Palo Alto Networks · Schema

Alert

Alert schema from Palo Alto Networks IoT Security API

Cloud SecurityCybersecurityFirewallNetwork SecuritySASESOARThreat IntelligenceXDR

Properties

Name Type Description
id string Unique alert identifier.
type string Alert type classification.
severity string Alert severity level.
description string Human-readable alert description.
deviceid string Identifier of the affected device.
device_ip string IP address of the affected device.
device_profile string Profile of the affected device.
resolved string Whether the alert has been resolved.
resolved_reason string Resolution reason if resolved.
timestamp string Timestamp when the alert was generated.
details object Additional alert-specific details.
View JSON Schema on GitHub

JSON Schema

iot-security-api-alert-schema.json Raw ↑ 
{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "title": "Alert",
  "description": "Alert schema from Palo Alto Networks IoT Security API",
  "$id": "https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-schema/iot-security-api-alert-schema.json",
  "type": "object",
  "properties": {
    "id": {
      "type": "string",
      "description": "Unique alert identifier."
    },
    "type": {
      "type": "string",
      "description": "Alert type classification."
    },
    "severity": {
      "type": "string",
      "enum": [
        "critical",
        "high",
        "medium",
        "low",
        "info"
      ],
      "description": "Alert severity level."
    },
    "description": {
      "type": "string",
      "description": "Human-readable alert description."
    },
    "deviceid": {
      "type": "string",
      "description": "Identifier of the affected device."
    },
    "device_ip": {
      "type": "string",
      "format": "ipv4",
      "description": "IP address of the affected device."
    },
    "device_profile": {
      "type": "string",
      "description": "Profile of the affected device."
    },
    "resolved": {
      "type": "string",
      "enum": [
        "yes",
        "no"
      ],
      "description": "Whether the alert has been resolved."
    },
    "resolved_reason": {
      "type": "string",
      "description": "Resolution reason if resolved."
    },
    "timestamp": {
      "type": "string",
      "format": "date-time",
      "description": "Timestamp when the alert was generated."
    },
    "details": {
      "type": "object",
      "description": "Additional alert-specific details."
    }
  }
}