Gets the userStates property value. Security-related stateful information generated by the provider about the user accounts related to this alert.
      Returns:
      a List<UserSecurityState>

    • getVendorInformation

      @Nullable public SecurityVendorInformation getVendorInformation()
      Gets the vendorInformation property value. Complex type containing details about the security product/service vendor, provider, and subprovider (for example, vendor=Microsoft; provider=Windows Defender ATP; subProvider=AppLocker). Required.
      Returns:
      a SecurityVendorInformation

    • getVulnerabilityStates

      @Nullable public List<VulnerabilityState> getVulnerabilityStates()
      Gets the vulnerabilityStates property value. Threat intelligence pertaining to one or more vulnerabilities related to this alert.
      Returns:
      a List<VulnerabilityState>

    • serialize

      public void serialize(@Nonnull com.microsoft.kiota.serialization.SerializationWriter writer)
      Serializes information the current object
      Specified by:
      serialize in interface com.microsoft.kiota.serialization.Parsable
      Overrides:
      serialize in class Entity
      Parameters:
      writer - Serialization writer to use to serialize this model

    • setActivityGroupName

      public void setActivityGroupName(@Nullable String value)
      Sets the activityGroupName property value. Name or alias of the activity group (attacker) this alert is attributed to.
      Parameters:
      value - Value to set for the activityGroupName property.

    • setAlertDetections

      public void setAlertDetections(@Nullable List<AlertDetection> value)
      Sets the alertDetections property value. The alertDetections property
      Parameters:
      value - Value to set for the alertDetections property.

    • setAssignedTo

      public void setAssignedTo(@Nullable String value)
      Sets the assignedTo property value. Name of the analyst the alert is assigned to for triage, investigation, or remediation (supports update).
      Parameters:
      value - Value to set for the assignedTo property.

    • setAzureSubscriptionId

      public void setAzureSubscriptionId(@Nullable String value)
      Sets the azureSubscriptionId property value. Azure subscription ID, present if this alert is related to an Azure resource.
      Parameters:
      value - Value to set for the azureSubscriptionId property.

    • setAzureTenantId

      public void setAzureTenantId(@Nullable String value)
      Sets the azureTenantId property value. Microsoft Entra tenant ID. Required.
      Parameters:
      value - Value to set for the azureTenantId property.

    • setCategory

      public void setCategory(@Nullable String value)
      Sets the category property value. Category of the alert (for example, credentialTheft, ransomware).
      Parameters:
      value - Value to set for the category property.

    • setClosedDateTime

      public void setClosedDateTime(@Nullable OffsetDateTime value)
      Sets the closedDateTime property value. Time at which the alert was closed. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z (supports update).
      Parameters:
      value - Value to set for the closedDateTime property.

    • setCloudAppStates

      public void setCloudAppStates(@Nullable List<CloudAppSecurityState> value)
      Sets the cloudAppStates property value. Security-related stateful information generated by the provider about the cloud application/s related to this alert.
      Parameters:
      value - Value to set for the cloudAppStates property.

    • setComments

      public void setComments(@Nullable List<String> value)
      Sets the comments property value. Customer-provided comments on alert (for customer alert management) (supports update).
      Parameters:
      value - Value to set for the comments property.

    • setConfidence

      public void setConfidence(@Nullable Integer value)
      Sets the confidence property value. Confidence of the detection logic (percentage between 1-100).
      Parameters:
      value - Value to set for the confidence property.

    • setCreatedDateTime

      public void setCreatedDateTime(@Nullable OffsetDateTime value)
      Sets the createdDateTime property value. Time at which the alert was created by the alert provider. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Required.
      Parameters:
      value - Value to set for the createdDateTime property.

    • setDescription

      public void setDescription(@Nullable String value)
      Sets the description property value. Alert description.
      Parameters:
      value - Value to set for the description property.

    • setDetectionIds

      public void setDetectionIds(@Nullable List<String> value)
      Sets the detectionIds property value. Set of alerts related to this alert entity (each alert is pushed to the SIEM as a separate record).
      Parameters:
      value - Value to set for the detectionIds property.

    • setEventDateTime

      public void setEventDateTime(@Nullable OffsetDateTime value)
      Sets the eventDateTime property value. Time at which the event or events that served as the trigger to generate the alert occurred. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Required.
      Parameters:
      value - Value to set for the eventDateTime property.

    • setFeedback

      public void setFeedback(@Nullable AlertFeedback value)
      Sets the feedback property value. Analyst feedback on the alert. Possible values are: unknown, truePositive, falsePositive, benignPositive. Supports update.
      Parameters:
      value - Value to set for the feedback property.

    • setFileStates

      public void setFileStates(@Nullable List<FileSecurityState> value)
      Sets the fileStates property value. Security-related stateful information generated by the provider about the file(s) related to this alert.
      Parameters:
      value - Value to set for the fileStates property.

    • setHistoryStates

      public void setHistoryStates(@Nullable List<AlertHistoryState> value)
      Sets the historyStates property value. The historyStates property
      Parameters:
      value - Value to set for the historyStates property.

    • setHostStates

      public void setHostStates(@Nullable List<HostSecurityState> value)
      Sets the hostStates property value. Security-related stateful information generated by the provider about the host(s) related to this alert.
      Parameters:
      value - Value to set for the hostStates property.

