Rediger

Del via

correlationReason enum type

Namespace: microsoft.graph.security

Important

APIs under the /beta version in Microsoft Graph are subject to change. Use of these APIs in production applications is not supported. To determine whether an API is available in v1.0, use the Version selector.

The reasons alerts or incidents are correlated together through the alert: moveAlerts and incident: mergeIncidents APIs.

This is a flags enumeration. You can combine multiple values in requests.

Members

Member Description
repeatedAlertOccurrence Alerts are correlated because the same alert repeated.
sameGeography Alerts are correlated because they originate from the same geography.
similarArtifacts Alerts are correlated because they involve similar artifacts.
sameTargetedAsset Alerts are correlated because they target the same asset.
sameNetworkSegment Alerts are correlated because they occur in the same network segment.
eventSequence Alerts are correlated because of event sequence.
timeFrame Alerts are correlated because they occur within the same time frame.
sameThreatSource Alerts are correlated because they share the same threat source.
similarTTPsOrBehavior Alerts are correlated because of similar tactics, techniques, procedures, or behavior.
sameActor Alerts are correlated because they involve the same threat actor.
sameCampaign Alerts are correlated because they are part of the same campaign.
sharedIndicators Alerts are correlated because they share indicators of compromise.
sameAsset Alerts are correlated because they involve the same asset.
networkProximity Alerts are correlated because of network proximity.
eventCasualSequence Alerts are correlated because of a causal sequence of events.
temporalProximity Alerts are correlated because of temporal proximity.
lateralMovementPath Alerts are correlated because they are part of a lateral movement path.
unknownFutureValue Evolvable enumeration sentinel value. Don't use.
  • Last updated on