Skip to content

Commit cef7a95

Browse files
authored
Add inherited properties to Teams message evidence.
1 parent 139e082 commit cef7a95

File tree

2 files changed

+14
-14
lines changed

2 files changed

+14
-14
lines changed

api-reference/beta/resources/security-teamsmessageevidence.md

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -24,10 +24,10 @@ Inherits from [alertEvidence](../resources/security-alertevidence.md).
2424
|:---|:---|:---|
2525
| campaignId | String | The identifier of the campaign that this Teams message is part of. |
2626
| channelId | String | The channel ID associated with this Teams message. |
27-
| createdDateTime | DateTimeOffset | The date and time when the evidence was created and added to the alert. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`. |
27+
| createdDateTime | DateTimeOffset | The date and time when the evidence was created and added to the alert. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`. Inherited from [alertEvidence](../resources/security-alertevidence.md). |
2828
| deliveryAction | microsoft.graph.security.teamsMessageDeliveryAction | The delivery action of this Teams message. Possible values are: `unknown`, `deliveredAsSpam`, `delivered`, `blocked`, `replaced`, `unknownFutureValue`. |
2929
| deliveryLocation | microsoft.graph.security.teamsDeliveryLocation | The delivery location of this Teams message. Possible values are: `unknown`, `teams`, `quarantine`, `failed`, `unknownFutureValue`. |
30-
| detailedRoles | String collection |Detailed description of the entity role/s in an alert. Values are free-form. |
30+
| detailedRoles | String collection | The detailed description of the entity roles in an alert. Values are free-form. Inherited from [alertEvidence](../resources/security-alertevidence.md). |
3131
| files | [microsoft.graph.security.fileEvidence](./security-fileevidence.md) collection | The list of file entities that are attached to this Teams message. |
3232
| groupId | String | The identifier of the team or group that this message is part of. |
3333
| isExternal | Boolean | Indicates whether the message is owned by the organization that reported the security detection alert. |
@@ -39,20 +39,20 @@ Inherits from [alertEvidence](../resources/security-alertevidence.md).
3939
| parentMessageId | String | Identifier of the message to which the current message is a reply; otherwise, it's the same as the **messageId**. |
4040
| receivedDateTime | DateTimeOffset | The received date of this message. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`. |
4141
| recipients | String collection | The recipients of this Teams message. |
42-
| remediationStatus | [microsoft.graph.security.evidenceRemediationStatus](../resources/security-alertevidence.md#evidenceremediationstatus-values) | Status of the remediation action taken. The possible values are: `none`, `remediated`, `prevented`, `blocked`, `notFound`, `unknownFutureValue`, `active`, `pendingApproval`, `declined`, `unremediated`, `running`, `partiallyRemediated`. Use the `Prefer: include-unknown-enum-members` request header to get the following values from this [evolvable enum](/graph/best-practices-concept#handling-future-members-in-evolvable-enumerations): `active`, `pendingApproval`, `declined`, `unremediated`, `running`, `partiallyRemediated`. |
43-
| remediationStatusDetails | String | Details about the remediation status. |
