com.azure.resourcemanager.security.fluent.models.AlertProperties Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of azure-resourcemanager-security Show documentation
Show all versions of azure-resourcemanager-security Show documentation
This package contains Microsoft Azure SDK for Security Management SDK. For documentation on how to use this package, please see https://aka.ms/azsdk/java/mgmt. API spec for Microsoft.Security (Azure Security Center) resource provider. Package tag package-composite-v3.
// Copyright (c) Microsoft Corporation. All rights reserved.
// Licensed under the MIT License.
// Code generated by Microsoft (R) AutoRest Code Generator.
package com.azure.resourcemanager.security.fluent.models;
import com.azure.core.annotation.Fluent;
import com.azure.core.util.CoreUtils;
import com.azure.json.JsonReader;
import com.azure.json.JsonSerializable;
import com.azure.json.JsonToken;
import com.azure.json.JsonWriter;
import com.azure.resourcemanager.security.models.AlertEntity;
import com.azure.resourcemanager.security.models.AlertPropertiesSupportingEvidence;
import com.azure.resourcemanager.security.models.AlertSeverity;
import com.azure.resourcemanager.security.models.AlertStatus;
import com.azure.resourcemanager.security.models.Intent;
import com.azure.resourcemanager.security.models.ResourceIdentifier;
import java.io.IOException;
import java.time.OffsetDateTime;
import java.util.List;
import java.util.Map;
/**
* describes security alert properties.
*/
@Fluent
public final class AlertProperties implements JsonSerializable {
/*
* Schema version.
*/
private String version;
/*
* Unique identifier for the detection logic (all alert instances from the same detection logic will have the same
* alertType).
*/
private String alertType;
/*
* Unique identifier for the alert.
*/
private String systemAlertId;
/*
* The name of Azure Security Center pricing tier which powering this alert. Learn more:
* https://docs.microsoft.com/en-us/azure/security-center/security-center-pricing
*/
private String productComponentName;
/*
* The display name of the alert.
*/
private String alertDisplayName;
/*
* Description of the suspicious activity that was detected.
*/
private String description;
/*
* The risk level of the threat that was detected. Learn more:
* https://docs.microsoft.com/en-us/azure/security-center/security-center-alerts-overview#how-are-alerts-classified.
*/
private AlertSeverity severity;
/*
* The kill chain related intent behind the alert. For list of supported values, and explanations of Azure Security
* Center's supported kill chain intents.
*/
private Intent intent;
/*
* The UTC time of the first event or activity included in the alert in ISO8601 format.
*/
private OffsetDateTime startTimeUtc;
/*
* The UTC time of the last event or activity included in the alert in ISO8601 format.
*/
private OffsetDateTime endTimeUtc;
/*
* The resource identifiers that can be used to direct the alert to the right product exposure group (tenant,
* workspace, subscription etc.). There can be multiple identifiers of different type per alert.
*/
private List resourceIdentifiers;
/*
* Manual action items to take to remediate the alert.
*/
private List remediationSteps;
/*
* The name of the vendor that raises the alert.
*/
private String vendorName;
/*
* The life cycle status of the alert.
*/
private AlertStatus status;
/*
* Links related to the alert
*/
private List> extendedLinks;
/*
* A direct link to the alert page in Azure Portal.
*/
private String alertUri;
/*
* The UTC time the alert was generated in ISO8601 format.
*/
private OffsetDateTime timeGeneratedUtc;
/*
* The name of the product which published this alert (Microsoft Sentinel, Microsoft Defender for Identity,
* Microsoft Defender for Endpoint, Microsoft Defender for Office, Microsoft Defender for Cloud Apps, and so on).
*/
private String productName;
/*
* The UTC processing end time of the alert in ISO8601 format.
*/
private OffsetDateTime processingEndTimeUtc;
/*
* A list of entities related to the alert.
*/
private List entities;
/*
* This field determines whether the alert is an incident (a compound grouping of several alerts) or a single alert.
*/
private Boolean isIncident;
/*
* Key for corelating related alerts. Alerts with the same correlation key considered to be related.
*/
private String correlationKey;
/*
* Custom properties for the alert.
*/
private Map extendedProperties;
/*
* The display name of the resource most related to this alert.
