{ "@context": { "@version": 1.1, "pan": "https://pan.dev/schema/", "schema": "https://schema.org/", "dcterms": "http://purl.org/dc/terms/", "xsd": "http://www.w3.org/2001/XMLSchema#", "sec": "https://w3id.org/security#", "owl": "http://www.w3.org/2002/07/owl#", "skos": "http://www.w3.org/2004/02/skos/core#", "SecurityIncident": { "@id": "pan:SecurityIncident", "@type": "@id", "skos:closeMatch": "schema:Event", "dcterms:description": "A correlated collection of security alerts representing a potential threat or attack campaign detected across endpoints, networks, or cloud environments." }, "FirewallPolicy": { "@id": "pan:FirewallPolicy", "@type": "@id", "skos:closeMatch": "sec:Policy", "dcterms:description": "A PAN-OS security policy rule defining traffic enforcement criteria including source zones, destination zones, applications, services, and the enforcement action applied to matching sessions." }, "ThreatSignature": { "@id": "pan:ThreatSignature", "@type": "@id", "skos:relatedMatch": "sec:Signature", "dcterms:description": "A Palo Alto Networks threat prevention signature used to detect and block exploitation of known vulnerabilities, malware, spyware, command-and-control traffic, and other threat patterns." }, "NetworkDevice": { "@id": "pan:NetworkDevice", "@type": "@id", "skos:exactMatch": "schema:Device", "dcterms:description": "A Palo Alto Networks next-generation firewall, Prisma Access node, or other network security appliance managing and enforcing security policy on network traffic." }, "VulnerabilityAssessment": { "@id": "pan:VulnerabilityAssessment", "@type": "@id", "skos:closeMatch": "schema:Report", "dcterms:description": "An assessment of a security vulnerability affecting Palo Alto Networks products, including CVSS scoring, affected version ranges, exploitation status, and available remediations as published by the Palo Alto Networks PSIRT." }, "CloudAccount": { "@id": "pan:CloudAccount", "@type": "@id", "skos:closeMatch": "schema:Organization", "dcterms:description": "A cloud service provider account, subscription, or project onboarded into Prisma Cloud for security posture monitoring. Represents an AWS account, Azure subscription, GCP project, OCI tenancy, or Alibaba Cloud account." }, "SecurityAlert": { "@id": "pan:SecurityAlert", "@type": "@id", "skos:relatedMatch": "schema:AlertAction", "dcterms:description": "A security event notification generated by Prisma Cloud for a policy violation, by Cortex XDR for a detection, or by other Palo Alto Networks products indicating suspicious or malicious activity requiring investigation." }, "DataLossEvent": { "@id": "pan:DataLossEvent", "@type": "@id", "skos:closeMatch": "schema:Event", "dcterms:description": "An event indicating that sensitive data has been exposed, exfiltrated, or otherwise disclosed without authorization. Detected by Prisma Cloud data security policies or Cortex XDR data loss prevention capabilities." }, "name": { "@id": "schema:name", "@type": "xsd:string" }, "description": { "@id": "dcterms:description", "@type": "xsd:string" }, "identifier": { "@id": "dcterms:identifier", "@type": "xsd:string" }, "url": { "@id": "schema:url", "@type": "@id" }, "datePublished": { "@id": "dcterms:issued", "@type": "xsd:dateTime" }, "dateModified": { "@id": "dcterms:modified", "@type": "xsd:dateTime" }, "dateCreated": { "@id": "dcterms:created", "@type": "xsd:dateTime" }, "creator": { "@id": "dcterms:creator", "@type": "@id" }, "severity": { "@id": "pan:severity", "@type": "xsd:string" }, "status": { "@id": "pan:status", "@type": "xsd:string" }, "action": { "@id": "pan