44-
| roles | [microsoft.graph.security.evidenceRole](../resources/security-alertevidence.md#evidencerole-values) collection | The role/s that an evidence entity represents in an alert, for example, an IP address that is associated with an attacker has the evidence role **Attacker**. |
42+
| remediationStatus | [microsoft.graph.security.evidenceRemediationStatus](../resources/security-alertevidence.md#evidenceremediationstatus-values) | Status of the remediation action taken. The possible values are: `none`, `remediated`, `prevented`, `blocked`, `notFound`, `unknownFutureValue`, `active`, `pendingApproval`, `declined`, `unremediated`, `running`, `partiallyRemediated`. Use the `Prefer: include-unknown-enum-members` request header to get the following values from this [evolvable enum](/graph/best-practices-concept#handling-future-members-in-evolvable-enumerations): `active`, `pendingApproval`, `declined`, `unremediated`, `running`, `partiallyRemediated`. Inherited from [alertEvidence](../resources/security-alertevidence.md). |
43+
| remediationStatusDetails | String | Details about the remediation status. Inherited from [alertEvidence](../resources/security-alertevidence.md). |
44+
| roles | [microsoft.graph.security.evidenceRole](../resources/security-alertevidence.md#evidencerole-values) collection | One or more roles that an evidence entity represents in an alert; for example, an IP address associated with an attacker has the evidence role `Attacker`. Inherited from [alertEvidence](../resources/security-alertevidence.md). |
4545
| senderFromAddress | String | The SMTP format address of the sender. |
4646
| senderIP | String | The IP address of the sender. |
4747
| sourceAppName | String | Source of the message; for example, `desktop` and `mobile`. |
4848
| sourceId | String | The source ID of this Teams message. |
4949
| subject | String | The subject of this Teams message. |
5050
| suspiciousRecipients | String collection | The list of recipients who were detected as suspicious. |
51-
| tags | String collection | Array of custom tags associated with an evidence instance, for example, to denote a group of devices, high-value assets, etc. |
51+
| tags | String collection | Array of custom tags associated with an evidence instance; for example, to denote a group of devices or high-value assets. Inherited from [alertEvidence](../resources/security-alertevidence.md). |
5252
| threadId | String | Identifier of the channel or chat that this message is part of. |
5353
| threadType | String | The Teams message type. Supported values are: `Chat`, `Topic`, `Space`, and `Meeting`. |
5454
| urls | [microsoft.graph.security.urlEvidence](./security-urlevidence.md) collection | The URLs contained in this Teams message. |
55-
| verdict |[microsoft.graph.security.evidenceVerdict](../resources/security-alertevidence.md#evidenceverdict-values)| The decision reached by automated investigation. The possible values are: `unknown`, `suspicious`, `malicious`, `noThreatsFound`, `unknownFutureValue`. |
55+
| verdict |[microsoft.graph.security.evidenceVerdict](../resources/security-alertevidence.md#evidenceverdict-values)| The decision reached by automated investigation. The possible values are: `unknown`, `suspicious`, `malicious`, `noThreatsFound`, `unknownFutureValue`. Inherited from [alertEvidence](../resources/security-alertevidence.md). |
5656

