Palo Alto Networks · Example Payload

Cortex Xdr Webhooks Incident Payload Example

Multiple alerts indicating ransomware behavior on endpoint

Cloud SecurityCybersecurityFirewallNetwork SecuritySASESOARThreat IntelligenceXDR

Cortex Xdr Webhooks Incident Payload Example is an example object payload from Palo Alto Networks, with 10 top-level fields. It illustrates the shape of data this provider's APIs accept or return.

Top-level fields

nameincident_idcreation_timemodification_timestatusseverityalert_countassigned_user_maildescriptionalert_sources

Example Payload

{
  "name": "Ransomware Activity Detected on WORKSTATION-042",
  "incident_id": "5001",
  "creation_time": 1705312200000,
  "modification_time": 1705315800000,
  "status": "new",
  "severity": "high",
  "alert_count": 3,
  "assigned_user_mail": "analyst@example.com",
  "description": "Multiple alerts indicating ransomware behavior on endpoint",
  "alert_sources": [
    "XDR Agent",
    "XDR Analytics BIOC"
  ]
}