Palo Alto Networks · Example Payload

Cortex Xdr Webhooks Alert Payload Example

Mimikatz credential dumping tool execution detected on WORKSTATION-042 under user context DOMAIN\jsmith

Cloud SecurityCybersecurityFirewallNetwork SecuritySASESOARThreat IntelligenceXDR

Cortex Xdr Webhooks Alert Payload Example is an example object payload from Palo Alto Networks, with 10 top-level fields. It illustrates the shape of data this provider's APIs accept or return.

Top-level fields

nameincident_idcreation_timemodification_timestatusseverityalert_countassigned_user_maildescriptionalert_sources

Example Payload

Raw ↑ 
{
  "name": "Malicious Process Execution - Mimikatz",
  "incident_id": "5001",
  "creation_time": 1705312200000,
  "modification_time": 1705312200000,
  "status": "new",
  "severity": "high",
  "alert_count": 1,
  "assigned_user_mail": "",
  "description": "Mimikatz credential dumping tool execution detected on WORKSTATION-042 under user context DOMAIN\\jsmith",
  "alert_sources": [
    "XDR Agent"
  ]
}