Palo Alto Networks · JSON Structure

Dlp Api Incident Summary Structure

IncidentSummary schema from Palo Alto Networks Enterprise DLP API

Type: object Properties: 8
Cloud SecurityCybersecurityFirewallNetwork SecuritySASESOARThreat IntelligenceXDR

IncidentSummary is a JSON Structure definition published by Palo Alto Networks, describing 8 properties. It conforms to the https://json-structure.org/meta/core/v0/# meta-schema.

Properties

total_incidents open_incidents resolved_incidents by_severity by_channel top_data_patterns top_users reporting_period

Meta-schema: https://json-structure.org/meta/core/v0/#

JSON Structure

Raw ↑ 
{
  "$schema": "https://json-structure.org/meta/core/v0/#",
  "$id": "https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-structure/dlp-api-incident-summary-structure.json",
  "name": "IncidentSummary",
  "description": "IncidentSummary schema from Palo Alto Networks Enterprise DLP API",
  "type": "object",
  "properties": {
    "total_incidents": {
      "type": "int32",
      "description": "Total number of incidents in the reporting period."
    },
    "open_incidents": {
      "type": "int32",
      "description": "Number of incidents still in open status."
    },
    "resolved_incidents": {
      "type": "int32",
      "description": "Number of resolved incidents."
    },
    "by_severity": {
      "type": "object",
      "description": "Incident count breakdown by severity.",
      "properties": {
        "critical": {
          "type": "int32"
        },
        "high": {
          "type": "int32"
        },
        "medium": {
          "type": "int32"
        },
        "low": {
          "type": "int32"
        },
        "informational": {
          "type": "int32"
        }
      }
    },
    "by_channel": {
      "type": "object",
      "description": "Incident count breakdown by detection channel.",
      "properties": {
        "web": {
          "type": "int32"
        },
        "ssl": {
          "type": "int32"
        },
        "saas": {
          "type": "int32"
        },
        "email": {
          "type": "int32"
        },
        "endpoint": {
          "type": "int32"
        }
      }
    },
    "top_data_patterns": {
      "type": "array",
      "description": "Most frequently triggered data patterns.",
      "items": {
        "type": "object",
        "properties": {
          "pattern_name": {
            "type": "string"
          },
          "incident_count": {
            "type": "int32"
          }
        }
      }
    },
    "top_users": {
      "type": "array",
      "description": "Users with the most incidents.",
      "items": {
        "type": "object",
        "properties": {
          "user": {
            "type": "string"
          },
          "incident_count": {
            "type": "int32"
          }
        }
      }
    },
    "reporting_period": {
      "type": "object",
      "description": "Time range for the summary report.",
      "properties": {
        "start_time": {
          "type": "datetime"
        },
        "end_time": {
          "type": "datetime"
        }
      }
    }
  }
}