Palo Alto Networks · JSON Structure

Cortex Xsoar Api Incident Search Request Structure

IncidentSearchRequest schema from Palo Alto Networks Cortex XSOAR REST API

Type: object Properties: 5
Cloud SecurityCybersecurityFirewallNetwork SecuritySASESOARThreat IntelligenceXDR

IncidentSearchRequest is a JSON Structure definition published by Palo Alto Networks, describing 5 properties. It conforms to the https://json-structure.org/meta/core/v0/# meta-schema.

Properties

filter fromDate toDate size page

Meta-schema: https://json-structure.org/meta/core/v0/#

JSON Structure

Raw ↑ 
{
  "$schema": "https://json-structure.org/meta/core/v0/#",
  "$id": "https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-structure/cortex-xsoar-api-incident-search-request-structure.json",
  "name": "IncidentSearchRequest",
  "description": "IncidentSearchRequest schema from Palo Alto Networks Cortex XSOAR REST API",
  "type": "object",
  "properties": {
    "filter": {
      "type": "object",
      "description": "Structured filter criteria for the incident search.",
      "properties": {
        "query": {
          "type": "string",
          "description": "Lucene query string (e.g., status:Active severity:High)."
        },
        "status": {
          "type": "array",
          "items": {
            "type": "int32"
          }
        },
        "sort": {
          "type": "array",
          "items": {
            "type": "object",
            "properties": {
              "field": {
                "type": "string"
              },
              "asc": {
                "type": "boolean"
              }
            }
          }
        },
        "period": {
          "type": "object",
          "properties": {
            "byFrom": {
              "type": "datetime"
            },
            "byTo": {
              "type": "datetime"
            }
          }
        }
      }
    },
    "fromDate": {
      "type": "datetime"
    },
    "toDate": {
      "type": "datetime"
    },
    "size": {
      "type": "int32",
      "maximum": 100,
      "default": 10
    },
    "page": {
      "type": "int32",
      "default": 0
    }
  }
}