{ "$schema": "https://json-structure.org/meta/core/v0/#", "$id": "https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-structure/sase-notifications-incident-notification-structure.json", "name": "IncidentNotification", "description": "IncidentNotification schema from SASE Multitenant Notifications", "type": "object", "properties": { "notificationId": { "type": "string", "description": "Unique identifier for this notification delivery." }, "type": { "type": "string", "description": "Notification type identifier.", "enum": [ "incident" ] }, "tsg_id": { "type": "string", "description": "Tenant Service Group identifier indicating which tenant context the incident belongs to." }, "severity": { "type": "string", "description": "Severity classification of the security incident.", "enum": [ "informational", "low", "medium", "high", "critical" ] }, "title": { "type": "string", "description": "Brief title summarizing the incident." }, "description": { "type": "string", "description": "Detailed description of the incident including affected resources, detection context, and recommended actions." }, "timestamp": { "type": "datetime", "description": "Timestamp when the incident was detected." }, "category": { "type": "string", "description": "Incident category such as threat, policy_violation, anomaly, or data_loss." }, "affectedResources": { "type": "array", "description": "List of resources affected by the incident.", "items": { "type": "object", "properties": { "resourceType": { "type": "string", "description": "Type of affected resource." }, "resourceId": { "type": "string", "description": "Identifier of the affected resource." } } } }, "callbackUrl": { "type": "uri", "description": "Direct link to the incident in the SASE management console." } } }