Class: Azure::Security::Mgmt::V2019_01_01::Models::Alert

Inherits:

Resource

• Object
• Resource
• Azure::Security::Mgmt::V2019_01_01::Models::Alert

Includes:

MsRestAzure

Defined in:

lib/2019-01-01/generated/azure_mgmt_security/models/alert.rb

Overview

Security alert

Instance Attribute Summary

• #action_taken ⇒ String

  (Active, Blocked etc.).

• #alert_display_name ⇒ String

  Display name of the alert type.

• #alert_name ⇒ String

  Name of the alert type.

• #associated_resource ⇒ String

  Azure resource ID of the associated resource.

• #can_be_investigated ⇒ Boolean

  Security Center.

• #compromised_entity ⇒ String

  The entity that the incident happened on.

• #confidence_reasons ⇒ Array<AlertConfidenceReason>

  confidenceScore value.

• #confidence_score ⇒ Float

  Level of confidence we have on the alert.

• #correlation_key ⇒ String

  together in Ibiza.

• #description ⇒ String

  Description of the incident and what it means.

• #detected_time_utc ⇒ DateTime

  The time the incident was detected by the vendor.

• #entities ⇒ Array<AlertEntity>

  Objects that are related to this alerts.

• #extended_properties ⇒ Object
• #instance_id ⇒ String

  Instance ID of the alert.

• #is_incident ⇒ Boolean

  (otherwise - single alert).

• #remediation_steps ⇒ String

  Recommended steps to reradiate the incident.

• #reported_severity ⇒ ReportedSeverity

  values include: ‘Informational’, ‘Low’, ‘Medium’, ‘High’.

• #reported_time_utc ⇒ DateTime

  Microsoft.Security in UTC.

• #state ⇒ String

  State of the alert (Active, Dismissed etc.).

• #subscription_id ⇒ String

  security alert or the subscription ID of the workspace that this resource reports to.

• #system_source ⇒ String

  The type of the alerted resource (Azure, Non-Azure).

• #vendor_name ⇒ String

  Name of the vendor that discovered the incident.

• #workspace_arm_id ⇒ String

  reported to.

Attributes inherited from Resource

#id, #name, #type

Class Method Summary

• .mapper ⇒ Object

  Mapper for Alert class as Ruby Hash.

Methods inherited from Resource

#resource_group

Instance Attribute Details

#action_taken ⇒ String

(Active, Blocked etc.)

Returns:

• (String) —

  The action that was taken as a response to the alert

# File 'lib/2019-01-01/generated/azure_mgmt_security/models/alert.rb', line 42

def action_taken
  @action_taken
end

#alert_display_name ⇒ String

Returns Display name of the alert type.

Returns:

• (String) —

  Display name of the alert type

# File 'lib/2019-01-01/generated/azure_mgmt_security/models/alert.rb', line 29

def alert_display_name
  @alert_display_name
end

#alert_name ⇒ String

Returns Name of the alert type.

Returns:

• (String) —

  Name of the alert type

# File 'lib/2019-01-01/generated/azure_mgmt_security/models/alert.rb', line 26

def alert_name
  @alert_name
end

#associated_resource ⇒ String

Returns Azure resource ID of the associated resource.

Returns:

• (String) —

  Azure resource ID of the associated resource

# File 'lib/2019-01-01/generated/azure_mgmt_security/models/alert.rb', line 52

def associated_resource
  @associated_resource
end

#can_be_investigated ⇒ Boolean

Security Center

Returns:

• (Boolean) —

  Whether this alert can be investigated with Azure

# File 'lib/2019-01-01/generated/azure_mgmt_security/models/alert.rb', line 62

def can_be_investigated
  @can_be_investigated
end

#compromised_entity ⇒ String

Returns The entity that the incident happened on.

Returns:

• (String) —

  The entity that the incident happened on

# File 'lib/2019-01-01/generated/azure_mgmt_security/models/alert.rb', line 49

def compromised_entity
  @compromised_entity
end

#confidence_reasons ⇒ Array<AlertConfidenceReason>

confidenceScore value

Returns:

• (Array<AlertConfidenceReason>) —

  reasons the alert got the

# File 'lib/2019-01-01/generated/azure_mgmt_security/models/alert.rb', line 76

def confidence_reasons
  @confidence_reasons
end

#confidence_score ⇒ Float

Returns level of confidence we have on the alert.

Returns:

• (Float) —

  level of confidence we have on the alert

# File 'lib/2019-01-01/generated/azure_mgmt_security/models/alert.rb', line 72

def confidence_score
  @confidence_score
end

#correlation_key ⇒ String

together in Ibiza.

Returns:

• (String) —

  Alerts with the same CorrelationKey will be grouped

# File 'lib/2019-01-01/generated/azure_mgmt_security/models/alert.rb', line 92

def correlation_key
  @correlation_key
end

#description ⇒ String

Returns Description of the incident and what it means.