5757
## Relationships
5858
None.

api-reference/v1.0/resources/security-teamsmessageevidence.md

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -22,10 +22,10 @@ Inherits from [alertEvidence](../resources/security-alertevidence.md).
2222
|:---|:---|:---|
2323
| campaignId | String | The identifier of the campaign that this Teams message is part of. |
2424
| channelId | String | The channel ID associated with this Teams message. |
25-
| createdDateTime | DateTimeOffset | The date and time when the evidence was created and added to the alert. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`. |
25+
| createdDateTime | DateTimeOffset | The date and time when the evidence was created and added to the alert. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`. Inherited from [alertEvidence](../resources/security-alertevidence.md). |
2626
| deliveryAction | microsoft.graph.security.teamsMessageDeliveryAction | The delivery action of this Teams message. Possible values are: `unknown`, `deliveredAsSpam`, `delivered`, `blocked`, `replaced`, `unknownFutureValue`. |
2727
| deliveryLocation | microsoft.graph.security.teamsDeliveryLocation | The delivery location of this Teams message. Possible values are: `unknown`, `teams`, `quarantine`, `failed`, `unknownFutureValue`. |
28-
| detailedRoles | String collection |Detailed description of the entity role/s in an alert. Values are free-form. |
28+
| detailedRoles | String collection | The detailed description of the entity roles in an alert. Values are free-form. Inherited from [alertEvidence](../resources/security-alertevidence.md). |
2929
| files | [microsoft.graph.security.fileEvidence](./security-fileevidence.md) collection | The list of file entities that are attached to this Teams message. |
3030
| groupId | String | The identifier of the team or group that this message is part of. |
3131
| isExternal | Boolean | Indicates whether the message is owned by the organization that reported the security detection alert. |
@@ -37,20 +37,20 @@ Inherits from [alertEvidence](../resources/security-alertevidence.md).
3737
| parentMessageId | String | Identifier of the message to which the current message is a reply; otherwise, it's the same as the **messageId**. |
3838
| receivedDateTime | DateTimeOffset | The received date of this message. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`. |
3939
| recipients | String collection | The recipients of this Teams message. |
40-
| remediationStatus | [microsoft.graph.security.evidenceRemediationStatus](../resources/security-alertevidence.md#evidenceremediationstatus-values) | Status of the remediation action taken. The possible values are: `none`, `remediated`, `prevented`, `blocked`, `notFound`, `unknownFutureValue`, `active`, `pendingApproval`, `declined`, `unremediated`, `running`, `partiallyRemediated`. Use the `Prefer: include-unknown-enum-members` request header to get the following values from this [evolvable enum](/graph/best-practices-concept#handling-future-members-in-evolvable-enumerations): `active`, `pendingApproval`, `declined`, `unremediated`, `running`, `partiallyRemediated`. |
41-
| remediationStatusDetails | String | Details about the remediation status. |
42-
| roles | [microsoft.graph.security.evidenceRole](../resources/security-alertevidence.md#evidencerole-values) collection | The role/s that an evidence entity represents in an alert, for example, an IP address that is associated with an attacker has the evidence role **Attacker**. |
40+
| remediationStatus | [microsoft.graph.security.evidenceRemediationStatus](../resources/security-alertevidence.md#evidenceremediationstatus-values) | Status of the remediation action taken. The possible values are: `none`, `remediated`, `prevented`, `blocked`, `notFound`, `unknownFutureValue`, `active`, `pendingApproval`, `declined`, `unremediated`, `running`, `partiallyRemediated`. Use the `Prefer: include-unknown-enum-members` request header to get the following values from this [evolvable enum](/graph/best-practices-concept#handling-future-members-in-evolvable-enumerations): `active`, `pendingApproval`, `declined`, `unremediated`, `running`, `partiallyRemediated`. Inherited from [alertEvidence](../resources/security-alertevidence.md). |
41+
| remediationStatusDetails | String | Details about the remediation status. Inherited from [alertEvidence](../resources/security-alertevidence.md). |
42+
| roles | [microsoft.graph.security.evidenceRole](../resources/security-alertevidence.md#evidencerole-values) collection | One or more roles that an evidence entity represents in an alert; for example, an IP address associated with an attacker has the evidence role `Attacker`. Inherited from [alertEvidence](../resources/security-alertevidence.md). |
4343
| senderFromAddress | String | The SMTP format address of the sender. |
4444
| senderIP | String | The IP address of the sender. |
4545
| sourceAppName | String | Source of the message; for example, `desktop` and `mobile`. |
4646
| sourceId | String | The source ID of this Teams message. |
4747
| subject | String | The subject of this Teams message. |
4848
| suspiciousRecipients | String collection | The list of recipients who were detected as suspicious. |
49-
| tags | String collection | Array of custom tags associated with an evidence instance, for example, to denote a group of devices, high-value assets, etc. |
49+
| tags | String collection | Array of custom tags associated with an evidence instance; for example, to denote a group of devices or high-value assets. Inherited from [alertEvidence](../resources/security-alertevidence.md). |
5050
| threadId | String | Identifier of the channel or chat that this message is part of. |
5151
| threadType | String | The Teams message type. Supported values are: `Chat`, `Topic`, `Space`, and `Meeting`. |
5252
| urls | [microsoft.graph.security.urlEvidence](./security-urlevidence.md) collection | The URLs contained in this Teams message. |
53-
| verdict |[microsoft.graph.security.evidenceVerdict](../resources/security-alertevidence.md#evidenceverdict-values)| The decision reached by automated investigation. The possible values are: `unknown`, `suspicious`, `malicious`, `noThreatsFound`, `unknownFutureValue`. |
53+
| verdict |[microsoft.graph.security.evidenceVerdict](../resources/security-alertevidence.md#evidenceverdict-values)| The decision reached by automated investigation. The possible values are: `unknown`, `suspicious`, `malicious`, `noThreatsFound`, `unknownFutureValue`. Inherited from [alertEvidence](../resources/security-alertevidence.md). |
5454

5555
## Relationships
5656
None.

0 commit comments

Comments
 (0)