Palo Alto Networks · Schema

Alert

Alert schema from Palo Alto Networks Prisma Cloud CSPM API

Cloud SecurityCybersecurityFirewallNetwork SecuritySASESOARThreat IntelligenceXDR

Properties

Name Type Description
id string Unique alert identifier.
status string Current alert status.
reason string Reason for the current alert status.
firstSeen integer Epoch timestamp in milliseconds when the alert was first generated.
lastSeen integer Epoch timestamp in milliseconds when the alert was last seen.
alertTime integer Epoch timestamp in milliseconds of the alert.
policy object Policy that generated this alert.
resource object Cloud resource associated with the alert.
riskDetail object
View JSON Schema on GitHub

JSON Schema

prisma-cloud-cspm-api-alert-schema.json Raw ↑ 
{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "title": "Alert",
  "description": "Alert schema from Palo Alto Networks Prisma Cloud CSPM API",
  "$id": "https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-schema/prisma-cloud-cspm-api-alert-schema.json",
  "type": "object",
  "properties": {
    "id": {
      "type": "string",
      "description": "Unique alert identifier."
    },
    "status": {
      "type": "string",
      "enum": [
        "open",
        "dismissed",
        "snoozed",
        "resolved"
      ],
      "description": "Current alert status."
    },
    "reason": {
      "type": "string",
      "description": "Reason for the current alert status."
    },
    "firstSeen": {
      "type": "integer",
      "description": "Epoch timestamp in milliseconds when the alert was first generated."
    },
    "lastSeen": {
      "type": "integer",
      "description": "Epoch timestamp in milliseconds when the alert was last seen."
    },
    "alertTime": {
      "type": "integer",
      "description": "Epoch timestamp in milliseconds of the alert."
    },
    "policy": {
      "type": "object",
      "properties": {
        "policyId": {
          "type": "string"
        },
        "policyType": {
          "type": "string"
        },
        "name": {
          "type": "string"
        },
        "severity": {
          "type": "string",
          "enum": [
            "critical",
            "high",
            "medium",
            "low",
            "informational"
          ]
        },
        "recommendation": {
          "type": "string"
        }
      },
      "description": "Policy that generated this alert."
    },
    "resource": {
      "type": "object",
      "properties": {
        "rrn": {
          "type": "string",
          "description": "Prisma Cloud Resource RRN."
        },
        "id": {
          "type": "string"
        },
        "name": {
          "type": "string"
        },
        "cloudType": {
          "type": "string"
        },
        "accountId": {
          "type": "string"
        },
        "accountName": {
          "type": "string"
        },
        "regionId": {
          "type": "string"
        },
        "resourceType": {
          "type": "string"
        }
      },
      "description": "Cloud resource associated with the alert."
    },
    "riskDetail": {
      "type": "object",
      "properties": {
        "score": {
          "type": "integer"
        },
        "rating": {
          "type": "string"
        }
      }
    }
  }
}