Palo Alto Networks · Schema

IncidentNotification

IncidentNotification schema from SASE Multitenant Notifications

Cloud SecurityCybersecurityFirewallNetwork SecuritySASESOARThreat IntelligenceXDR

Properties

Name Type Description
notificationId string Unique identifier for this notification delivery.
type string Notification type identifier.
tsg_id string Tenant Service Group identifier indicating which tenant context the incident belongs to.
severity string Severity classification of the security incident.
title string Brief title summarizing the incident.
description string Detailed description of the incident including affected resources, detection context, and recommended actions.
timestamp string Timestamp when the incident was detected.
category string Incident category such as threat, policy_violation, anomaly, or data_loss.
affectedResources array List of resources affected by the incident.
callbackUrl string Direct link to the incident in the SASE management console.
View JSON Schema on GitHub

JSON Schema

sase-notifications-incident-notification-schema.json Raw ↑ 
{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "title": "IncidentNotification",
  "description": "IncidentNotification schema from SASE Multitenant Notifications",
  "$id": "https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-schema/sase-notifications-incident-notification-schema.json",
  "type": "object",
  "properties": {
    "notificationId": {
      "type": "string",
      "description": "Unique identifier for this notification delivery."
    },
    "type": {
      "type": "string",
      "enum": [
        "incident"
      ],
      "description": "Notification type identifier."
    },
    "tsg_id": {
      "type": "string",
      "description": "Tenant Service Group identifier indicating which tenant context the incident belongs to."
    },
    "severity": {
      "type": "string",
      "enum": [
        "informational",
        "low",
        "medium",
        "high",
        "critical"
      ],
      "description": "Severity classification of the security incident."
    },
    "title": {
      "type": "string",
      "description": "Brief title summarizing the incident."
    },
    "description": {
      "type": "string",
      "description": "Detailed description of the incident including affected resources, detection context, and recommended actions."
    },
    "timestamp": {
      "type": "string",
      "format": "date-time",
      "description": "Timestamp when the incident was detected."
    },
    "category": {
      "type": "string",
      "description": "Incident category such as threat, policy_violation, anomaly, or data_loss."
    },
    "affectedResources": {
      "type": "array",
      "description": "List of resources affected by the incident.",
      "items": {
        "type": "object",
        "properties": {
          "resourceType": {
            "type": "string",
            "description": "Type of affected resource."
          },
          "resourceId": {
            "type": "string",
            "description": "Identifier of the affected resource."
          }
        }
      }
    },
    "callbackUrl": {
      "type": "string",
      "format": "uri",
      "description": "Direct link to the incident in the SASE management console."
    }
  }
}