Nota
L'accesso a questa pagina richiede l'autorizzazione. È possibile provare ad accedere o modificare le directory.
L'accesso a questa pagina richiede l'autorizzazione. È possibile provare a modificare le directory.
Namespace: microsoft.graph.security
Important
APIs under the /beta version in Microsoft Graph are subject to change. Use of these APIs in production applications is not supported. To determine whether an API is available in v1.0, use the Version selector.
Represents malware that is reported in a security detection alert.
Inherits from alertEvidence.
Properties
| Property | Type | Description |
|---|---|---|
| category | String | The malware category by the vendor. For example, Trojan. |
| createdDateTime | DateTimeOffset | The date and time when the evidence was created and added to the alert. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2024 is 2024-01-01T00:00:00Z. Inherited from alertEvidence. |
| detailedRoles | String collection | Detailed description of the entity role or roles in an alert. Values are free-form. Inherited from alertEvidence. |
| files | microsoft.graph.security.fileEvidence collection | A list of the linked file entities on which the malware was found. Can contain the File entities inline or as reference. For more information, see fileEvidence. |
| name | String | The malware name by the vendor. For example, Win32/Toga. |
| processes | microsoft.graph.security.processEvidence collection | A list of the linked process entities on which the malware was found. Use this property, for example, when the alert was triggered on fileless activity. For more information, see processEvidence. |
| remediationStatus | microsoft.graph.security.evidenceRemediationStatus | Status of the remediation action taken. The possible values are: none, remediated, prevented, blocked, notFound, unknownFutureValue, active, pendingApproval, declined, unremediated, running, partiallyRemediated. Use the Prefer: include-unknown-enum-members request header to get the following values from this evolvable enum: active, pendingApproval, declined, unremediated, running, partiallyRemediated. Inherited from alertEvidence. |
| remediationStatusDetails | String | Details about the remediation status. Inherited from alertEvidence. |
| roles | microsoft.graph.security.evidenceRole collection | The role or roles that an evidence entity represents in an alert, for example, an IP address that is associated with an attacker has the evidence role Attacker. Inherited from alertEvidence. |
| tags | String collection | Array of custom tags associated with an evidence instance, for example, to denote a group of devices and high-value assets. Inherited from alertEvidence. |
| verdict | microsoft.graph.security.evidenceVerdict | The decision reached by automated investigation. The possible values are: unknown, suspicious, malicious, noThreatsFound, unknownFutureValue. Inherited from alertEvidence. |
Relationships
None.
JSON representation
The following JSON representation shows the resource type.
{
"@odata.type": "#microsoft.graph.security.malwareEvidence",
"createdDateTime": "String (timestamp)",
"verdict": "String",
"remediationStatus": "String",
"remediationStatusDetails": "String",
"roles": [
"String"
],
"detailedRoles": [
"String"
],
"tags": [
"String"
],
"name": "String",
"category": "String",
"files": [
{
"@odata.type": "microsoft.graph.security.fileEvidence"
}
],
"processes": [
{
"@odata.type": "microsoft.graph.security.processEvidence"
}
]
}