Palo Alto Networks · JSON Structure

Cortex Xpanse Api Asm Incident Structure

An attack surface incident representing a confirmed exposure requiring remediation.

Type: object Properties: 14
Cloud SecurityCybersecurityFirewallNetwork SecuritySASESOARThreat IntelligenceXDR

AsmIncident is a JSON Structure definition published by Palo Alto Networks, describing 14 properties. It conforms to the https://json-structure.org/meta/core/v0/# meta-schema.

Properties

incident_id incident_name status severity incident_type assigned_user_mail assigned_user_pretty_name alert_count description creation_time modification_time resolved_by resolve_comment tags

Meta-schema: https://json-structure.org/meta/core/v0/#

JSON Structure

Raw ↑ 
{
  "$schema": "https://json-structure.org/meta/core/v0/#",
  "$id": "https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-structure/cortex-xpanse-api-asm-incident-structure.json",
  "name": "AsmIncident",
  "description": "An attack surface incident representing a confirmed exposure requiring remediation.",
  "type": "object",
  "properties": {
    "incident_id": {
      "type": "string",
      "description": "Unique attack surface incident identifier."
    },
    "incident_name": {
      "type": "string"
    },
    "status": {
      "type": "string",
      "enum": [
        "new",
        "under_investigation",
        "resolved",
        "resolved_no_risk",
        "resolved_risk_accepted",
        "resolved_contested_asset",
        "resolved_remediated_automatically"
      ]
    },
    "severity": {
      "type": "string",
      "enum": [
        "critical",
        "high",
        "medium",
        "low",
        "informational"
      ]
    },
    "incident_type": {
      "type": "array",
      "description": "Attack surface rule types that triggered this incident.",
      "items": {
        "type": "string"
      }
    },
    "assigned_user_mail": {
      "type": "string"
    },
    "assigned_user_pretty_name": {
      "type": "string"
    },
    "alert_count": {
      "type": "int32"
    },
    "description": {
      "type": "string"
    },
    "creation_time": {
      "type": "int32",
      "description": "Incident creation timestamp as Unix epoch milliseconds."
    },
    "modification_time": {
      "type": "int32"
    },
    "resolved_by": {
      "type": "string"
    },
    "resolve_comment": {
      "type": "string"
    },
    "tags": {
      "type": "array",
      "items": {
        "type": "object",
        "properties": {
          "key": {
            "type": "string"
          },
          "value": {
            "type": "string"
          }
        }
      }
    }
  }
}