Palo Alto Networks · JSON Structure

Sase Notifications Incident Notification Structure

IncidentNotification schema from SASE Multitenant Notifications

Type: object Properties: 10
Cloud SecurityCybersecurityFirewallNetwork SecuritySASESOARThreat IntelligenceXDR

IncidentNotification is a JSON Structure definition published by Palo Alto Networks, describing 10 properties. It conforms to the https://json-structure.org/meta/core/v0/# meta-schema.

Properties

notificationId type tsg_id severity title description timestamp category affectedResources callbackUrl

Meta-schema: https://json-structure.org/meta/core/v0/#

JSON Structure

Raw ↑ 
{
  "$schema": "https://json-structure.org/meta/core/v0/#",
  "$id": "https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-structure/sase-notifications-incident-notification-structure.json",
  "name": "IncidentNotification",
  "description": "IncidentNotification schema from SASE Multitenant Notifications",
  "type": "object",
  "properties": {
    "notificationId": {
      "type": "string",
      "description": "Unique identifier for this notification delivery."
    },
    "type": {
      "type": "string",
      "description": "Notification type identifier.",
      "enum": [
        "incident"
      ]
    },
    "tsg_id": {
      "type": "string",
      "description": "Tenant Service Group identifier indicating which tenant context the incident belongs to."
    },
    "severity": {
      "type": "string",
      "description": "Severity classification of the security incident.",
      "enum": [
        "informational",
        "low",
        "medium",
        "high",
        "critical"
      ]
    },
    "title": {
      "type": "string",
      "description": "Brief title summarizing the incident."
    },
    "description": {
      "type": "string",
      "description": "Detailed description of the incident including affected resources, detection context, and recommended actions."
    },
    "timestamp": {
      "type": "datetime",
      "description": "Timestamp when the incident was detected."
    },
    "category": {
      "type": "string",
      "description": "Incident category such as threat, policy_violation, anomaly, or data_loss."
    },
    "affectedResources": {
      "type": "array",
      "description": "List of resources affected by the incident.",
      "items": {
        "type": "object",
        "properties": {
          "resourceType": {
            "type": "string",
            "description": "Type of affected resource."
          },
          "resourceId": {
            "type": "string",
            "description": "Identifier of the affected resource."
          }
        }
      }
    },
    "callbackUrl": {
      "type": "uri",
      "description": "Direct link to the incident in the SASE management console."
    }
  }
}