Returns:

• (String) —

  Description of the incident and what it means

# File 'lib/2019-01-01/generated/azure_mgmt_security/models/alert.rb', line 35

def description
  @description
end

#detected_time_utc ⇒ DateTime

Returns The time the incident was detected by the vendor.

Returns:

• (DateTime) —

  The time the incident was detected by the vendor

# File 'lib/2019-01-01/generated/azure_mgmt_security/models/alert.rb', line 32

def detected_time_utc
  @detected_time_utc
end

#entities ⇒ Array<AlertEntity>

Returns objects that are related to this alerts.

Returns:

• (Array<AlertEntity>) —

  objects that are related to this alerts

# File 'lib/2019-01-01/generated/azure_mgmt_security/models/alert.rb', line 69

def entities
  @entities
end

#extended_properties ⇒ Object

Returns:

# File 'lib/2019-01-01/generated/azure_mgmt_security/models/alert.rb', line 55

def extended_properties
  @extended_properties
end

#instance_id ⇒ String

Returns Instance ID of the alert.

Returns:

• (String) —

  Instance ID of the alert.

# File 'lib/2019-01-01/generated/azure_mgmt_security/models/alert.rb', line 84

def instance_id
  @instance_id
end

#is_incident ⇒ Boolean

(otherwise - single alert)

Returns:

• (Boolean) —

  Whether this alert is for incident type or not

# File 'lib/2019-01-01/generated/azure_mgmt_security/models/alert.rb', line 66

def is_incident
  @is_incident
end

#remediation_steps ⇒ String

Returns Recommended steps to reradiate the incident.

Returns:

• (String) —

  Recommended steps to reradiate the incident

# File 'lib/2019-01-01/generated/azure_mgmt_security/models/alert.rb', line 38

def remediation_steps
  @remediation_steps
end

#reported_severity ⇒ ReportedSeverity

values include: ‘Informational’, ‘Low’, ‘Medium’, ‘High’

Returns:

• (ReportedSeverity) —

  Estimated severity of this alert. Possible

# File 'lib/2019-01-01/generated/azure_mgmt_security/models/alert.rb', line 46

def reported_severity
  @reported_severity
end

#reported_time_utc ⇒ DateTime

Microsoft.Security in UTC

Returns:

• (DateTime) —

  The time the incident was reported to

# File 'lib/2019-01-01/generated/azure_mgmt_security/models/alert.rb', line 20

def reported_time_utc
  @reported_time_utc
end

#state ⇒ String

Returns State of the alert (Active, Dismissed etc.).

Returns:

• (String) —

  State of the alert (Active, Dismissed etc.)

# File 'lib/2019-01-01/generated/azure_mgmt_security/models/alert.rb', line 16

def state
  @state
end

#subscription_id ⇒ String

security alert or the subscription ID of the workspace that this resource reports to

Returns:

• (String) —

  Azure subscription ID of the resource that had the

# File 'lib/2019-01-01/generated/azure_mgmt_security/models/alert.rb', line 81

def subscription_id
  @subscription_id
end

#system_source ⇒ String

Returns The type of the alerted resource (Azure, Non-Azure).

Returns:

• (String) —

  The type of the alerted resource (Azure, Non-Azure)

# File 'lib/2019-01-01/generated/azure_mgmt_security/models/alert.rb', line 58

def system_source
  @system_source
end

#vendor_name ⇒ String

Returns Name of the vendor that discovered the incident.

Returns:

• (String) —

  Name of the vendor that discovered the incident

# File 'lib/2019-01-01/generated/azure_mgmt_security/models/alert.rb', line 23

def vendor_name
  @vendor_name
end

#workspace_arm_id ⇒ String

reported to.

Returns:

• (String) —

  Azure resource ID of the workspace that the alert was

# File 'lib/2019-01-01/generated/azure_mgmt_security/models/alert.rb', line 88

def workspace_arm_id
  @workspace_arm_id
end

Class Method Details

.mapper ⇒ Object

Mapper for Alert class as Ruby Hash. This will be used for serialization/deserialization.