*/
private String compromisedEntity;
/*
* kill chain related techniques behind the alert.
*/
private List techniques;
/*
* Kill chain related sub-techniques behind the alert.
*/
private List subTechniques;
/*
* Changing set of properties depending on the supportingEvidence type.
*/
private AlertPropertiesSupportingEvidence supportingEvidence;
/**
* Creates an instance of AlertProperties class.
*/
public AlertProperties() {
}
/**
* Get the version property: Schema version.
*
* @return the version value.
*/
public String version() {
return this.version;
}
/**
* Get the alertType property: Unique identifier for the detection logic (all alert instances from the same
* detection logic will have the same alertType).
*
* @return the alertType value.
*/
public String alertType() {
return this.alertType;
}
/**
* Get the systemAlertId property: Unique identifier for the alert.
*
* @return the systemAlertId value.
*/
public String systemAlertId() {
return this.systemAlertId;
}
/**
* Get the productComponentName property: The name of Azure Security Center pricing tier which powering this alert.
* Learn more: https://docs.microsoft.com/en-us/azure/security-center/security-center-pricing.
*
* @return the productComponentName value.
*/
public String productComponentName() {
return this.productComponentName;
}
/**
* Get the alertDisplayName property: The display name of the alert.
*
* @return the alertDisplayName value.
*/
public String alertDisplayName() {
return this.alertDisplayName;
}
/**
* Get the description property: Description of the suspicious activity that was detected.
*
* @return the description value.
*/
public String description() {
return this.description;
}
/**
* Get the severity property: The risk level of the threat that was detected. Learn more:
* https://docs.microsoft.com/en-us/azure/security-center/security-center-alerts-overview#how-are-alerts-classified.
*
* @return the severity value.
*/
public AlertSeverity severity() {
return this.severity;
}
/**
* Get the intent property: The kill chain related intent behind the alert. For list of supported values, and
* explanations of Azure Security Center's supported kill chain intents.
*
* @return the intent value.
*/
public Intent intent() {
return this.intent;
}
/**
* Get the startTimeUtc property: The UTC time of the first event or activity included in the alert in ISO8601
* format.
*
* @return the startTimeUtc value.
*/
public OffsetDateTime startTimeUtc() {
return this.startTimeUtc;
}
/**
* Get the endTimeUtc property: The UTC time of the last event or activity included in the alert in ISO8601 format.
*
* @return the endTimeUtc value.
*/
public OffsetDateTime endTimeUtc() {
return this.endTimeUtc;
}
/**
* Get the resourceIdentifiers property: The resource identifiers that can be used to direct the alert to the right
* product exposure group (tenant, workspace, subscription etc.). There can be multiple identifiers of different
* type per alert.
*
* @return the resourceIdentifiers value.
*/
public List resourceIdentifiers() {
return this.resourceIdentifiers;
}
/**
* Get the remediationSteps property: Manual action items to take to remediate the alert.
*
* @return the remediationSteps value.
*/
public List remediationSteps() {
return this.remediationSteps;
}
/**
* Get the vendorName property: The name of the vendor that raises the alert.
*
* @return the vendorName value.
*/
public String vendorName() {
return this.vendorName;
}
/**
* Get the status property: The life cycle status of the alert.
*
* @return the status value.
*/
public AlertStatus status() {
return this.status;
}
/**
* Get the extendedLinks property: Links related to the alert.
*
* @return the extendedLinks value.
*/
public List> extendedLinks() {
return this.extendedLinks;
}
/**
* Get the alertUri property: A direct link to the alert page in Azure Portal.
*
* @return the alertUri value.
*/
public String alertUri() {
return this.alertUri;
}
/**
* Get the timeGeneratedUtc property: The UTC time the alert was generated in ISO8601 format.
*
* @return the timeGeneratedUtc value.
*/
public OffsetDateTime timeGeneratedUtc() {
return this.timeGeneratedUtc;
}
/**
* Get the productName property: The name of the product which published this alert (Microsoft Sentinel, Microsoft
* Defender for Identity, Microsoft Defender for Endpoint, Microsoft Defender for Office, Microsoft Defender for
* Cloud Apps, and so on).
*
* @return the productName value.