:action", "@type": "xsd:string" }, "category": { "@id": "dcterms:type", "@type": "xsd:string" }, "incidentId": { "@id": "pan:incidentId", "@type": "xsd:string" }, "alertId": { "@id": "pan:alertId", "@type": "xsd:string" }, "alertCount": { "@id": "pan:alertCount", "@type": "xsd:integer" }, "alertSources": { "@id": "pan:alertSources", "@type": "xsd:string" }, "assignedTo": { "@id": "pan:assignedTo", "@type": "xsd:string" }, "detectionSource": { "@id": "pan:detectionSource", "@type": "xsd:string" }, "resolutionComment": { "@id": "pan:resolutionComment", "@type": "xsd:string" }, "policyId": { "@id": "pan:policyId", "@type": "xsd:string" }, "policyName": { "@id": "pan:policyName", "@type": "xsd:string" }, "policyType": { "@id": "pan:policyType", "@type": "xsd:string" }, "sourceZone": { "@id": "pan:sourceZone", "@type": "xsd:string" }, "destinationZone": { "@id": "pan:destinationZone", "@type": "xsd:string" }, "sourceAddress": { "@id": "pan:sourceAddress", "@type": "xsd:string" }, "destinationAddress": { "@id": "pan:destinationAddress", "@type": "xsd:string" }, "application": { "@id": "pan:application", "@type": "xsd:string" }, "ruleAction": { "@id": "pan:ruleAction", "@type": "xsd:string" }, "signatureId": { "@id": "pan:signatureId", "@type": "xsd:string" }, "signatureType": { "@id": "pan:signatureType", "@type": "xsd:string" }, "threatName": { "@id": "pan:threatName", "@type": "xsd:string" }, "threatId": { "@id": "pan:threatId", "@type": "xsd:string" }, "verdict": { "@id": "pan:verdict", "@type": "xsd:string" }, "sha256": { "@id": "pan:sha256", "@type": "xsd:string" }, "malwareFamily": { "@id": "pan:malwareFamily", "@type": "xsd:string" }, "serialNumber": { "@id": "pan:serialNumber", "@type": "xsd:string" }, "deviceName": { "@id": "pan:deviceName", "@type": "xsd:string" }, "deviceModel": { "@id": "schema:model", "@type": "xsd:string" }, "deviceIp": { "@id": "pan:deviceIp", "@type": "xsd:string" }, "softwareVersion": { "@id": "schema:softwareVersion", "@type": "xsd:string" }, "cveId": { "@id": "pan:cveId", "@type": "xsd:string" }, "cvssScore": { "@id": "pan:cvssScore", "@type": "xsd:decimal" }, "cvssVector": { "@id": "pan:cvssVector", "@type": "xsd:string" }, "affectedProduct": { "@id": "pan:affectedProduct", "@type": "@id" }, "fixedVersion": { "@id": "pan:fixedVersion", "@type": "xsd:string" }, "exploitStatus": { "@id": "pan:exploitStatus", "@type": "xsd:string" }, "cloudType": { "@id": "pan:cloudType", "@type": "xsd:string" }, "accountId": { "@id": "pan:accountId", "@type": "xsd:string" }, "accountName": { "@id": "pan:accountName", "@type": "xsd:string" }, "resourceId": { "@id": "pan:resourceId", "@type": "xsd:string" }, "resourceType": { "@id": "pan:resourceType", "@type": "xsd:string" }, "region": { "@id": "pan:region", "@type": "xsd:string" }, "complianceStandard": { "@id": "pan:complianceStandard", "@type": "xsd:string" }, "dataClassification": { "@id": "pan:dataClassification", "@type": "xsd:string" }, "exposureType": { "@id": "pan:exposureType", "@type": "xsd:string" }, "dataStore": { "@id": "pan:dataStore", "@type": "xsd:string" }, "relatedIncident": { "@id": "pan:relatedIncident", "@type": "@id" }, "relatedAlert": { "@id": "pan:relatedAlert", "@type": "@id" }, "relatedPolicy": { "@id": "pan:relatedPolicy", "@type": "@id" }, "affectsResource": { "@id": "pan:affectsResource", "@type": "@id" }, "detectedBy": { "@id": "pan:detectedBy", "@type": "@id" }, "mitigatedBy": { "@id": "pan:mitigatedBy", "@type": "@id" }, "partOf": { "@id": "dcterms:isPartOf", "@type": "@id" }, "enforcedBy": { "@id": "pan:enforcedBy", "@type": "@id" } } }