File: alert_py3.py

package info (click to toggle)
python-azure 20181112%2Bgit-2
  • links: PTS, VCS
  • area: main
  • in suites: buster
  • size: 407,300 kB
  • sloc: python: 717,190; makefile: 201; sh: 76
file content (151 lines) | stat: -rw-r--r-- 7,069 bytes parent folder | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
# coding=utf-8
# --------------------------------------------------------------------------
# Copyright (c) Microsoft Corporation. All rights reserved.
# Licensed under the MIT License. See License.txt in the project root for
# license information.
#
# Code generated by Microsoft (R) AutoRest Code Generator.
# Changes may cause incorrect behavior and will be lost if the code is
# regenerated.
# --------------------------------------------------------------------------

from .resource_py3 import Resource


class Alert(Resource):
    """Security alert.

    Variables are only populated by the server, and will be ignored when
    sending a request.

    :ivar id: Resource Id
    :vartype id: str
    :ivar name: Resource name
    :vartype name: str
    :ivar type: Resource type
    :vartype type: str
    :ivar state: State of the alert (Active, Dismissed etc.)
    :vartype state: str
    :ivar reported_time_utc: The time the incident was reported to
     Microsoft.Security in UTC
    :vartype reported_time_utc: datetime
    :ivar vendor_name: Name of the vendor that discovered the incident
    :vartype vendor_name: str
    :ivar alert_name: Name of the alert type
    :vartype alert_name: str
    :ivar alert_display_name: Display name of the alert type
    :vartype alert_display_name: str
    :ivar detected_time_utc: The time the incident was detected by the vendor
    :vartype detected_time_utc: datetime
    :ivar description: Description of the incident and what it means
    :vartype description: str
    :ivar remediation_steps: Recommended steps to reradiate the incident
    :vartype remediation_steps: str
    :ivar action_taken: The action that was taken as a response to the alert
     (Active, Blocked etc.)
    :vartype action_taken: str
    :ivar reported_severity: Estimated severity of this alert
    :vartype reported_severity: str
    :ivar compromised_entity: The entity that the incident happened on
    :vartype compromised_entity: str
    :ivar associated_resource: Azure resource ID of the associated resource
    :vartype associated_resource: str
    :param extended_properties:
    :type extended_properties: dict[str, object]
    :ivar system_source: The type of the alerted resource (Azure, Non-Azure)
    :vartype system_source: str
    :ivar can_be_investigated: Whether this alert can be investigated with
     Azure Security Center
    :vartype can_be_investigated: bool
    :param entities: objects that are related to this alerts
    :type entities: list[~azure.mgmt.security.models.AlertEntity]
    :ivar confidence_score: level of confidence we have on the alert
    :vartype confidence_score: float
    :param confidence_reasons: reasons the alert got the confidenceScore value
    :type confidence_reasons:
     list[~azure.mgmt.security.models.AlertConfidenceReason]
    :ivar subscription_id: Azure subscription ID of the resource that had the
     security alert or the subscription ID of the workspace that this resource
     reports to
    :vartype subscription_id: str
    :ivar instance_id: Instance ID of the alert.
    :vartype instance_id: str
    :ivar workspace_arm_id: Azure resource ID of the workspace that the alert
     was reported to.
    :vartype workspace_arm_id: str
    """

    _validation = {
        'id': {'readonly': True},
        'name': {'readonly': True},
        'type': {'readonly': True},
        'state': {'readonly': True},
        'reported_time_utc': {'readonly': True},
        'vendor_name': {'readonly': True},
        'alert_name': {'readonly': True},
        'alert_display_name': {'readonly': True},
        'detected_time_utc': {'readonly': True},
        'description': {'readonly': True},
        'remediation_steps': {'readonly': True},
        'action_taken': {'readonly': True},
        'reported_severity': {'readonly': True},
        'compromised_entity': {'readonly': True},
        'associated_resource': {'readonly': True},
        'system_source': {'readonly': True},
        'can_be_investigated': {'readonly': True},
        'confidence_score': {'readonly': True, 'maximum': 1, 'minimum': 0},
        'subscription_id': {'readonly': True},
        'instance_id': {'readonly': True},
        'workspace_arm_id': {'readonly': True},
    }

    _attribute_map = {
        'id': {'key': 'id', 'type': 'str'},
        'name': {'key': 'name', 'type': 'str'},
        'type': {'key': 'type', 'type': 'str'},
        'state': {'key': 'properties.state', 'type': 'str'},
        'reported_time_utc': {'key': 'properties.reportedTimeUtc', 'type': 'iso-8601'},
        'vendor_name': {'key': 'properties.vendorName', 'type': 'str'},
        'alert_name': {'key': 'properties.alertName', 'type': 'str'},
        'alert_display_name': {'key': 'properties.alertDisplayName', 'type': 'str'},
        'detected_time_utc': {'key': 'properties.detectedTimeUtc', 'type': 'iso-8601'},
        'description': {'key': 'properties.description', 'type': 'str'},
        'remediation_steps': {'key': 'properties.remediationSteps', 'type': 'str'},
        'action_taken': {'key': 'properties.actionTaken', 'type': 'str'},
        'reported_severity': {'key': 'properties.reportedSeverity', 'type': 'str'},
        'compromised_entity': {'key': 'properties.compromisedEntity', 'type': 'str'},
        'associated_resource': {'key': 'properties.associatedResource', 'type': 'str'},
        'extended_properties': {'key': 'properties.extendedProperties', 'type': '{object}'},
        'system_source': {'key': 'properties.systemSource', 'type': 'str'},
        'can_be_investigated': {'key': 'properties.canBeInvestigated', 'type': 'bool'},
        'entities': {'key': 'properties.entities', 'type': '[AlertEntity]'},
        'confidence_score': {'key': 'properties.confidenceScore', 'type': 'float'},
        'confidence_reasons': {'key': 'properties.confidenceReasons', 'type': '[AlertConfidenceReason]'},
        'subscription_id': {'key': 'properties.subscriptionId', 'type': 'str'},
        'instance_id': {'key': 'properties.instanceId', 'type': 'str'},
        'workspace_arm_id': {'key': 'properties.workspaceArmId', 'type': 'str'},
    }

    def __init__(self, *, extended_properties=None, entities=None, confidence_reasons=None, **kwargs) -> None:
        super(Alert, self).__init__(**kwargs)
        self.state = None
        self.reported_time_utc = None
        self.vendor_name = None
        self.alert_name = None
        self.alert_display_name = None
        self.detected_time_utc = None
        self.description = None
        self.remediation_steps = None
        self.action_taken = None
        self.reported_severity = None
        self.compromised_entity = None
        self.associated_resource = None
        self.extended_properties = extended_properties
        self.system_source = None
        self.can_be_investigated = None
        self.entities = entities
        self.confidence_score = None
        self.confidence_reasons = confidence_reasons
        self.subscription_id = None
        self.instance_id = None
        self.workspace_arm_id = None