SaaS Alerts · Schema

SaaS Alerts Security Alert

Schema for a SaaS Alerts security alert generated by anomalous behavior detection

MSPSaaS SecuritySecurity MonitoringThreat DetectionMicrosoft 365Google WorkspaceMSSP

Properties

Name Type Description
alertId string Unique alert identifier
alertStatus string Alert severity level
title string Alert title
description string Detailed alert description and context
customerId string Affected customer identifier
customerName string Affected customer organization name
application string Affected SaaS application
userId string Affected user identifier
resolved boolean Whether the alert has been resolved
createdAt string Alert creation timestamp
resolvedAt stringnull Alert resolution timestamp, null if not yet resolved
relatedEvents array List of event IDs that triggered this alert
View JSON Schema on GitHub

JSON Schema

saas-alerts-alert-schema.json Raw ↑ 
{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "$id": "https://raw.githubusercontent.com/api-evangelist/saas-alerts/refs/heads/main/json-schema/saas-alerts-alert-schema.json",
  "title": "SaaS Alerts Security Alert",
  "description": "Schema for a SaaS Alerts security alert generated by anomalous behavior detection",
  "type": "object",
  "properties": {
    "alertId": {
      "type": "string",
      "description": "Unique alert identifier",
      "example": "alert_9876543210"
    },
    "alertStatus": {
      "type": "string",
      "description": "Alert severity level",
      "enum": ["low", "medium", "critical"],
      "example": "critical"
    },
    "title": {
      "type": "string",
      "description": "Alert title",
      "example": "Multiple Failed Login Attempts Detected"
    },
    "description": {
      "type": "string",
      "description": "Detailed alert description and context"
    },
    "customerId": {
      "type": "string",
      "description": "Affected customer identifier"
    },
    "customerName": {
      "type": "string",
      "description": "Affected customer organization name"
    },
    "application": {
      "type": "string",
      "description": "Affected SaaS application",
      "enum": ["microsoft365", "google_workspace", "salesforce", "slack", "dropbox"]
    },
    "userId": {
      "type": "string",
      "description": "Affected user identifier"
    },
    "resolved": {
      "type": "boolean",
      "description": "Whether the alert has been resolved",
      "example": false
    },
    "createdAt": {
      "type": "string",
      "format": "date-time",
      "description": "Alert creation timestamp"
    },
    "resolvedAt": {
      "type": ["string", "null"],
      "format": "date-time",
      "description": "Alert resolution timestamp, null if not yet resolved"
    },
    "relatedEvents": {
      "type": "array",
      "description": "List of event IDs that triggered this alert",
      "items": {
        "type": "string"
      }
    }
  },
  "required": ["alertId", "alertStatus", "title", "customerId", "application", "userId", "resolved", "createdAt"]
}