Package com.microsoft.graph.models

Class RiskDetection

java.lang.Object
com.microsoft.graph.models.Entity
com.microsoft.graph.models.RiskDetection
All Implemented Interfaces:
com.microsoft.graph.serializer.IJsonBackedObject
public class RiskDetection extends Entity implements com.microsoft.graph.serializer.IJsonBackedObject
The class for the Risk Detection.

  • Field Details

    • activity

      @SerializedName(value="activity", alternate="Activity") @Expose @Nullable public ActivityType activity
      The Activity. Indicates the activity type the detected risk is linked to. Possible values are: signin, user, unknownFutureValue.

    • activityDateTime

      @SerializedName(value="activityDateTime", alternate="ActivityDateTime") @Expose @Nullable public OffsetDateTime activityDateTime
      The Activity Date Time. Date and time that the risky activity occurred. The DateTimeOffset type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is look like this: 2014-01-01T00:00:00Z

    • additionalInfo

      @SerializedName(value="additionalInfo", alternate="AdditionalInfo") @Expose @Nullable public String additionalInfo
      The Additional Info. Additional information associated with the risk detection in JSON format. For example, '[{/'Key/':/'userAgent/',/'Value/':/'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36/'}]'. Possible keys in the additionalInfo JSON string are: userAgent, alertUrl, relatedEventTimeInUtc, relatedUserAgent, deviceInformation, relatedLocation, requestId, correlationId, lastActivityTimeInUtc, malwareName, clientLocation, clientIp, riskReasons. For more information about riskReasons and possible values, see riskReasons values.

    • correlationId

      @SerializedName(value="correlationId", alternate="CorrelationId") @Expose @Nullable public String correlationId
      The Correlation Id. Correlation ID of the sign-in associated with the risk detection. This property is null if the risk detection is not associated with a sign-in.

    • detectedDateTime

      @SerializedName(value="detectedDateTime", alternate="DetectedDateTime") @Expose @Nullable public OffsetDateTime detectedDateTime
      The Detected Date Time. Date and time that the risk was detected. The DateTimeOffset type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 looks like this: 2014-01-01T00:00:00Z

    • detectionTimingType

      @SerializedName(value="detectionTimingType", alternate="DetectionTimingType") @Expose @Nullable public RiskDetectionTimingType detectionTimingType
      The Detection Timing Type. Timing of the detected risk (real-time/offline). Possible values are: notDefined, realtime, nearRealtime, offline, unknownFutureValue.

    • ipAddress

      @SerializedName(value="ipAddress", alternate="IpAddress") @Expose @Nullable public String ipAddress
      The Ip Address. Provides the IP address of the client from where the risk occurred.

    • lastUpdatedDateTime

      @SerializedName(value="lastUpdatedDateTime", alternate="LastUpdatedDateTime") @Expose @Nullable public OffsetDateTime lastUpdatedDateTime
      The Last Updated Date Time. Date and time that the risk detection was last updated. The DateTimeOffset type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is look like this: 2014-01-01T00:00:00Z

    • location

      @SerializedName(value="location", alternate="Location") @Expose @Nullable public SignInLocation location
      The Location. Location of the sign-in.

    • requestId

      @SerializedName(value="requestId", alternate="RequestId") @Expose @Nullable public String requestId
      The Request Id. Request ID of the sign-in associated with the risk detection. This property is null if the risk detection is not associated with a sign-in.

    • riskDetail

      @SerializedName(value="riskDetail", alternate="RiskDetail") @Expose @Nullable public RiskDetail riskDetail
      The Risk Detail. Details of the detected risk. The possible values are: none, adminGeneratedTemporaryPassword, userPerformedSecuredPasswordChange, userPerformedSecuredPasswordReset, adminConfirmedSigninSafe, aiConfirmedSigninSafe, userPassedMFADrivenByRiskBasedPolicy, adminDismissedAllRiskForUser, adminConfirmedSigninCompromised, hidden, adminConfirmedUserCompromised, unknownFutureValue, m365DAdminDismissedDetection. Note that you must use the Prefer: include - unknown -enum-members request header to get the following value(s) in this evolvable enum: m365DAdminDismissedDetection.

    • riskEventType

      @SerializedName(value="riskEventType", alternate="RiskEventType") @Expose @Nullable public String riskEventType
      The Risk Event Type. The type of risk event detected. The possible values are unlikelyTravel, anonymizedIPAddress, maliciousIPAddress, unfamiliarFeatures, malwareInfectedIPAddress, suspiciousIPAddress, leakedCredentials, investigationsThreatIntelligence, generic,adminConfirmedUserCompromised, passwordSpray, impossibleTravel, newCountry, anomalousToken, tokenIssuerAnomaly,suspiciousBrowser, riskyIPAddress, mcasSuspiciousInboxManipulationRules, suspiciousInboxForwarding, and anomalousUserActivity. If the risk detection is a premium detection, will show generic. For more information about each value, see riskEventType values.

    • riskLevel

      @SerializedName(value="riskLevel", alternate="RiskLevel") @Expose @Nullable public RiskLevel riskLevel
      The Risk Level. Level of the detected risk. Possible values are: low, medium, high, hidden, none, unknownFutureValue.

    • riskState

      @SerializedName(value="riskState", alternate="RiskState") @Expose @Nullable public RiskState riskState
      The Risk State. The state of a detected risky user or sign-in. Possible values are: none, confirmedSafe, remediated, dismissed, atRisk, confirmedCompromised, unknownFutureValue.

    • source

      @SerializedName(value="source", alternate="Source") @Expose @Nullable public String source
      The Source. Source of the risk detection. For example, activeDirectory.

    • tokenIssuerType

      @SerializedName(value="tokenIssuerType", alternate="TokenIssuerType") @Expose @Nullable public TokenIssuerType tokenIssuerType
      The Token Issuer Type. Indicates the type of token issuer for the detected sign-in risk. Possible values are: AzureAD, ADFederationServices, UnknownFutureValue.

    • userDisplayName

      @SerializedName(value="userDisplayName", alternate="UserDisplayName") @Expose @Nullable public String userDisplayName
      The User Display Name. The user principal name (UPN) of the user.

    • userId

      @SerializedName(value="userId", alternate="UserId") @Expose @Nullable public String userId
      The User Id. Unique ID of the user.

    • userPrincipalName

      @SerializedName(value="userPrincipalName", alternate="UserPrincipalName") @Expose @Nullable public String userPrincipalName
      The User Principal Name. The user principal name (UPN) of the user.

  • Constructor Details

    • RiskDetection

      public RiskDetection()

  • Method Details

    • setRawObject

      public void setRawObject(@Nonnull com.microsoft.graph.serializer.ISerializer serializer, @Nonnull com.google.gson.JsonObject json)
      Sets the raw JSON object
      Specified by:
      setRawObject in interface com.microsoft.graph.serializer.IJsonBackedObject
      Overrides:
      setRawObject in class Entity
      Parameters:
      serializer - the serializer
      json - the JSON object to set this object to