Palo Alto Networks · JSON Structure

Cortex Xsoar Api Create Incident Request Structure

CreateIncidentRequest schema from Palo Alto Networks Cortex XSOAR REST API

Type: object Properties: 10 Required: 1
Cloud SecurityCybersecurityFirewallNetwork SecuritySASESOARThreat IntelligenceXDR

CreateIncidentRequest is a JSON Structure definition published by Palo Alto Networks, describing 10 properties, of which 1 is required. It conforms to the https://json-structure.org/meta/core/v0/# meta-schema.

Properties

name type severity owner occurred details labels createInvestigation CustomFields rawJson

Meta-schema: https://json-structure.org/meta/core/v0/#

JSON Structure

Raw ↑ 
{
  "$schema": "https://json-structure.org/meta/core/v0/#",
  "$id": "https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-structure/cortex-xsoar-api-create-incident-request-structure.json",
  "name": "CreateIncidentRequest",
  "description": "CreateIncidentRequest schema from Palo Alto Networks Cortex XSOAR REST API",
  "type": "object",
  "properties": {
    "name": {
      "type": "string",
      "description": "Incident name."
    },
    "type": {
      "type": "string",
      "description": "Incident type name."
    },
    "severity": {
      "type": "int32",
      "enum": [
        0,
        1,
        2,
        3,
        4,
        5
      ]
    },
    "owner": {
      "type": "string"
    },
    "occurred": {
      "type": "datetime"
    },
    "details": {
      "type": "string"
    },
    "labels": {
      "type": "array",
      "items": {
        "type": "object",
        "properties": {
          "type": {
            "type": "string"
          },
          "value": {
            "type": "string"
          }
        }
      }
    },
    "createInvestigation": {
      "type": "boolean",
      "description": "Whether to automatically create an investigation for this incident.",
      "default": true
    },
    "CustomFields": {
      "type": "object",
      "additionalProperties": true
    },
    "rawJson": {
      "type": "string"
    }
  },
  "required": [
    "name"
  ]
}