{ "$schema": "https://json-structure.org/meta/core/v0/#", "$id": "https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-structure/dlp-api-incident-summary-structure.json", "name": "IncidentSummary", "description": "IncidentSummary schema from Palo Alto Networks Enterprise DLP API", "type": "object", "properties": { "total_incidents": { "type": "int32", "description": "Total number of incidents in the reporting period." }, "open_incidents": { "type": "int32", "description": "Number of incidents still in open status." }, "resolved_incidents": { "type": "int32", "description": "Number of resolved incidents." }, "by_severity": { "type": "object", "description": "Incident count breakdown by severity.", "properties": { "critical": { "type": "int32" }, "high": { "type": "int32" }, "medium": { "type": "int32" }, "low": { "type": "int32" }, "informational": { "type": "int32" } } }, "by_channel": { "type": "object", "description": "Incident count breakdown by detection channel.", "properties": { "web": { "type": "int32" }, "ssl": { "type": "int32" }, "saas": { "type": "int32" }, "email": { "type": "int32" }, "endpoint": { "type": "int32" } } }, "top_data_patterns": { "type": "array", "description": "Most frequently triggered data patterns.", "items": { "type": "object", "properties": { "pattern_name": { "type": "string" }, "incident_count": { "type": "int32" } } } }, "top_users": { "type": "array", "description": "Users with the most incidents.", "items": { "type": "object", "properties": { "user": { "type": "string" }, "incident_count": { "type": "int32" } } } }, "reporting_period": { "type": "object", "description": "Time range for the summary report.", "properties": { "start_time": { "type": "datetime" }, "end_time": { "type": "datetime" } } } } }