*/
public String productName() {
return this.productName;
}
/**
* Get the processingEndTimeUtc property: The UTC processing end time of the alert in ISO8601 format.
*
* @return the processingEndTimeUtc value.
*/
public OffsetDateTime processingEndTimeUtc() {
return this.processingEndTimeUtc;
}
/**
* Get the entities property: A list of entities related to the alert.
*
* @return the entities value.
*/
public List entities() {
return this.entities;
}
/**
* Get the isIncident property: This field determines whether the alert is an incident (a compound grouping of
* several alerts) or a single alert.
*
* @return the isIncident value.
*/
public Boolean isIncident() {
return this.isIncident;
}
/**
* Get the correlationKey property: Key for corelating related alerts. Alerts with the same correlation key
* considered to be related.
*
* @return the correlationKey value.
*/
public String correlationKey() {
return this.correlationKey;
}
/**
* Get the extendedProperties property: Custom properties for the alert.
*
* @return the extendedProperties value.
*/
public Map extendedProperties() {
return this.extendedProperties;
}
/**
* Set the extendedProperties property: Custom properties for the alert.
*
* @param extendedProperties the extendedProperties value to set.
* @return the AlertProperties object itself.
*/
public AlertProperties withExtendedProperties(Map extendedProperties) {
this.extendedProperties = extendedProperties;
return this;
}
/**
* Get the compromisedEntity property: The display name of the resource most related to this alert.
*
* @return the compromisedEntity value.
*/
public String compromisedEntity() {
return this.compromisedEntity;
}
/**
* Get the techniques property: kill chain related techniques behind the alert.
*
* @return the techniques value.
*/
public List techniques() {
return this.techniques;
}
/**
* Get the subTechniques property: Kill chain related sub-techniques behind the alert.
*
* @return the subTechniques value.
*/
public List subTechniques() {
return this.subTechniques;
}
/**
* Get the supportingEvidence property: Changing set of properties depending on the supportingEvidence type.
*
* @return the supportingEvidence value.
*/
public AlertPropertiesSupportingEvidence supportingEvidence() {
return this.supportingEvidence;
}
/**
* Set the supportingEvidence property: Changing set of properties depending on the supportingEvidence type.
*
* @param supportingEvidence the supportingEvidence value to set.
* @return the AlertProperties object itself.
*/
public AlertProperties withSupportingEvidence(AlertPropertiesSupportingEvidence supportingEvidence) {
this.supportingEvidence = supportingEvidence;
return this;
}
/**
* Validates the instance.
*
* @throws IllegalArgumentException thrown if the instance is not valid.
*/
public void validate() {
if (resourceIdentifiers() != null) {
resourceIdentifiers().forEach(e -> e.validate());
}
if (entities() != null) {
entities().forEach(e -> e.validate());
}
if (supportingEvidence() != null) {
supportingEvidence().validate();
}
}
/**
* {@inheritDoc}
*/
@Override
public JsonWriter toJson(JsonWriter jsonWriter) throws IOException {
jsonWriter.writeStartObject();
jsonWriter.writeMapField("extendedProperties", this.extendedProperties,
(writer, element) -> writer.writeString(element));
jsonWriter.writeJsonField("supportingEvidence", this.supportingEvidence);
return jsonWriter.writeEndObject();
}
/**
* Reads an instance of AlertProperties from the JsonReader.
*
* @param jsonReader The JsonReader being read.
* @return An instance of AlertProperties if the JsonReader was pointing to an instance of it, or null if it was
* pointing to JSON null.
* @throws IOException If an error occurs while reading the AlertProperties.
