Palo Alto Networks · JSON Structure

Sase Notifications Incident Detail Structure

Detailed information about a SASE security incident for enrichment and correlation.

Type: object Properties: 9
Cloud SecurityCybersecurityFirewallNetwork SecuritySASESOARThreat IntelligenceXDR

IncidentDetail is a JSON Structure definition published by Palo Alto Networks, describing 9 properties. It conforms to the https://json-structure.org/meta/core/v0/# meta-schema.

Properties

incidentId type severity title description tsg_id category detectionSource timestamp

Meta-schema: https://json-structure.org/meta/core/v0/#

JSON Structure

Raw ↑ 
{
  "$schema": "https://json-structure.org/meta/core/v0/#",
  "$id": "https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-structure/sase-notifications-incident-detail-structure.json",
  "name": "IncidentDetail",
  "description": "Detailed information about a SASE security incident for enrichment and correlation.",
  "type": "object",
  "properties": {
    "incidentId": {
      "type": "string",
      "description": "Unique incident identifier."
    },
    "type": {
      "type": "string",
      "description": "Incident type classification."
    },
    "severity": {
      "type": "string",
      "enum": [
        "informational",
        "low",
        "medium",
        "high",
        "critical"
      ]
    },
    "title": {
      "type": "string",
      "description": "Incident title."
    },
    "description": {
      "type": "string",
      "description": "Incident description."
    },
    "tsg_id": {
      "type": "string",
      "description": "Tenant Service Group identifier."
    },
    "category": {
      "type": "string",
      "description": "Incident category."
    },
    "detectionSource": {
      "type": "string",
      "description": "Source of the incident detection."
    },
    "timestamp": {
      "type": "datetime"
    }
  }
}