Palo Alto Networks · Example Payload

Cortex Xdr Incident Example

For security configured suspicious analysis on rule endpoint updated threat updated security traffic.

Cloud SecurityCybersecurityFirewallNetwork SecuritySASESOARThreat IntelligenceXDR

Cortex Xdr Incident Example is an example object payload from Palo Alto Networks, with 21 top-level fields. It illustrates the shape of data this provider's APIs accept or return.

Top-level fields

incident_idincident_namecreation_timemodification_timestatusseverityassigned_user_mailassigned_user_pretty_namedescriptionalert_countlow_severity_alert_countmed_severity_alert_counthigh_severity_alert_countuser_counthost_countnotesresolve_commentalert_sourcesnetwork_artifactsfile_artifactsxdr_url

Example Payload

Raw ↑ 
{
  "incident_id": "407788",
  "incident_name": "Primary Gateway 24",
  "creation_time": 1743841015113,
  "modification_time": 1728479157669,
  "status": "new",
  "severity": "high",
  "assigned_user_mail": "jane.doe@example.com",
  "assigned_user_pretty_name": "Sarah Chen",
  "description": "For security configured suspicious analysis on rule endpoint updated threat updated security traffic.",
  "alert_count": 264,
  "low_severity_alert_count": 173,
  "med_severity_alert_count": 407,
  "high_severity_alert_count": 385,
  "user_count": 734,
  "host_count": 87,
  "notes": "Configured blocked security and response allowed firewall security alert security analysis.",
  "resolve_comment": "Response rule response monitoring on incident configured configured.",
  "alert_sources": [
    "example-alert_sources_item",
    "example-alert_sources_item"
  ],
  "network_artifacts": [
    "example-network_artifacts_item",
    "example-network_artifacts_item"
  ],
  "file_artifacts": [
    "example-file_artifacts_item",
    "example-file_artifacts_item"
  ],
  "xdr_url": "https://cdn.example.com/path/f3b40a"
}