Palo Alto Networks · Schema

Incident

A XSIAM incident correlating related alerts into a unified investigation.

Cloud SecurityCybersecurityFirewallNetwork SecuritySASESOARThreat IntelligenceXDR

Properties

Name Type Description
incident_id string
incident_name string
description string
status string
severity string
assigned_user_mail string
assigned_user_pretty_name string
alert_count integer
creation_time integer Creation timestamp as Unix epoch milliseconds.
modification_time integer
detection_time integer
starred boolean
xdr_url string
mitre_tactics_ids_and_names array
mitre_techniques_ids_and_names array
View JSON Schema on GitHub

JSON Schema

cortex-xsiam-api-incident-schema.json Raw ↑ 
{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "title": "Incident",
  "description": "A XSIAM incident correlating related alerts into a unified investigation.",
  "$id": "https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-schema/cortex-xsiam-api-incident-schema.json",
  "type": "object",
  "properties": {
    "incident_id": {
      "type": "string"
    },
    "incident_name": {
      "type": "string"
    },
    "description": {
      "type": "string"
    },
    "status": {
      "type": "string",
      "enum": [
        "new",
        "under_investigation",
        "resolved_threat_handled",
        "resolved_known_issue",
        "resolved_duplicate",
        "resolved_false_positive",
        "resolved_other"
      ]
    },
    "severity": {
      "type": "string",
      "enum": [
        "critical",
        "high",
        "medium",
        "low",
        "informational",
        "unknown"
      ]
    },
    "assigned_user_mail": {
      "type": "string"
    },
    "assigned_user_pretty_name": {
      "type": "string"
    },
    "alert_count": {
      "type": "integer"
    },
    "creation_time": {
      "type": "integer",
      "description": "Creation timestamp as Unix epoch milliseconds."
    },
    "modification_time": {
      "type": "integer"
    },
    "detection_time": {
      "type": "integer"
    },
    "starred": {
      "type": "boolean"
    },
    "xdr_url": {
      "type": "string"
    },
    "mitre_tactics_ids_and_names": {
      "type": "array",
      "items": {
        "type": "string"
      }
    },
    "mitre_techniques_ids_and_names": {
      "type": "array",
      "items": {
        "type": "string"
      }
    }
  }
}