1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151
|
# coding=utf-8
# --------------------------------------------------------------------------
# Copyright (c) Microsoft Corporation. All rights reserved.
# Licensed under the MIT License. See License.txt in the project root for
# license information.
#
# Code generated by Microsoft (R) AutoRest Code Generator.
# Changes may cause incorrect behavior and will be lost if the code is
# regenerated.
# --------------------------------------------------------------------------
from .resource_py3 import Resource
class Alert(Resource):
"""Security alert.
Variables are only populated by the server, and will be ignored when
sending a request.
:ivar id: Resource Id
:vartype id: str
:ivar name: Resource name
:vartype name: str
:ivar type: Resource type
:vartype type: str
:ivar state: State of the alert (Active, Dismissed etc.)
:vartype state: str
:ivar reported_time_utc: The time the incident was reported to
Microsoft.Security in UTC
:vartype reported_time_utc: datetime
:ivar vendor_name: Name of the vendor that discovered the incident
:vartype vendor_name: str
:ivar alert_name: Name of the alert type
:vartype alert_name: str
:ivar alert_display_name: Display name of the alert type
:vartype alert_display_name: str
:ivar detected_time_utc: The time the incident was detected by the vendor
:vartype detected_time_utc: datetime
:ivar description: Description of the incident and what it means
:vartype description: str
:ivar remediation_steps: Recommended steps to reradiate the incident
:vartype remediation_steps: str
:ivar action_taken: The action that was taken as a response to the alert
(Active, Blocked etc.)
:vartype action_taken: str
:ivar reported_severity: Estimated severity of this alert
:vartype reported_severity: str
:ivar compromised_entity: The entity that the incident happened on
:vartype compromised_entity: str
:ivar associated_resource: Azure resource ID of the associated resource
:vartype associated_resource: str
:param extended_properties:
:type extended_properties: dict[str, object]
:ivar system_source: The type of the alerted resource (Azure, Non-Azure)
:vartype system_source: str
:ivar can_be_investigated: Whether this alert can be investigated with
Azure Security Center
:vartype can_be_investigated: bool
:param entities: objects that are related to this alerts
:type entities: list[~azure.mgmt.security.models.AlertEntity]
:ivar confidence_score: level of confidence we have on the alert
:vartype confidence_score: float
:param confidence_reasons: reasons the alert got the confidenceScore value
:type confidence_reasons:
list[~azure.mgmt.security.models.AlertConfidenceReason]
:ivar subscription_id: Azure subscription ID of the resource that had the
security alert or the subscription ID of the workspace that this resource
reports to
:vartype subscription_id: str
:ivar instance_id: Instance ID of the alert.
:vartype instance_id: str
:ivar workspace_arm_id: Azure resource ID of the workspace that the alert
was reported to.
:vartype workspace_arm_id: str
"""
_validation = {
'id': {'readonly': True},
'name': {'readonly': True},
'type': {'readonly': True},
'state': {'readonly': True},
'reported_time_utc': {'readonly': True},
'vendor_name': {'readonly': True},
'alert_name': {'readonly': True},
'alert_display_name': {'readonly': True},
'detected_time_utc': {'readonly': True},
'description': {'readonly': True},
'remediation_steps': {'readonly': True},
'action_taken': {'readonly': True},
'reported_severity': {'readonly': True},
'compromised_entity': {'readonly': True},
'associated_resource': {'readonly': True},
'system_source': {'readonly': True},
'can_be_investigated': {'readonly': True},
'confidence_score': {'readonly': True, 'maximum': 1, 'minimum': 0},
'subscription_id': {'readonly': True},
'instance_id': {'readonly': True},
'workspace_arm_id': {'readonly': True},
}
_attribute_map = {
'id': {'key': 'id', 'type': 'str'},
'name': {'key': 'name', 'type': 'str'},
'type': {'key': 'type', 'type': 'str'},
'state': {'key': 'properties.state', 'type': 'str'},
'reported_time_utc': {'key': 'properties.reportedTimeUtc', 'type': 'iso-8601'},
'vendor_name': {'key': 'properties.vendorName', 'type': 'str'},
'alert_name': {'key': 'properties.alertName', 'type': 'str'},
'alert_display_name': {'key': 'properties.alertDisplayName', 'type': 'str'},
'detected_time_utc': {'key': 'properties.detectedTimeUtc', 'type': 'iso-8601'},
'description': {'key': 'properties.description', 'type': 'str'},
'remediation_steps': {'key': 'properties.remediationSteps', 'type': 'str'},
'action_taken': {'key': 'properties.actionTaken', 'type': 'str'},
'reported_severity': {'key': 'properties.reportedSeverity', 'type': 'str'},
'compromised_entity': {'key': 'properties.compromisedEntity', 'type': 'str'},
'associated_resource': {'key': 'properties.associatedResource', 'type': 'str'},
'extended_properties': {'key': 'properties.extendedProperties', 'type': '{object}'},
'system_source': {'key': 'properties.systemSource', 'type': 'str'},
'can_be_investigated': {'key': 'properties.canBeInvestigated', 'type': 'bool'},
'entities': {'key': 'properties.entities', 'type': '[AlertEntity]'},
'confidence_score': {'key': 'properties.confidenceScore', 'type': 'float'},
'confidence_reasons': {'key': 'properties.confidenceReasons', 'type': '[AlertConfidenceReason]'},
'subscription_id': {'key': 'properties.subscriptionId', 'type': 'str'},
'instance_id': {'key': 'properties.instanceId', 'type': 'str'},
'workspace_arm_id': {'key': 'properties.workspaceArmId', 'type': 'str'},
}
def __init__(self, *, extended_properties=None, entities=None, confidence_reasons=None, **kwargs) -> None:
super(Alert, self).__init__(**kwargs)
self.state = None
self.reported_time_utc = None
self.vendor_name = None
self.alert_name = None
self.alert_display_name = None
self.detected_time_utc = None
self.description = None
self.remediation_steps = None
self.action_taken = None
self.reported_severity = None
self.compromised_entity = None
self.associated_resource = None
self.extended_properties = extended_properties
self.system_source = None
self.can_be_investigated = None
self.entities = entities
self.confidence_score = None
self.confidence_reasons = confidence_reasons
self.subscription_id = None
self.instance_id = None
self.workspace_arm_id = None
|