Package com.microsoft.graph.models.security

Class Alert

java.lang.Object
com.microsoft.graph.models.Entity
com.microsoft.graph.models.security.Alert
All Implemented Interfaces:
com.microsoft.kiota.serialization.AdditionalDataHolder, com.microsoft.kiota.serialization.Parsable, com.microsoft.kiota.store.BackedModel
@Generated("com.microsoft.kiota") public class Alert extends Entity implements com.microsoft.kiota.serialization.Parsable

  • Constructor Details

    • Alert

      public Alert()
      Instantiates a new Alert and sets the default values.

  • Method Details

    • createFromDiscriminatorValue

      @Nonnull public static Alert createFromDiscriminatorValue(@Nonnull com.microsoft.kiota.serialization.ParseNode parseNode)
      Creates a new instance of the appropriate class based on discriminator value
      Parameters:
      parseNode - The parse node to use to read the discriminator value and create the object
      Returns:
      a Alert

    • getActorDisplayName

      @Nullable public String getActorDisplayName()
      Gets the actorDisplayName property value. The adversary or activity group that is associated with this alert.
      Returns:
      a String

    • getAdditionalDataProperty

      @Nullable public Dictionary getAdditionalDataProperty()
      Gets the additionalData property value. A collection of other alert properties, including user-defined properties. Any custom details defined in the alert, and any dynamic content in the alert details, are stored here.
      Returns:
      a Dictionary

    • getAlertPolicyId

      @Nullable public String getAlertPolicyId()
      Gets the alertPolicyId property value. The ID of the policy that generated the alert, and populated when there is a specific policy that generated the alert, whether configured by a customer or a built-in policy.
      Returns:
      a String

    • getAlertWebUrl

      @Nullable public String getAlertWebUrl()
      Gets the alertWebUrl property value. URL for the Microsoft 365 Defender portal alert page.
      Returns:
      a String

    • getAssignedTo

      @Nullable public String getAssignedTo()
      Gets the assignedTo property value. Owner of the alert, or null if no owner is assigned.
      Returns:
      a String

    • getCategory

      @Nullable public String getCategory()
      Gets the category property value. The attack kill-chain category that the alert belongs to. Aligned with the MITRE ATT&CK framework.
      Returns:
      a String

    • getClassification

      @Nullable public AlertClassification getClassification()
      Gets the classification property value. Specifies whether the alert represents a true threat. Possible values are: unknown, falsePositive, truePositive, informationalExpectedActivity, unknownFutureValue.
      Returns:
      a AlertClassification

    • getComments

      @Nullable public List<AlertComment> getComments()
      Gets the comments property value. Array of comments created by the Security Operations (SecOps) team during the alert management process.
      Returns:
      a List<AlertComment>

    • getCreatedDateTime

      @Nullable public OffsetDateTime getCreatedDateTime()
      Gets the createdDateTime property value. Time when Microsoft 365 Defender created the alert.
      Returns:
      a OffsetDateTime

    • getDescription

      @Nullable public String getDescription()
      Gets the description property value. String value describing each alert.
      Returns:
      a String

    • getDetectionSource

      @Nullable public DetectionSource getDetectionSource()
      Gets the detectionSource property value. Detection technology or sensor that identified the notable component or activity. Possible values are: unknown, microsoftDefenderForEndpoint, antivirus, smartScreen, customTi, microsoftDefenderForOffice365, automatedInvestigation, microsoftThreatExperts, customDetection, microsoftDefenderForIdentity, cloudAppSecurity, microsoft365Defender, azureAdIdentityProtection, manual, microsoftDataLossPrevention, appGovernancePolicy, appGovernanceDetection, unknownFutureValue, microsoftDefenderForCloud, microsoftDefenderForIoT, microsoftDefenderForServers, microsoftDefenderForStorage, microsoftDefenderForDNS, microsoftDefenderForDatabases, microsoftDefenderForContainers, microsoftDefenderForNetwork, microsoftDefenderForAppService, microsoftDefenderForKeyVault, microsoftDefenderForResourceManager, microsoftDefenderForApiManagement, microsoftSentinel, nrtAlerts, scheduledAlerts, microsoftDefenderThreatIntelligenceAnalytics, builtInMl. Use the Prefer: include-unknown-enum-members request header to get the following value(s) in this evolvable enum: microsoftDefenderForCloud, microsoftDefenderForIoT, microsoftDefenderForServers, microsoftDefenderForStorage, microsoftDefenderForDNS, microsoftDefenderForDatabases, microsoftDefenderForContainers, microsoftDefenderForNetwork, microsoftDefenderForAppService, microsoftDefenderForKeyVault, microsoftDefenderForResourceManager, microsoftDefenderForApiManagement, microsoftSentinel, nrtAlerts, scheduledAlerts, microsoftDefenderThreatIntelligenceAnalytics, builtInMl.
      Returns:
      a DetectionSource

