IncidentSummary

IncidentSummary schema from Palo Alto Networks Enterprise DLP API

Cloud SecurityCybersecurityFirewallNetwork SecuritySASESOARThreat IntelligenceXDR

Properties

Name	Type	Description
total_incidents	integer	Total number of incidents in the reporting period.
open_incidents	integer	Number of incidents still in open status.
resolved_incidents	integer	Number of resolved incidents.
by_severity	object	Incident count breakdown by severity.
by_channel	object	Incident count breakdown by detection channel.
top_data_patterns	array	Most frequently triggered data patterns.
top_users	array	Users with the most incidents.
reporting_period	object	Time range for the summary report.

View JSON Schema on GitHub

JSON Schema

{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "title": "IncidentSummary",
  "description": "IncidentSummary schema from Palo Alto Networks Enterprise DLP API",
  "$id": "https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-schema/dlp-api-incident-summary-schema.json",
  "type": "object",
  "properties": {
    "total_incidents": {
      "type": "integer",
      "description": "Total number of incidents in the reporting period."
    },
    "open_incidents": {
      "type": "integer",
      "description": "Number of incidents still in open status."
    },
    "resolved_incidents": {
      "type": "integer",
      "description": "Number of resolved incidents."
    },
    "by_severity": {
      "type": "object",
      "properties": {
        "critical": {
          "type": "integer"
        },
        "high": {
          "type": "integer"
        },
        "medium": {
          "type": "integer"
        },
        "low": {
          "type": "integer"
        },
        "informational": {
          "type": "integer"
        }
      },
      "description": "Incident count breakdown by severity."
    },
    "by_channel": {
      "type": "object",
      "properties": {
        "web": {
          "type": "integer"
        },
        "ssl": {
          "type": "integer"
        },
        "saas": {
          "type": "integer"
        },
        "email": {
          "type": "integer"
        },
        "endpoint": {
          "type": "integer"
        }
      },
      "description": "Incident count breakdown by detection channel."
    },
    "top_data_patterns": {
      "type": "array",
      "items": {
        "type": "object",
        "properties": {
          "pattern_name": {
            "type": "string"
          },
          "incident_count": {
            "type": "integer"
          }
        }
      },
      "description": "Most frequently triggered data patterns."
    },
    "top_users": {
      "type": "array",
      "items": {
        "type": "object",
        "properties": {
          "user": {
            "type": "string"
          },
          "incident_count": {
            "type": "integer"
          }
        }
      },
      "description": "Users with the most incidents."
    },
    "reporting_period": {
      "type": "object",
      "properties": {
        "start_time": {
          "type": "string",
          "format": "date-time"
        },
        "end_time": {
          "type": "string",
          "format": "date-time"
        }
      },
      "description": "Time range for the summary report."
    }
  }
}