| id |
string |
Unique incident identifier. |
| title |
string |
Summary title of the incident. |
| description |
string |
Detailed description of the security incident. |
| status |
string |
Current incident status. |
| severity |
string |
Incident severity level. |
| app_id |
string |
ID of the SaaS application where the incident occurred. |
| app_name |
string |
Name of the SaaS application. |
| policy_name |
string |
Name of the policy that triggered the incident. |
| affected_assets |
array |
IDs of assets involved in the incident. |
| affected_users |
array |
User IDs of users involved in the incident. |
| assignee_id |
string |
User ID of the assigned analyst. |
| created_at |
string |
Timestamp when the incident was detected. |
| updated_at |
string |
Timestamp of the most recent update. |