Sophos · Schema

Sophos Event

Schema for a security event from the Sophos Central SIEM API

CybersecurityEndpoint ProtectionSecuritySIEMThreat DetectionIncident Response

Properties

Name Type Description
id string Unique identifier for the event
when string Timestamp when the event occurred
type string Type of security event
category string Category of the event
description string Human-readable description of the event
customer_id string Customer identifier
tenant_id string Tenant identifier
location string Location or device associated with the event
source string Source system that generated the event
endpoint_id string Identifier of the affected endpoint
endpoint_type string Type of affected endpoint
severity string Severity level
View JSON Schema on GitHub

JSON Schema

sophos-event-schema.json Raw ↑ 
{
  "$schema": "http://json-schema.org/draft-07/schema#",
  "$id": "https://raw.githubusercontent.com/api-evangelist/sophos/main/json-schema/sophos-event-schema.json",
  "title": "Sophos Event",
  "description": "Schema for a security event from the Sophos Central SIEM API",
  "type": "object",
  "properties": {
    "id": {
      "type": "string",
      "description": "Unique identifier for the event"
    },
    "when": {
      "type": "string",
      "format": "date-time",
      "description": "Timestamp when the event occurred"
    },
    "type": {
      "type": "string",
      "description": "Type of security event"
    },
    "category": {
      "type": "string",
      "description": "Category of the event"
    },
    "description": {
      "type": "string",
      "description": "Human-readable description of the event"
    },
    "customer_id": {
      "type": "string",
      "description": "Customer identifier"
    },
    "tenant_id": {
      "type": "string",
      "description": "Tenant identifier"
    },
    "location": {
      "type": "string",
      "description": "Location or device associated with the event"
    },
    "source": {
      "type": "string",
      "description": "Source system that generated the event"
    },
    "endpoint_id": {
      "type": "string",
      "description": "Identifier of the affected endpoint"
    },
    "endpoint_type": {
      "type": "string",
      "description": "Type of affected endpoint"
    },
    "severity": {
      "type": "string",
      "enum": ["low", "medium", "high"],
      "description": "Severity level"
    }
  },
  "required": ["id", "when", "type"]
}