{ "$schema": "https://json-schema.org/draft/2020-12/schema", "title": "IncidentNotification", "description": "IncidentNotification schema from SASE Multitenant Notifications", "$id": "https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-schema/sase-notifications-incident-notification-schema.json", "type": "object", "properties": { "notificationId": { "type": "string", "description": "Unique identifier for this notification delivery." }, "type": { "type": "string", "enum": [ "incident" ], "description": "Notification type identifier." }, "tsg_id": { "type": "string", "description": "Tenant Service Group identifier indicating which tenant context the incident belongs to." }, "severity": { "type": "string", "enum": [ "informational", "low", "medium", "high", "critical" ], "description": "Severity classification of the security incident." }, "title": { "type": "string", "description": "Brief title summarizing the incident." }, "description": { "type": "string", "description": "Detailed description of the incident including affected resources, detection context, and recommended actions." }, "timestamp": { "type": "string", "format": "date-time", "description": "Timestamp when the incident was detected." }, "category": { "type": "string", "description": "Incident category such as threat, policy_violation, anomaly, or data_loss." }, "affectedResources": { "type": "array", "description": "List of resources affected by the incident.", "items": { "type": "object", "properties": { "resourceType": { "type": "string", "description": "Type of affected resource." }, "resourceId": { "type": "string", "description": "Identifier of the affected resource." } } } }, "callbackUrl": { "type": "string", "format": "uri", "description": "Direct link to the incident in the SASE management console." } } }