Palo Alto Networks · Schema
Incident
A Cortex XDR incident grouping related alerts.
Cloud SecurityCybersecurityFirewallNetwork SecuritySASESOARThreat IntelligenceXDR
Properties
| Name | Type | Description |
|---|---|---|
| incident_id | string | |
| incident_name | string | |
| description | string | |
| status | string | |
| severity | string | |
| assigned_user_mail | string | |
| assigned_user_pretty_name | string | |
| alert_count | integer | |
| low_severity_alert_count | integer | |
| med_severity_alert_count | integer | |
| high_severity_alert_count | integer | |
| critical_severity_alert_count | integer | |
| user_count | integer | |
| host_count | integer | |
| creation_time | integer | Incident creation timestamp as Unix epoch milliseconds. |
| modification_time | integer | Last modification timestamp as Unix epoch milliseconds. |
| detection_time | integer | |
| starred | boolean | |
| xdr_url | string | Direct URL to the incident in the XDR console. |
| rule_based_score | integer | |
| manual_score | integer |