# File 'lib/2019-01-01/generated/azure_mgmt_security/models/alert.rb', line 99

def self.mapper()
  {
    client_side_validation: true,
    required: false,
    serialized_name: 'Alert',
    type: {
      name: 'Composite',
      class_name: 'Alert',
      model_properties: {
        id: {
          client_side_validation: true,
          required: false,
          read_only: true,
          serialized_name: 'id',
          type: {
            name: 'String'
          }
        },
        name: {
          client_side_validation: true,
          required: false,
          read_only: true,
          serialized_name: 'name',
          type: {
            name: 'String'
          }
        },
        type: {
          client_side_validation: true,
          required: false,
          read_only: true,
          serialized_name: 'type',
          type: {
            name: 'String'
          }
        },
        state: {
          client_side_validation: true,
          required: false,
          read_only: true,
          serialized_name: 'properties.state',
          type: {
            name: 'String'
          }
        },
        reported_time_utc: {
          client_side_validation: true,
          required: false,
          read_only: true,
          serialized_name: 'properties.reportedTimeUtc',
          type: {
            name: 'DateTime'
          }
        },
        vendor_name: {
          client_side_validation: true,
          required: false,
          read_only: true,
          serialized_name: 'properties.vendorName',
          type: {
            name: 'String'
          }
        },
        alert_name: {
          client_side_validation: true,
          required: false,
          read_only: true,
          serialized_name: 'properties.alertName',
          type: {
            name: 'String'
          }
        },
        alert_display_name: {
          client_side_validation: true,
          required: false,
          read_only: true,
          serialized_name: 'properties.alertDisplayName',
          type: {
            name: 'String'
          }
        },
        detected_time_utc: {
          client_side_validation: true,
          required: false,
          read_only: true,
          serialized_name: 'properties.detectedTimeUtc',
          type: {
            name: 'DateTime'
          }
        },
        description: {
          client_side_validation: true,
          required: false,
          read_only: true,
          serialized_name: 'properties.description',
          type: {
            name: 'String'
          }
        },
        remediation_steps: {
          client_side_validation: true,
          required: false,
          read_only: true,
          serialized_name: 'properties.remediationSteps',
          type: {
            name: 'String'
          }
        },
        action_taken: {
          client_side_validation: true,
          required: false,
          read_only: true,
          serialized_name: 'properties.actionTaken',
          type: {
            name: 'String'
          }
        },
        reported_severity: {
          client_side_validation: true,
          required: false,
          read_only: true,
          serialized_name: 'properties.reportedSeverity',
          type: {
            name: 'String'
          }
        },
        compromised_entity: {
          client_side_validation: true,
          required: false,
          read_only: true,
          serialized_name: 'properties.compromisedEntity',
          type: {
            name: 'String'
          }
        },
        associated_resource: {
          client_side_validation: true,
          required: false,
          read_only: true,
          serialized_name: 'properties.associatedResource',
          type: {
            name: 'String'
          }
        },
        extended_properties: {
          client_side_validation: true,
          required: false,
          serialized_name: 'properties.extendedProperties',
          type: {
            name: 'Dictionary',
            value: {
                client_side_validation: true,
                required: false,
                serialized_name: 'ObjectElementType',
                type: {
                  name: 'Object'
                }
            }
          }
        },
        system_source: {
          client_side_validation: true,
          required: false,
          read_only: true,
          serialized_name: 'properties.systemSource',
          type: {
            name: 'String'
          }
        },
        can_be_investigated: {
          client_side_validation: true,
          required: false,
          read_only: true,
          serialized_name: 'properties.canBeInvestigated',
          type: {
            name: 'Boolean'
          }
        },
        is_incident: {
          client_side_validation: true,
          required: false,
          read_only: true,
          serialized_name: 'properties.isIncident',
          type: {
            name: 'Boolean'
          }
        },
        entities: {
          client_side_validation: true,
          required: false,
          serialized_name: 'properties.entities',
          type: {
            name: 'Sequence',
            element: {
                client_side_validation: true,
                required: false,
                serialized_name: 'AlertEntityElementType',
                type: {
                  name: 'Composite',
                  class_name: 'AlertEntity'
                }
            }
          }
        },
        confidence_score: {
          client_side_validation: true,
          required: false,
          read_only: true,
          serialized_name: 'properties.confidenceScore',
          constraints: {
            InclusiveMaximum: 1,
            InclusiveMinimum: 0
          },
          type: {
            name: 'Double'
          }
        },
        confidence_reasons: {
          client_side_validation: true,
          required: false,
          serialized_name: 'properties.confidenceReasons',
          type: {
            name: 'Sequence',
            element: {
                client_side_validation: true,
                required: false,
                serialized_name: 'AlertConfidenceReasonElementType',
                type: {
                  name: 'Composite',
                  class_name: 'AlertConfidenceReason'
                }
            }
          }
        },
        subscription_id: {
          client_side_validation: true,
          required: false,
          read_only: true,
          serialized_name: 'properties.subscriptionId',
          type: {
            name: 'String'
          }
        },
        instance_id: {
          client_side_validation: true,
          required: false,
          read_only: true,
          serialized_name: 'properties.instanceId',
          type: {
            name: 'String'
          }
        },
        workspace_arm_id: {
          client_side_validation: true,
          required: false,
          read_only: true,
          serialized_name: 'properties.workspaceArmId',
          type: {
            name: 'String'
          }
        },
        correlation_key: {
          client_side_validation: true,
          required: false,
          read_only: true,
          serialized_name: 'properties.correlationKey',
          type: {
            name: 'String'
          }
        }
      }
    }
  }
end