{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "$id": "#/components/schemas/microsoft.graph.security.alertEvidence",
  "title": "alertEvidence",
  "required": [
    "@odata.type"
  ],
  "type": "object",
  "properties": {
    "createdDateTime": {
      "pattern": "^[0-9]{4,}-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])T([01][0-9]|2[0-3]):[0-5][0-9]:[0-5][0-9]([.][0-9]{1,12})?(Z|[+-][0-9][0-9]:[0-9][0-9])$",
      "type": "string",
      "description": "The date and time when the evidence was created and added to the alert. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.",
      "format": "date-time"
    },
    "detailedRoles": {
      "type": "array",
      "items": {
        "type": "string",
        "nullable": true
      },
      "description": "Detailed description of the entity role/s in an alert. Values are free-form."
    },
    "remediationStatus": {
      "$ref": "#/components/schemas/microsoft.graph.security.evidenceRemediationStatus"
    },
    "remediationStatusDetails": {
      "type": "string",
      "description": "Details about the remediation status.",
      "nullable": true
    },
    "roles": {
      "type": "array",
      "items": {
        "$ref": "#/components/schemas/microsoft.graph.security.evidenceRole"
      },
      "description": "The role/s that an evidence entity represents in an alert, for example, an IP address that is associated with an attacker has the evidence role Attacker."
    },
    "tags": {
      "type": "array",
      "items": {
        "type": "string",
        "nullable": true
      },
      "description": "Array of custom tags associated with an evidence instance, for example, to denote a group of devices, high-value assets, etc."
    },
    "verdict": {
      "$ref": "#/components/schemas/microsoft.graph.security.evidenceVerdict"
    },
    "@odata.type": {
      "type": "string"
    }
  },
  "discriminator": {
    "propertyName": "@odata.type",
    "mapping": {
      "#microsoft.graph.security.aiAgentEvidence": "#/components/schemas/microsoft.graph.security.aiAgentEvidence",
      "#microsoft.graph.security.amazonResourceEvidence": "#/components/schemas/microsoft.graph.security.amazonResourceEvidence",
      "#microsoft.graph.security.analyzedMessageEvidence": "#/components/schemas/microsoft.graph.security.analyzedMessageEvidence",
      "#microsoft.graph.security.azureResourceEvidence": "#/components/schemas/microsoft.graph.security.azureResourceEvidence",
      "#microsoft.graph.security.blobContainerEvidence": "#/components/schemas/microsoft.graph.security.blobContainerEvidence",
      "#microsoft.graph.security.blobEvidence": "#/components/schemas/microsoft.graph.security.blobEvidence",
      "#microsoft.graph.security.cloudApplicationEvidence": "#/components/schemas/microsoft.graph.security.cloudApplicationEvidence",
      "#microsoft.graph.security.cloudLogonRequestEvidence": "#/components/schemas/microsoft.graph.security.cloudLogonRequestEvidence",
      "#microsoft.graph.security.cloudLogonSessionEvidence": "#/components/schemas/microsoft.graph.security.cloudLogonSessionEvidence",
      "#microsoft.graph.security.containerEvidence": "#/components/schemas/microsoft.graph.security.containerEvidence",
      "#microsoft.graph.security.containerImageEvidence": "#/components/schemas/microsoft.graph.security.containerImageEvidence",
      "#microsoft.graph.security.containerRegistryEvidence": "#/components/schemas/microsoft.graph.security.containerRegistryEvidence",
      "#microsoft.graph.security.deviceEvidence": "#/components/schemas/microsoft.graph.security.deviceEvidence",
      "#microsoft.graph.security.dnsEvidence": "#/components/schemas/microsoft.graph.security.dnsEvidence",
      "#microsoft.graph.security.fileEvidence": "#/components/schemas/microsoft.graph.security.fileEvidence",
      "#microsoft.graph.security.fileHashEvidence": "#/components/schemas/microsoft.graph.security.fileHashEvidence",