    • getDetectorId

      @Nullable public String getDetectorId()
      Gets the detectorId property value. The ID of the detector that triggered the alert.
      Returns:
      a String

    • getDetermination

      @Nullable public AlertDetermination getDetermination()
      Gets the determination property value. Specifies the result of the investigation, whether the alert represents a true attack and if so, the nature of the attack. Possible values are: unknown, apt, malware, securityPersonnel, securityTesting, unwantedSoftware, other, multiStagedAttack, compromisedAccount, phishing, maliciousUserActivity, notMalicious, notEnoughDataToValidate, confirmedUserActivity, lineOfBusinessApplication, unknownFutureValue.
      Returns:
      a AlertDetermination

    • getEvidence

      @Nullable public List<AlertEvidence> getEvidence()
      Gets the evidence property value. Collection of evidence related to the alert.
      Returns:
      a List<AlertEvidence>

    • getFieldDeserializers

      @Nonnull public Map<String,Consumer<com.microsoft.kiota.serialization.ParseNode>> getFieldDeserializers()
      The deserialization information for the current model
      Specified by:
      getFieldDeserializers in interface com.microsoft.kiota.serialization.Parsable
      Overrides:
      getFieldDeserializers in class Entity
      Returns:
      a Map<String,Consumer<com.microsoft.kiota.serialization.ParseNode>>

    • getFirstActivityDateTime

      @Nullable public OffsetDateTime getFirstActivityDateTime()
      Gets the firstActivityDateTime property value. The earliest activity associated with the alert.
      Returns:
      a OffsetDateTime

    • getIncidentId

      @Nullable public String getIncidentId()
      Gets the incidentId property value. Unique identifier to represent the incident this alert resource is associated with.
      Returns:
      a String

    • getIncidentWebUrl

      @Nullable public String getIncidentWebUrl()
      Gets the incidentWebUrl property value. URL for the incident page in the Microsoft 365 Defender portal.
      Returns:
      a String

    • getLastActivityDateTime

      @Nullable public OffsetDateTime getLastActivityDateTime()
      Gets the lastActivityDateTime property value. The oldest activity associated with the alert.
      Returns:
      a OffsetDateTime

    • getLastUpdateDateTime

      @Nullable public OffsetDateTime getLastUpdateDateTime()
      Gets the lastUpdateDateTime property value. Time when the alert was last updated at Microsoft 365 Defender.
      Returns:
      a OffsetDateTime

    • getMitreTechniques

      @Nullable public List<String> getMitreTechniques()
      Gets the mitreTechniques property value. The attack techniques, as aligned with the MITRE ATT&CK framework.
      Returns:
      a List<String>

    • getProductName

      @Nullable public String getProductName()
      Gets the productName property value. The name of the product which published this alert.
      Returns:
      a String

    • getProviderAlertId

      @Nullable public String getProviderAlertId()
      Gets the providerAlertId property value. The ID of the alert as it appears in the security provider product that generated the alert.
      Returns:
      a String

    • getRecommendedActions

      @Nullable public String getRecommendedActions()
      Gets the recommendedActions property value. Recommended response and remediation actions to take in the event this alert was generated.
      Returns:
      a String

    • getResolvedDateTime

      @Nullable public OffsetDateTime getResolvedDateTime()
      Gets the resolvedDateTime property value. Time when the alert was resolved.
      Returns:
      a OffsetDateTime

    • getServiceSource

      @Nullable public ServiceSource getServiceSource()
      Gets the serviceSource property value. The serviceSource property
      Returns:
      a ServiceSource

    • getSeverity

      @Nullable public AlertSeverity getSeverity()
      Gets the severity property value. The severity property
      Returns:
      a AlertSeverity

    • getStatus

      @Nullable public AlertStatus getStatus()
      Gets the status property value. The status property
      Returns:
      a AlertStatus

    • getSystemTags

      @Nullable public List<String> getSystemTags()
      Gets the systemTags property value. The system tags associated with the alert.
      Returns:
      a List<String>

    • getTenantId

      @Nullable public String getTenantId()
      Gets the tenantId property value. The Microsoft Entra tenant the alert was created in.
      Returns:
      a String

    • getThreatDisplayName

      @Nullable public String getThreatDisplayName()
      Gets the threatDisplayName property value. The threat associated with this alert.
      Returns:
      a String

    • getThreatFamilyName

      @Nullable public String getThreatFamilyName()
      Gets the threatFamilyName property value. Threat family associated with this alert.
      Returns:
      a String

    • getTitle

      @Nullable public String getTitle()
      Gets the title property value. Brief identifying string value describing the alert.
      Returns:
      a String

    • serialize

      public void serialize(@Nonnull com.microsoft.kiota.serialization.SerializationWriter writer)
      Serializes information the current object
      Specified by:
      serialize in interface com.microsoft.kiota.serialization.Parsable
      Overrides:
      serialize in class Entity
      Parameters:
      writer - Serialization writer to use to serialize this model

    • setActorDisplayName

      public void setActorDisplayName(@Nullable String value)
      Sets the actorDisplayName property value. The adversary or activity group that is associated with this alert.
      Parameters:
      value - Value to set for the actorDisplayName property.

