Package com.microsoft.graph.models.security

Class Incident

java.lang.Object
com.microsoft.graph.models.Entity
com.microsoft.graph.models.security.Incident
All Implemented Interfaces:
com.microsoft.kiota.serialization.AdditionalDataHolder, com.microsoft.kiota.serialization.Parsable, com.microsoft.kiota.store.BackedModel
@Generated("com.microsoft.kiota") public class Incident extends Entity implements com.microsoft.kiota.serialization.Parsable

  • Constructor Details

    • Incident

      public Incident()
      Instantiates a new Incident and sets the default values.

  • Method Details

    • createFromDiscriminatorValue

      @Nonnull public static Incident createFromDiscriminatorValue(@Nonnull com.microsoft.kiota.serialization.ParseNode parseNode)
      Creates a new instance of the appropriate class based on discriminator value
      Parameters:
      parseNode - The parse node to use to read the discriminator value and create the object
      Returns:
      a Incident

    • getAlerts

      @Nullable public List<Alert> getAlerts()
      Gets the alerts property value. The list of related alerts. Supports $expand.
      Returns:
      a List<Alert>

    • getAssignedTo

      @Nullable public String getAssignedTo()
      Gets the assignedTo property value. Owner of the incident, or null if no owner is assigned. Free editable text.
      Returns:
      a String

    • getClassification

      @Nullable public AlertClassification getClassification()
      Gets the classification property value. The specification for the incident. Possible values are: unknown, falsePositive, truePositive, informationalExpectedActivity, unknownFutureValue.
      Returns:
      a AlertClassification

    • getComments

      @Nullable public List<AlertComment> getComments()
      Gets the comments property value. Array of comments created by the Security Operations (SecOps) team when the incident is managed.
      Returns:
      a List<AlertComment>

    • getCreatedDateTime

      @Nullable public OffsetDateTime getCreatedDateTime()
      Gets the createdDateTime property value. Time when the incident was first created.
      Returns:
      a OffsetDateTime

    • getCustomTags

      @Nullable public List<String> getCustomTags()
      Gets the customTags property value. Array of custom tags associated with an incident.
      Returns:
      a List<String>

    • getDescription

      @Nullable public String getDescription()
      Gets the description property value. Description of the incident.
      Returns:
      a String

    • getDetermination

      @Nullable public AlertDetermination getDetermination()
      Gets the determination property value. Specifies the determination of the incident. Possible values are: unknown, apt, malware, securityPersonnel, securityTesting, unwantedSoftware, other, multiStagedAttack, compromisedUser, phishing, maliciousUserActivity, clean, insufficientData, confirmedUserActivity, lineOfBusinessApplication, unknownFutureValue.
      Returns:
      a AlertDetermination

    • getDisplayName

      @Nullable public String getDisplayName()
      Gets the displayName property value. The incident name.
      Returns:
      a String

    • getFieldDeserializers

      @Nonnull public Map<String,Consumer<com.microsoft.kiota.serialization.ParseNode>> getFieldDeserializers()
      The deserialization information for the current model
      Specified by:
      getFieldDeserializers in interface com.microsoft.kiota.serialization.Parsable
      Overrides:
      getFieldDeserializers in class Entity
      Returns:
      a Map<String,Consumer<com.microsoft.kiota.serialization.ParseNode>>

    • getIncidentWebUrl

      @Nullable public String getIncidentWebUrl()
      Gets the incidentWebUrl property value. The URL for the incident page in the Microsoft 365 Defender portal.
      Returns:
      a String

    • getLastModifiedBy

      @Nullable public String getLastModifiedBy()
      Gets the lastModifiedBy property value. The identity that last modified the incident.
      Returns:
      a String

    • getLastUpdateDateTime

      @Nullable public OffsetDateTime getLastUpdateDateTime()
      Gets the lastUpdateDateTime property value. Time when the incident was last updated.
      Returns:
      a OffsetDateTime

    • getRedirectIncidentId

      @Nullable public String getRedirectIncidentId()
      Gets the redirectIncidentId property value. Only populated in case an incident is grouped with another incident, as part of the logic that processes incidents. In such a case, the status property is redirected.
      Returns:
      a String

    • getResolvingComment

      @Nullable public String getResolvingComment()
      Gets the resolvingComment property value. User input that explains the resolution of the incident and the classification choice. This property contains free editable text.
      Returns:
      a String

    • getSeverity

      @Nullable public AlertSeverity getSeverity()
      Gets the severity property value. The severity property
      Returns:
      a AlertSeverity

    • getStatus

      @Nullable public IncidentStatus getStatus()
      Gets the status property value. The status property
      Returns:
      a IncidentStatus

    • getSummary

      @Nullable public String getSummary()
      Gets the summary property value. The overview of an attack. When applicable, the summary contains details of what occurred, impacted assets, and the type of attack.
      Returns:
      a String

    • getSystemTags

      @Nullable public List<String> getSystemTags()
      Gets the systemTags property value. The system tags associated with the incident.
      Returns:
      a List<String>

