Palo Alto Networks · Schema

Investigation

A Cortex XSOAR investigation containing war room entries and playbook state.

Cloud SecurityCybersecurityFirewallNetwork SecuritySASESOARThreat IntelligenceXDR

Properties

Name Type Description
id string
name string
status integer
incidentId string
created string
modified string
entries array
playbookId string
runningPlaybooks array
View JSON Schema on GitHub

JSON Schema

cortex-xsoar-api-investigation-schema.json Raw ↑ 
{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "title": "Investigation",
  "description": "A Cortex XSOAR investigation containing war room entries and playbook state.",
  "$id": "https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-schema/cortex-xsoar-api-investigation-schema.json",
  "type": "object",
  "properties": {
    "id": {
      "type": "string",
      "readOnly": true
    },
    "name": {
      "type": "string"
    },
    "status": {
      "type": "integer"
    },
    "incidentId": {
      "type": "string"
    },
    "created": {
      "type": "string",
      "format": "date-time"
    },
    "modified": {
      "type": "string",
      "format": "date-time"
    },
    "entries": {
      "type": "array",
      "items": {
        "type": "object",
        "description": "A war room entry in a Cortex XSOAR investigation.",
        "properties": {
          "id": {
            "type": "string",
            "readOnly": true
          },
          "investigationId": {
            "type": "string"
          },
          "type": {
            "type": "integer",
            "description": "Entry type: 1 (Note), 2 (Download), 3 (File), 4 (Error), 5 (Pinned), 6 (UserManagement), 7 (Image), 8 (PlaygroundCommand), 9 (PlaybookStatusNote), 10 (Canvas), 11 (Widget), 12 (Summary), 13 (Section), 14 (Table)."
          },
          "user": {
            "type": "string",
            "description": "Username of the user who created the entry."
          },
          "created": {
            "type": "string",
            "format": "date-time"
          },
          "modified": {
            "type": "string",
            "format": "date-time"
          },
          "contents": {
            "type": "string",
            "description": "Entry content text."
          },
          "humanReadable": {
            "type": "string",
            "description": "Human-readable formatted content."
          },
          "tags": {
            "type": "array",
            "items": {
              "type": "string"
            }
          }
        }
      }
    },
    "playbookId": {
      "type": "string"
    },
    "runningPlaybooks": {
      "type": "array",
      "items": {
        "type": "string"
      }
    }
  }
}