    • setAdditionalDataProperty

      public void setAdditionalDataProperty(@Nullable Dictionary value)
      Sets the additionalData property value. A collection of other alert properties, including user-defined properties. Any custom details defined in the alert, and any dynamic content in the alert details, are stored here.
      Parameters:
      value - Value to set for the additionalData property.

    • setAlertPolicyId

      public void setAlertPolicyId(@Nullable String value)
      Sets the alertPolicyId property value. The ID of the policy that generated the alert, and populated when there is a specific policy that generated the alert, whether configured by a customer or a built-in policy.
      Parameters:
      value - Value to set for the alertPolicyId property.

    • setAlertWebUrl

      public void setAlertWebUrl(@Nullable String value)
      Sets the alertWebUrl property value. URL for the Microsoft 365 Defender portal alert page.
      Parameters:
      value - Value to set for the alertWebUrl property.

    • setAssignedTo

      public void setAssignedTo(@Nullable String value)
      Sets the assignedTo property value. Owner of the alert, or null if no owner is assigned.
      Parameters:
      value - Value to set for the assignedTo property.

    • setCategory

      public void setCategory(@Nullable String value)
      Sets the category property value. The attack kill-chain category that the alert belongs to. Aligned with the MITRE ATT&CK framework.
      Parameters:
      value - Value to set for the category property.

    • setClassification

      public void setClassification(@Nullable AlertClassification value)
      Sets the classification property value. Specifies whether the alert represents a true threat. Possible values are: unknown, falsePositive, truePositive, informationalExpectedActivity, unknownFutureValue.
      Parameters:
      value - Value to set for the classification property.

    • setComments

      public void setComments(@Nullable List<AlertComment> value)
      Sets the comments property value. Array of comments created by the Security Operations (SecOps) team during the alert management process.
      Parameters:
      value - Value to set for the comments property.

    • setCreatedDateTime

      public void setCreatedDateTime(@Nullable OffsetDateTime value)
      Sets the createdDateTime property value. Time when Microsoft 365 Defender created the alert.
      Parameters:
      value - Value to set for the createdDateTime property.

    • setDescription

      public void setDescription(@Nullable String value)
      Sets the description property value. String value describing each alert.
      Parameters:
      value - Value to set for the description property.

    • setDetectionSource

      public void setDetectionSource(@Nullable DetectionSource value)
      Sets the detectionSource property value. Detection technology or sensor that identified the notable component or activity. Possible values are: unknown, microsoftDefenderForEndpoint, antivirus, smartScreen, customTi, microsoftDefenderForOffice365, automatedInvestigation, microsoftThreatExperts, customDetection, microsoftDefenderForIdentity, cloudAppSecurity, microsoft365Defender, azureAdIdentityProtection, manual, microsoftDataLossPrevention, appGovernancePolicy, appGovernanceDetection, unknownFutureValue, microsoftDefenderForCloud, microsoftDefenderForIoT, microsoftDefenderForServers, microsoftDefenderForStorage, microsoftDefenderForDNS, microsoftDefenderForDatabases, microsoftDefenderForContainers, microsoftDefenderForNetwork, microsoftDefenderForAppService, microsoftDefenderForKeyVault, microsoftDefenderForResourceManager, microsoftDefenderForApiManagement, microsoftSentinel, nrtAlerts, scheduledAlerts, microsoftDefenderThreatIntelligenceAnalytics, builtInMl. Use the Prefer: include-unknown-enum-members request header to get the following value(s) in this evolvable enum: microsoftDefenderForCloud, microsoftDefenderForIoT, microsoftDefenderForServers, microsoftDefenderForStorage, microsoftDefenderForDNS, microsoftDefenderForDatabases, microsoftDefenderForContainers, microsoftDefenderForNetwork, microsoftDefenderForAppService, microsoftDefenderForKeyVault, microsoftDefenderForResourceManager, microsoftDefenderForApiManagement, microsoftSentinel, nrtAlerts, scheduledAlerts, microsoftDefenderThreatIntelligenceAnalytics, builtInMl.
      Parameters:
      value - Value to set for the detectionSource property.

    • setDetectorId

      public void setDetectorId(@Nullable String value)
      Sets the detectorId property value. The ID of the detector that triggered the alert.
      Parameters:
      value - Value to set for the detectorId property.