    • setIncidentIds

      public void setIncidentIds(@Nullable List<String> value)
      Sets the incidentIds property value. IDs of incidents related to current alert.
      Parameters:
      value - Value to set for the incidentIds property.

    • setInvestigationSecurityStates

      public void setInvestigationSecurityStates(@Nullable List<InvestigationSecurityState> value)
      Sets the investigationSecurityStates property value. The investigationSecurityStates property
      Parameters:
      value - Value to set for the investigationSecurityStates property.

    • setLastEventDateTime

      public void setLastEventDateTime(@Nullable OffsetDateTime value)
      Sets the lastEventDateTime property value. The lastEventDateTime property
      Parameters:
      value - Value to set for the lastEventDateTime property.

    • setLastModifiedDateTime

      public void setLastModifiedDateTime(@Nullable OffsetDateTime value)
      Sets the lastModifiedDateTime property value. Time at which the alert entity was last modified. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.
      Parameters:
      value - Value to set for the lastModifiedDateTime property.

    • setMalwareStates

      public void setMalwareStates(@Nullable List<MalwareState> value)
      Sets the malwareStates property value. Threat Intelligence pertaining to malware related to this alert.
      Parameters:
      value - Value to set for the malwareStates property.

    • setMessageSecurityStates

      public void setMessageSecurityStates(@Nullable List<MessageSecurityState> value)
      Sets the messageSecurityStates property value. The messageSecurityStates property
      Parameters:
      value - Value to set for the messageSecurityStates property.

    • setNetworkConnections

      public void setNetworkConnections(@Nullable List<NetworkConnection> value)
      Sets the networkConnections property value. Security-related stateful information generated by the provider about the network connection(s) related to this alert.
      Parameters:
      value - Value to set for the networkConnections property.

    • setProcesses

      public void setProcesses(@Nullable List<Process> value)
      Sets the processes property value. Security-related stateful information generated by the provider about the process or processes related to this alert.
      Parameters:
      value - Value to set for the processes property.

    • setRecommendedActions

      public void setRecommendedActions(@Nullable List<String> value)
      Sets the recommendedActions property value. Vendor/provider recommended action(s) to take as a result of the alert (for example, isolate machine, enforce2FA, reimage host).
      Parameters:
      value - Value to set for the recommendedActions property.

    • setRegistryKeyStates

      public void setRegistryKeyStates(@Nullable List<RegistryKeyState> value)
      Sets the registryKeyStates property value. Security-related stateful information generated by the provider about the registry keys related to this alert.
      Parameters:
      value - Value to set for the registryKeyStates property.

    • setSecurityResources

      public void setSecurityResources(@Nullable List<SecurityResource> value)
      Sets the securityResources property value. Resources related to current alert. For example, for some alerts this can have the Azure Resource value.
      Parameters:
      value - Value to set for the securityResources property.

    • setSeverity

      public void setSeverity(@Nullable AlertSeverity value)
      Sets the severity property value. The severity property
      Parameters:
      value - Value to set for the severity property.

    • setSourceMaterials

      public void setSourceMaterials(@Nullable List<String> value)
      Sets the sourceMaterials property value. Hyperlinks (URIs) to the source material related to the alert, for example, provider's user interface for alerts or log search.
      Parameters:
      value - Value to set for the sourceMaterials property.

    • setStatus

      public void setStatus(@Nullable AlertStatus value)
      Sets the status property value. The status property
      Parameters:
      value - Value to set for the status property.

    • setTags

      public void setTags(@Nullable List<String> value)
      Sets the tags property value. User-definable labels that can be applied to an alert and can serve as filter conditions (for example 'HVA', 'SAW') (supports update).
      Parameters:
      value - Value to set for the tags property.

    • setTitle

      public void setTitle(@Nullable String value)
      Sets the title property value. Alert title. Required.
      Parameters:
      value - Value to set for the title property.

    • setTriggers

      public void setTriggers(@Nullable List<AlertTrigger> value)
      Sets the triggers property value. Security-related information about the specific properties that triggered the alert (properties appearing in the alert). Alerts might contain information about multiple users, hosts, files, ip addresses. This field indicates which properties triggered the alert generation.
      Parameters:
      value - Value to set for the triggers property.

    • setUriClickSecurityStates

      public void setUriClickSecurityStates(@Nullable List<UriClickSecurityState> value)
      Sets the uriClickSecurityStates property value. The uriClickSecurityStates property
      Parameters:
      value - Value to set for the uriClickSecurityStates property.

    • setUserStates

      public void setUserStates(@Nullable List<UserSecurityState> value)
      Sets the userStates property value. Security-related stateful information generated by the provider about the user accounts related to this alert.
      Parameters:
      value - Value to set for the userStates property.

    • setVendorInformation

      public void setVendorInformation(@Nullable SecurityVendorInformation value)
      Sets the vendorInformation property value. Complex type containing details about the security product/service vendor, provider, and subprovider (for example, vendor=Microsoft; provider=Windows Defender ATP; subProvider=AppLocker). Required.
      Parameters:
      value - Value to set for the vendorInformation property.

    • setVulnerabilityStates

      public void setVulnerabilityStates(@Nullable List<VulnerabilityState> value)
      Sets the vulnerabilityStates property value. Threat intelligence pertaining to one or more vulnerabilities related to this alert.
      Parameters:
      value - Value to set for the vulnerabilityStates property.