Palo Alto Networks · Schema
DLPIncident
DLPIncident schema from Palo Alto Networks Enterprise DLP API
Cloud SecurityCybersecurityFirewallNetwork SecuritySASESOARThreat IntelligenceXDR
Properties
| Name | Type | Description |
|---|---|---|
| incident_id | string | Unique incident identifier. |
| status | string | Current incident status. |
| severity | string | Incident severity level. |
| data_pattern_name | string | Name of the data pattern that triggered the incident. |
| data_pattern_id | string | Identifier of the data pattern that triggered the incident. |
| match_count | integer | Number of data pattern matches in the content. |
| channel | string | Channel where the data exposure was detected. |
| user | string | Email address or username of the user involved. |
| timestamp | string | Timestamp when the incident was detected. |
| application | string | Application associated with the incident. |
| file_name | string | Name of the file containing sensitive data. |
| file_type | string | MIME type of the file. |
| file_size | integer | Size of the file in bytes. |
| direction | string | Direction of data movement. |
| action_taken | string | Automated action taken on the incident. |
| reviewer_comments | string | Comments added by the reviewing analyst. |
| reviewed_by | string | Email address of the analyst who reviewed the incident. |
| reviewed_at | string | Timestamp when the incident was last reviewed. |