      "#microsoft.graph.security.gitHubOrganizationEvidence": "#/components/schemas/microsoft.graph.security.gitHubOrganizationEvidence",
      "#microsoft.graph.security.gitHubRepoEvidence": "#/components/schemas/microsoft.graph.security.gitHubRepoEvidence",
      "#microsoft.graph.security.gitHubUserEvidence": "#/components/schemas/microsoft.graph.security.gitHubUserEvidence",
      "#microsoft.graph.security.googleCloudResourceEvidence": "#/components/schemas/microsoft.graph.security.googleCloudResourceEvidence",
      "#microsoft.graph.security.hostLogonSessionEvidence": "#/components/schemas/microsoft.graph.security.hostLogonSessionEvidence",
      "#microsoft.graph.security.ioTDeviceEvidence": "#/components/schemas/microsoft.graph.security.ioTDeviceEvidence",
      "#microsoft.graph.security.ipEvidence": "#/components/schemas/microsoft.graph.security.ipEvidence",
      "#microsoft.graph.security.kubernetesClusterEvidence": "#/components/schemas/microsoft.graph.security.kubernetesClusterEvidence",
      "#microsoft.graph.security.kubernetesControllerEvidence": "#/components/schemas/microsoft.graph.security.kubernetesControllerEvidence",
      "#microsoft.graph.security.kubernetesNamespaceEvidence": "#/components/schemas/microsoft.graph.security.kubernetesNamespaceEvidence",
      "#microsoft.graph.security.kubernetesPodEvidence": "#/components/schemas/microsoft.graph.security.kubernetesPodEvidence",
      "#microsoft.graph.security.kubernetesSecretEvidence": "#/components/schemas/microsoft.graph.security.kubernetesSecretEvidence",
      "#microsoft.graph.security.kubernetesServiceAccountEvidence": "#/components/schemas/microsoft.graph.security.kubernetesServiceAccountEvidence",
      "#microsoft.graph.security.kubernetesServiceEvidence": "#/components/schemas/microsoft.graph.security.kubernetesServiceEvidence",
      "#microsoft.graph.security.mailboxConfigurationEvidence": "#/components/schemas/microsoft.graph.security.mailboxConfigurationEvidence",
      "#microsoft.graph.security.mailboxEvidence": "#/components/schemas/microsoft.graph.security.mailboxEvidence",
      "#microsoft.graph.security.mailClusterEvidence": "#/components/schemas/microsoft.graph.security.mailClusterEvidence",
      "#microsoft.graph.security.malwareEvidence": "#/components/schemas/microsoft.graph.security.malwareEvidence",
      "#microsoft.graph.security.networkConnectionEvidence": "#/components/schemas/microsoft.graph.security.networkConnectionEvidence",
      "#microsoft.graph.security.nicEvidence": "#/components/schemas/microsoft.graph.security.nicEvidence",
      "#microsoft.graph.security.oauthApplicationEvidence": "#/components/schemas/microsoft.graph.security.oauthApplicationEvidence",
      "#microsoft.graph.security.processEvidence": "#/components/schemas/microsoft.graph.security.processEvidence",
      "#microsoft.graph.security.registryKeyEvidence": "#/components/schemas/microsoft.graph.security.registryKeyEvidence",
      "#microsoft.graph.security.registryValueEvidence": "#/components/schemas/microsoft.graph.security.registryValueEvidence",
      "#microsoft.graph.security.sasTokenEvidence": "#/components/schemas/microsoft.graph.security.sasTokenEvidence",
      "#microsoft.graph.security.securityGroupEvidence": "#/components/schemas/microsoft.graph.security.securityGroupEvidence",
      "#microsoft.graph.security.servicePrincipalEvidence": "#/components/schemas/microsoft.graph.security.servicePrincipalEvidence",
      "#microsoft.graph.security.submissionMailEvidence": "#/components/schemas/microsoft.graph.security.submissionMailEvidence",
      "#microsoft.graph.security.teamsMessageEvidence": "#/components/schemas/microsoft.graph.security.teamsMessageEvidence",
      "#microsoft.graph.security.urlEvidence": "#/components/schemas/microsoft.graph.security.urlEvidence",
      "#microsoft.graph.security.userEvidence": "#/components/schemas/microsoft.graph.security.userEvidence"
    }
  }
}