Palo Alto Networks · Schema

DataSecurityAlert

DataSecurityAlert schema from Palo Alto Networks Prisma Cloud DSPM API

Cloud SecurityCybersecurityFirewallNetwork SecuritySASESOARThreat IntelligenceXDR

Properties

Name Type Description
id string Unique alert identifier.
title string Short description of the alert condition.
description string Detailed alert description.
severity string Alert severity level.
status string Current alert status.
alertType string Category of data security alert.
dataStoreId string Affected data store identifier.
dataStoreName string Name of the affected data store.
cloudProvider string Cloud provider of the affected data store.
cloudAccountId string Cloud account identifier.
region string Cloud region of the affected data store.
affectedClassifications array Data classification labels involved in the alert.
detectedAt string Timestamp when the alert was generated.
resolvedAt string Timestamp when the alert was resolved. Null if still open.
View JSON Schema on GitHub

JSON Schema

prisma-cloud-dspm-api-data-security-alert-schema.json Raw ↑ 
{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "title": "DataSecurityAlert",
  "description": "DataSecurityAlert schema from Palo Alto Networks Prisma Cloud DSPM API",
  "$id": "https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-schema/prisma-cloud-dspm-api-data-security-alert-schema.json",
  "type": "object",
  "properties": {
    "id": {
      "type": "string",
      "description": "Unique alert identifier."
    },
    "title": {
      "type": "string",
      "description": "Short description of the alert condition."
    },
    "description": {
      "type": "string",
      "description": "Detailed alert description."
    },
    "severity": {
      "type": "string",
      "enum": [
        "critical",
        "high",
        "medium",
        "low"
      ],
      "description": "Alert severity level."
    },
    "status": {
      "type": "string",
      "enum": [
        "open",
        "dismissed",
        "resolved"
      ],
      "description": "Current alert status."
    },
    "alertType": {
      "type": "string",
      "description": "Category of data security alert.",
      "enum": [
        "newPublicDataStore",
        "newSensitiveData",
        "accessAnomaly",
        "policyViolation",
        "dataExfiltration"
      ]
    },
    "dataStoreId": {
      "type": "string",
      "description": "Affected data store identifier."
    },
    "dataStoreName": {
      "type": "string",
      "description": "Name of the affected data store."
    },
    "cloudProvider": {
      "type": "string",
      "enum": [
        "aws",
        "azure",
        "gcp"
      ],
      "description": "Cloud provider of the affected data store."
    },
    "cloudAccountId": {
      "type": "string",
      "description": "Cloud account identifier."
    },
    "region": {
      "type": "string",
      "description": "Cloud region of the affected data store."
    },
    "affectedClassifications": {
      "type": "array",
      "items": {
        "type": "string"
      },
      "description": "Data classification labels involved in the alert."
    },
    "detectedAt": {
      "type": "string",
      "format": "date-time",
      "description": "Timestamp when the alert was generated."
    },
    "resolvedAt": {
      "type": "string",
      "format": "date-time",
      "description": "Timestamp when the alert was resolved. Null if still open."
    }
  }
}