Sophos · Schema

Sophos Alert

Schema for a security alert from the Sophos Central SIEM API

CybersecurityEndpoint ProtectionSecuritySIEMThreat DetectionIncident Response

Properties

Name Type Description
id string Unique identifier for the alert
when string Timestamp when the alert was raised
severity string Severity level of the alert
category string Category of the alert
description string Human-readable description of the alert
customer_id string Customer identifier
tenant_id string Tenant identifier
location string Location or device associated with the alert
source string Source system that generated the alert
threat string Name of the threat if applicable
endpoint_id string Identifier of the affected endpoint
endpoint_type string Type of affected endpoint
View JSON Schema on GitHub

JSON Schema

sophos-alert-schema.json Raw ↑ 
{
  "$schema": "http://json-schema.org/draft-07/schema#",
  "$id": "https://raw.githubusercontent.com/api-evangelist/sophos/main/json-schema/sophos-alert-schema.json",
  "title": "Sophos Alert",
  "description": "Schema for a security alert from the Sophos Central SIEM API",
  "type": "object",
  "properties": {
    "id": {
      "type": "string",
      "description": "Unique identifier for the alert"
    },
    "when": {
      "type": "string",
      "format": "date-time",
      "description": "Timestamp when the alert was raised"
    },
    "severity": {
      "type": "string",
      "enum": ["low", "medium", "high"],
      "description": "Severity level of the alert"
    },
    "category": {
      "type": "string",
      "description": "Category of the alert"
    },
    "description": {
      "type": "string",
      "description": "Human-readable description of the alert"
    },
    "customer_id": {
      "type": "string",
      "description": "Customer identifier"
    },
    "tenant_id": {
      "type": "string",
      "description": "Tenant identifier"
    },
    "location": {
      "type": "string",
      "description": "Location or device associated with the alert"
    },
    "source": {
      "type": "string",
      "description": "Source system that generated the alert"
    },
    "threat": {
      "type": "string",
      "description": "Name of the threat if applicable"
    },
    "endpoint_id": {
      "type": "string",
      "description": "Identifier of the affected endpoint"
    },
    "endpoint_type": {
      "type": "string",
      "description": "Type of affected endpoint"
    }
  },
  "required": ["id", "when", "severity"]
}