Home Palo Alto Networks Dlp Api Dlp Incident Structure
Dlp Api Dlp Incident Structure
DLPIncident schema from Palo Alto Networks Enterprise DLP API
Type: object
Properties: 18
Cloud Security Cybersecurity Firewall Network Security SASE SOAR Threat Intelligence XDR
DLPIncident is a JSON Structure definition published by Palo Alto Networks, describing 18 properties. It conforms to the https://json-structure.org/meta/core/v0/# meta-schema.
Properties
incident_id
status
severity
data_pattern_name
data_pattern_id
match_count
channel
user
timestamp
application
file_name
file_type
file_size
direction
action_taken
reviewer_comments
reviewed_by
reviewed_at
Meta-schema: https://json-structure.org/meta/core/v0/#
JSON Structure
{
"$schema": "https://json-structure.org/meta/core/v0/#",
"$id": "https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-structure/dlp-api-dlp-incident-structure.json",
"name": "DLPIncident",
"description": "DLPIncident schema from Palo Alto Networks Enterprise DLP API",
"type": "object",
"properties": {
"incident_id": {
"type": "string",
"description": "Unique incident identifier."
},
"status": {
"type": "string",
"description": "Current incident status.",
"enum": [
"open",
"in_review",
"resolved",
"dismissed"
]
},
"severity": {
"type": "string",
"description": "Incident severity level.",
"enum": [
"critical",
"high",
"medium",
"low",
"informational"
]
},
"data_pattern_name": {
"type": "string",
"description": "Name of the data pattern that triggered the incident."
},
"data_pattern_id": {
"type": "string",
"description": "Identifier of the data pattern that triggered the incident."
},
"match_count": {
"type": "int32",
"description": "Number of data pattern matches in the content."
},
"channel": {
"type": "string",
"description": "Channel where the data exposure was detected.",
"enum": [
"web",
"ssl",
"saas",
"email",
"endpoint"
]
},
"user": {
"type": "string",
"description": "Email address or username of the user involved."
},
"timestamp": {
"type": "datetime",
"description": "Timestamp when the incident was detected."
},
"application": {
"type": "string",
"description": "Application associated with the incident."
},
"file_name": {
"type": "string",
"description": "Name of the file containing sensitive data."
},
"file_type": {
"type": "string",
"description": "MIME type of the file."
},
"file_size": {
"type": "int32",
"description": "Size of the file in bytes."
},
"direction": {
"type": "string",
"description": "Direction of data movement.",
"enum": [
"upload",
"download",
"internal"
]
},
"action_taken": {
"type": "string",
"description": "Automated action taken on the incident.",
"enum": [
"alert",
"block",
"quarantine",
"encrypt"
]
},
"reviewer_comments": {
"type": "string",
"description": "Comments added by the reviewing analyst."
},
"reviewed_by": {
"type": "string",
"description": "Email address of the analyst who reviewed the incident."
},
"reviewed_at": {
"type": "datetime",
"description": "Timestamp when the incident was last reviewed."
}
}
}