*/
public static AlertProperties fromJson(JsonReader jsonReader) throws IOException {
return jsonReader.readObject(reader -> {
AlertProperties deserializedAlertProperties = new AlertProperties();
while (reader.nextToken() != JsonToken.END_OBJECT) {
String fieldName = reader.getFieldName();
reader.nextToken();
if ("version".equals(fieldName)) {
deserializedAlertProperties.version = reader.getString();
} else if ("alertType".equals(fieldName)) {
deserializedAlertProperties.alertType = reader.getString();
} else if ("systemAlertId".equals(fieldName)) {
deserializedAlertProperties.systemAlertId = reader.getString();
} else if ("productComponentName".equals(fieldName)) {
deserializedAlertProperties.productComponentName = reader.getString();
} else if ("alertDisplayName".equals(fieldName)) {
deserializedAlertProperties.alertDisplayName = reader.getString();
} else if ("description".equals(fieldName)) {
deserializedAlertProperties.description = reader.getString();
} else if ("severity".equals(fieldName)) {
deserializedAlertProperties.severity = AlertSeverity.fromString(reader.getString());
} else if ("intent".equals(fieldName)) {
deserializedAlertProperties.intent = Intent.fromString(reader.getString());
} else if ("startTimeUtc".equals(fieldName)) {
deserializedAlertProperties.startTimeUtc = reader
.getNullable(nonNullReader -> CoreUtils.parseBestOffsetDateTime(nonNullReader.getString()));
} else if ("endTimeUtc".equals(fieldName)) {
deserializedAlertProperties.endTimeUtc = reader
.getNullable(nonNullReader -> CoreUtils.parseBestOffsetDateTime(nonNullReader.getString()));
} else if ("resourceIdentifiers".equals(fieldName)) {
List resourceIdentifiers
= reader.readArray(reader1 -> ResourceIdentifier.fromJson(reader1));
deserializedAlertProperties.resourceIdentifiers = resourceIdentifiers;
} else if ("remediationSteps".equals(fieldName)) {
List remediationSteps = reader.readArray(reader1 -> reader1.getString());
deserializedAlertProperties.remediationSteps = remediationSteps;
} else if ("vendorName".equals(fieldName)) {
deserializedAlertProperties.vendorName = reader.getString();
} else if ("status".equals(fieldName)) {
deserializedAlertProperties.status = AlertStatus.fromString(reader.getString());
} else if ("extendedLinks".equals(fieldName)) {
List> extendedLinks
= reader.readArray(reader1 -> reader1.readMap(reader2 -> reader2.getString()));
deserializedAlertProperties.extendedLinks = extendedLinks;
} else if ("alertUri".equals(fieldName)) {
deserializedAlertProperties.alertUri = reader.getString();
} else if ("timeGeneratedUtc".equals(fieldName)) {
deserializedAlertProperties.timeGeneratedUtc = reader
.getNullable(nonNullReader -> CoreUtils.parseBestOffsetDateTime(nonNullReader.getString()));
} else if ("productName".equals(fieldName)) {
deserializedAlertProperties.productName = reader.getString();
} else if ("processingEndTimeUtc".equals(fieldName)) {
deserializedAlertProperties.processingEndTimeUtc = reader
.getNullable(nonNullReader -> CoreUtils.parseBestOffsetDateTime(nonNullReader.getString()));
} else if ("entities".equals(fieldName)) {
List entities = reader.readArray(reader1 -> AlertEntity.fromJson(reader1));
deserializedAlertProperties.entities = entities;
} else if ("isIncident".equals(fieldName)) {
deserializedAlertProperties.isIncident = reader.getNullable(JsonReader::getBoolean);
} else if ("correlationKey".equals(fieldName)) {
deserializedAlertProperties.correlationKey = reader.getString();
} else if ("extendedProperties".equals(fieldName)) {
Map extendedProperties = reader.readMap(reader1 -> reader1.getString());
deserializedAlertProperties.extendedProperties = extendedProperties;
} else if ("compromisedEntity".equals(fieldName)) {
deserializedAlertProperties.compromisedEntity = reader.getString();
} else if ("techniques".equals(fieldName)) {
List techniques = reader.readArray(reader1 -> reader1.getString());
deserializedAlertProperties.techniques = techniques;
} else if ("subTechniques".equals(fieldName)) {
List subTechniques = reader.readArray(reader1 -> reader1.getString());
deserializedAlertProperties.subTechniques = subTechniques;
} else if ("supportingEvidence".equals(fieldName)) {
deserializedAlertProperties.supportingEvidence = AlertPropertiesSupportingEvidence.fromJson(reader);
} else {
reader.skipChildren();
}
}
return deserializedAlertProperties;
});
}
}
© 2015 - 2025 Weber Informatics LLC | Privacy Policy