    • setDetermination

      public void setDetermination(@Nullable AlertDetermination value)
      Sets the determination property value. Specifies the result of the investigation, whether the alert represents a true attack and if so, the nature of the attack. Possible values are: unknown, apt, malware, securityPersonnel, securityTesting, unwantedSoftware, other, multiStagedAttack, compromisedAccount, phishing, maliciousUserActivity, notMalicious, notEnoughDataToValidate, confirmedUserActivity, lineOfBusinessApplication, unknownFutureValue.
      Parameters:
      value - Value to set for the determination property.

    • setEvidence

      public void setEvidence(@Nullable List<AlertEvidence> value)
      Sets the evidence property value. Collection of evidence related to the alert.
      Parameters:
      value - Value to set for the evidence property.

    • setFirstActivityDateTime

      public void setFirstActivityDateTime(@Nullable OffsetDateTime value)
      Sets the firstActivityDateTime property value. The earliest activity associated with the alert.
      Parameters:
      value - Value to set for the firstActivityDateTime property.

    • setIncidentId

      public void setIncidentId(@Nullable String value)
      Sets the incidentId property value. Unique identifier to represent the incident this alert resource is associated with.
      Parameters:
      value - Value to set for the incidentId property.

    • setIncidentWebUrl

      public void setIncidentWebUrl(@Nullable String value)
      Sets the incidentWebUrl property value. URL for the incident page in the Microsoft 365 Defender portal.
      Parameters:
      value - Value to set for the incidentWebUrl property.

    • setLastActivityDateTime

      public void setLastActivityDateTime(@Nullable OffsetDateTime value)
      Sets the lastActivityDateTime property value. The oldest activity associated with the alert.
      Parameters:
      value - Value to set for the lastActivityDateTime property.

    • setLastUpdateDateTime

      public void setLastUpdateDateTime(@Nullable OffsetDateTime value)
      Sets the lastUpdateDateTime property value. Time when the alert was last updated at Microsoft 365 Defender.
      Parameters:
      value - Value to set for the lastUpdateDateTime property.

    • setMitreTechniques

      public void setMitreTechniques(@Nullable List<String> value)
      Sets the mitreTechniques property value. The attack techniques, as aligned with the MITRE ATT&CK framework.
      Parameters:
      value - Value to set for the mitreTechniques property.

    • setProductName

      public void setProductName(@Nullable String value)
      Sets the productName property value. The name of the product which published this alert.
      Parameters:
      value - Value to set for the productName property.

    • setProviderAlertId

      public void setProviderAlertId(@Nullable String value)
      Sets the providerAlertId property value. The ID of the alert as it appears in the security provider product that generated the alert.
      Parameters:
      value - Value to set for the providerAlertId property.

    • setRecommendedActions

      public void setRecommendedActions(@Nullable String value)
      Sets the recommendedActions property value. Recommended response and remediation actions to take in the event this alert was generated.
      Parameters:
      value - Value to set for the recommendedActions property.

    • setResolvedDateTime

      public void setResolvedDateTime(@Nullable OffsetDateTime value)
      Sets the resolvedDateTime property value. Time when the alert was resolved.
      Parameters:
      value - Value to set for the resolvedDateTime property.

    • setServiceSource

      public void setServiceSource(@Nullable ServiceSource value)
      Sets the serviceSource property value. The serviceSource property
      Parameters:
      value - Value to set for the serviceSource property.

    • setSeverity

      public void setSeverity(@Nullable AlertSeverity value)
      Sets the severity property value. The severity property
      Parameters:
      value - Value to set for the severity property.

    • setStatus

      public void setStatus(@Nullable AlertStatus value)
      Sets the status property value. The status property
      Parameters:
      value - Value to set for the status property.

    • setSystemTags

      public void setSystemTags(@Nullable List<String> value)
      Sets the systemTags property value. The system tags associated with the alert.
      Parameters:
      value - Value to set for the systemTags property.

    • setTenantId

      public void setTenantId(@Nullable String value)
      Sets the tenantId property value. The Microsoft Entra tenant the alert was created in.
      Parameters:
      value - Value to set for the tenantId property.

    • setThreatDisplayName

      public void setThreatDisplayName(@Nullable String value)
      Sets the threatDisplayName property value. The threat associated with this alert.
      Parameters:
      value - Value to set for the threatDisplayName property.

    • setThreatFamilyName

      public void setThreatFamilyName(@Nullable String value)
      Sets the threatFamilyName property value. Threat family associated with this alert.
      Parameters:
      value - Value to set for the threatFamilyName property.

    • setTitle

      public void setTitle(@Nullable String value)
      Sets the title property value. Brief identifying string value describing the alert.
      Parameters:
      value - Value to set for the title property.