    • getTenantId

      @Nullable public String getTenantId()
      Gets the tenantId property value. The Microsoft Entra tenant in which the alert was created.
      Returns:
      a String

    • serialize

      public void serialize(@Nonnull com.microsoft.kiota.serialization.SerializationWriter writer)
      Serializes information the current object
      Specified by:
      serialize in interface com.microsoft.kiota.serialization.Parsable
      Overrides:
      serialize in class Entity
      Parameters:
      writer - Serialization writer to use to serialize this model

    • setAlerts

      public void setAlerts(@Nullable List<Alert> value)
      Sets the alerts property value. The list of related alerts. Supports $expand.
      Parameters:
      value - Value to set for the alerts property.

    • setAssignedTo

      public void setAssignedTo(@Nullable String value)
      Sets the assignedTo property value. Owner of the incident, or null if no owner is assigned. Free editable text.
      Parameters:
      value - Value to set for the assignedTo property.

    • setClassification

      public void setClassification(@Nullable AlertClassification value)
      Sets the classification property value. The specification for the incident. Possible values are: unknown, falsePositive, truePositive, informationalExpectedActivity, unknownFutureValue.
      Parameters:
      value - Value to set for the classification property.

    • setComments

      public void setComments(@Nullable List<AlertComment> value)
      Sets the comments property value. Array of comments created by the Security Operations (SecOps) team when the incident is managed.
      Parameters:
      value - Value to set for the comments property.

    • setCreatedDateTime

      public void setCreatedDateTime(@Nullable OffsetDateTime value)
      Sets the createdDateTime property value. Time when the incident was first created.
      Parameters:
      value - Value to set for the createdDateTime property.

    • setCustomTags

      public void setCustomTags(@Nullable List<String> value)
      Sets the customTags property value. Array of custom tags associated with an incident.
      Parameters:
      value - Value to set for the customTags property.

    • setDescription

      public void setDescription(@Nullable String value)
      Sets the description property value. Description of the incident.
      Parameters:
      value - Value to set for the description property.

    • setDetermination

      public void setDetermination(@Nullable AlertDetermination value)
      Sets the determination property value. Specifies the determination of the incident. Possible values are: unknown, apt, malware, securityPersonnel, securityTesting, unwantedSoftware, other, multiStagedAttack, compromisedUser, phishing, maliciousUserActivity, clean, insufficientData, confirmedUserActivity, lineOfBusinessApplication, unknownFutureValue.
      Parameters:
      value - Value to set for the determination property.

    • setDisplayName

      public void setDisplayName(@Nullable String value)
      Sets the displayName property value. The incident name.
      Parameters:
      value - Value to set for the displayName property.

    • setIncidentWebUrl

      public void setIncidentWebUrl(@Nullable String value)
      Sets the incidentWebUrl property value. The URL for the incident page in the Microsoft 365 Defender portal.
      Parameters:
      value - Value to set for the incidentWebUrl property.

    • setLastModifiedBy

      public void setLastModifiedBy(@Nullable String value)
      Sets the lastModifiedBy property value. The identity that last modified the incident.
      Parameters:
      value - Value to set for the lastModifiedBy property.

    • setLastUpdateDateTime

      public void setLastUpdateDateTime(@Nullable OffsetDateTime value)
      Sets the lastUpdateDateTime property value. Time when the incident was last updated.
      Parameters:
      value - Value to set for the lastUpdateDateTime property.

    • setRedirectIncidentId

      public void setRedirectIncidentId(@Nullable String value)
      Sets the redirectIncidentId property value. Only populated in case an incident is grouped with another incident, as part of the logic that processes incidents. In such a case, the status property is redirected.
      Parameters:
      value - Value to set for the redirectIncidentId property.

    • setResolvingComment

      public void setResolvingComment(@Nullable String value)
      Sets the resolvingComment property value. User input that explains the resolution of the incident and the classification choice. This property contains free editable text.
      Parameters:
      value - Value to set for the resolvingComment property.

    • setSeverity

      public void setSeverity(@Nullable AlertSeverity value)
      Sets the severity property value. The severity property
      Parameters:
      value - Value to set for the severity property.

    • setStatus

      public void setStatus(@Nullable IncidentStatus value)
      Sets the status property value. The status property
      Parameters:
      value - Value to set for the status property.

    • setSummary

      public void setSummary(@Nullable String value)
      Sets the summary property value. The overview of an attack. When applicable, the summary contains details of what occurred, impacted assets, and the type of attack.
      Parameters:
      value - Value to set for the summary property.

    • setSystemTags

      public void setSystemTags(@Nullable List<String> value)
      Sets the systemTags property value. The system tags associated with the incident.
      Parameters:
      value - Value to set for the systemTags property.

    • setTenantId

      public void setTenantId(@Nullable String value)
      Sets the tenantId property value. The Microsoft Entra tenant in which the alert was created.
      Parameters:
      value - Value to set for the tenantId property.