{
  "$schema": "https://json-structure.org/meta/core/v0/#",
  "$id": "https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-structure/prisma-cloud-dspm-api-data-risk-structure.json",
  "name": "DataRisk",
  "description": "DataRisk schema from Palo Alto Networks Prisma Cloud DSPM API",
  "type": "object",
  "properties": {
    "id": {
      "type": "string",
      "description": "Unique risk identifier."
    },
    "title": {
      "type": "string",
      "description": "Short description of the risk."
    },
    "description": {
      "type": "string",
      "description": "Detailed explanation of the risk and its potential impact."
    },
    "riskLevel": {
      "type": "string",
      "description": "Severity of the risk.",
      "enum": [
        "critical",
        "high",
        "medium",
        "low"
      ]
    },
    "riskCategory": {
      "type": "string",
      "description": "Category of the data security risk.",
      "enum": [
        "publicExposure",
        "encryptionMissing",
        "excessivePermissions",
        "dataResidency",
        "auditLogging",
        "backupMissing",
        "crossAccountAccess",
        "sensitiveDataExposure"
      ]
    },
    "status": {
      "type": "string",
      "description": "Current status of the risk.",
      "enum": [
        "open",
        "remediated",
        "suppressed",
        "acknowledged"
      ]
    },
    "dataStoreId": {
      "type": "string",
      "description": "Data store where the risk was identified."
    },
    "dataStoreName": {
      "type": "string",
      "description": "Name of the affected data store."
    },
    "cloudProvider": {
      "type": "string",
      "description": "Cloud provider of the affected data store.",
      "enum": [
        "aws",
        "azure",
        "gcp"
      ]
    },
    "cloudAccountId": {
      "type": "string",
      "description": "Cloud account ID of the affected data store."
    },
    "region": {
      "type": "string",
      "description": "Cloud region of the affected data store."
    },
    "affectedClassifications": {
      "type": "array",
      "description": "Classification labels of sensitive data at risk.",
      "items": {
        "type": "string"
      }
    },
    "affectedDataAssetCount": {
      "type": "int32",
      "description": "Number of data assets affected by this risk."
    },
    "remediation": {
      "type": "object",
      "description": "Recommended remediation steps.",
      "properties": {
        "description": {
          "type": "string",
          "description": "Human-readable description of the recommended remediation."
        },
        "steps": {
          "type": "array",
          "description": "Step-by-step remediation instructions.",
          "items": {
            "type": "string"
          }
        },
        "automatedRemediationAvailable": {
          "type": "boolean",
          "description": "Whether automated remediation is available."
        }
      }
    },
    "detectedAt": {
      "type": "datetime",
      "description": "Timestamp when the risk was first detected."
    },
    "lastEvaluatedAt": {
      "type": "datetime",
      "description": "Timestamp of the most recent risk evaluation."
    }
  }
}