openapi: 3.1.0 info: title: Palo Alto Networks Prisma Cloud DSPM API description: >- REST API for Prisma Cloud Data Security Posture Management (DSPM) providing programmatic access to data asset discovery, risk assessment, data store inventory, data classification results, DSPM policies, and data security alerts across multi-cloud environments. The API enables visibility into where sensitive data resides, how it is classified, what risks are associated with it, and whether it complies with data governance policies. DSPM automatically discovers data stores in AWS, Azure, and GCP including databases, object storage, file shares, and data warehouses. Authentication requires a JWT token obtained from the Prisma Cloud /login endpoint. version: '1.0' contact: name: Palo Alto Networks Developer Support url: https://pan.dev/ license: name: Proprietary url: https://www.paloaltonetworks.com/legal servers: - url: https://api.prismacloud.io description: Prisma Cloud API (US region 1). - url: https://api2.prismacloud.io description: Prisma Cloud API (US region 2). - url: https://api3.prismacloud.io description: Prisma Cloud API (US region 3). - url: https://api.eu.prismacloud.io description: Prisma Cloud API (EU). - url: https://api.anz.prismacloud.io description: Prisma Cloud API (ANZ). - url: https://api.sg.prismacloud.io description: Prisma Cloud API (Singapore). - url: https://api.ca.prismacloud.io description: Prisma Cloud API (Canada). security: - bearerAuth: [] tags: - name: Alerts description: Data security alert management operations. - name: Classifications description: Data classification results and taxonomy operations. - name: DataAssets description: Data asset discovery and inventory operations. - name: DataStores description: Data store inventory and discovery operations. - name: Policies description: DSPM policy management operations. - name: Risks description: Data security risk identification and management. paths: /dspm/api/v1/data-assets: get: operationId: listDataAssets summary: Palo Alto Networks List Data Assets description: >- Returns a list of individual data assets discovered within cloud data stores. Data assets represent granular data objects such as database tables, columns containing sensitive data, S3 object prefixes, and file share directories. Each asset includes its classification labels and sensitivity level. tags: - DataAssets parameters: - name: offset in: query description: Number of records to skip for pagination. schema: type: integer default: 0 example: 0 - name: limit in: query description: Maximum number of records to return. schema: type: integer default: 25 example: 25 - name: dataStoreId in: query description: Filter assets by parent data store ID. schema: type: string example: '459046' - name: classificationLabel in: query description: Filter by classification label (e.g., PII, PHI, PCI). schema: type: string example: example-classificationLabel - name: sensitivityLevel in: query description: Filter by sensitivity level. schema: type: string enum: - public - internal - confidential - restricted example: restricted - name: search in: query description: Search term to filter by asset name or path. schema: type: string example: example-search - name: sortBy in: query description: Field to sort results by. schema: type: string enum: - name - sensitivityLevel - discoveredAt example: sensitivityLevel - name: sortOrder in: query description: Sort order direction. schema: type: string enum: - asc - desc default: desc example: desc responses: '200': description: Data assets returned successfully. content: application/json: schema: type: object properties: totalCount: type: integer description: Total number of data assets matching filters. dataAssets: type: array items: $ref: '#/components/schemas/DataAsset' examples: ListDataAssets200Example: summary: Default listDataAssets 200 response x-microcks-default: true value: totalCount: 416 dataAssets: - id: example-id dataStoreId: '875945' dataStoreName: Corporate Gateway 15 name: Branch Agent 83 assetType: file path: /api/v1/2a87d6 classificationLabels: &id001 - example-classificationLabels_item sensitivityLevel: internal sampleFindings: &id002 - classificationLabel: example-classificationLabel pattern: example-pattern count: 445 sampleValue: example-sampleValue recordCount: 706 discoveredAt: '2026-12-08T04:17:43Z' lastScannedAt: '2024-11-10T12:02:32Z' - id: example-id dataStoreId: '875945' dataStoreName: Corporate Gateway 15 name: Branch Agent 83 assetType: file path: /api/v1/2a87d6 classificationLabels: *id001 sensitivityLevel: internal sampleFindings: *id002 recordCount: 706 discoveredAt: '2026-12-08T04:17:43Z' lastScannedAt: '2024-11-10T12:02:32Z' '400': $ref: '#/components/responses/BadRequest' '401': $ref: '#/components/responses/Unauthorized' '403': $ref: '#/components/responses/Forbidden' '500': $ref: '#/components/responses/InternalServerError' x-microcks-operation: delay: 0 dispatcher: FALLBACK /dspm/api/v1/data-assets/{id}: get: operationId: getDataAsset summary: Palo Alto Networks Get Data Asset Details description: >- Returns detailed information about a specific data asset including its full classification summary, sample findings, associated data store details, and risk posture. tags: - DataAssets parameters: - name: id in: path required: true description: Unique data asset identifier. schema: type: string example: example-id responses: '200': description: Data asset details returned successfully. content: application/json: schema: $ref: '#/components/schemas/DataAsset' examples: GetDataAsset200Example: summary: Default getDataAsset 200 response x-microcks-default: true value: id: example-id dataStoreId: '875945' dataStoreName: Corporate Gateway 15 name: Branch Agent 83 assetType: file path: /api/v1/2a87d6 classificationLabels: *id001 sensitivityLevel: internal sampleFindings: *id002 recordCount: 706 discoveredAt: '2026-12-08T04:17:43Z' lastScannedAt: '2024-11-10T12:02:32Z' '401': $ref: '#/components/responses/Unauthorized' '403': $ref: '#/components/responses/Forbidden' '404': $ref: '#/components/responses/NotFound' '500': $ref: '#/components/responses/InternalServerError' x-microcks-operation: delay: 0 dispatcher: FALLBACK /dspm/api/v1/risks: get: operationId: listRisks summary: Palo Alto Networks List Data Risks description: >- Returns data security risks identified across all monitored data stores and assets. Risks are generated when sensitive data is found in data stores with insecure configurations such as public access, missing encryption, or excessive permissions. tags: - Risks parameters: - name: offset in: query description: Number of records to skip for pagination. schema: type: integer default: 0 example: 0 - name: limit in: query description: Maximum number of records to return. schema: type: integer default: 25 example: 25 - name: riskLevel in: query description: Filter by risk severity level. schema: type: string enum: - critical - high - medium - low example: medium - name: status in: query description: Filter by risk status. schema: type: string enum: - open - remediated - suppressed - acknowledged example: acknowledged - name: cloudProvider in: query description: Filter by cloud provider. schema: type: string enum: - aws - azure - gcp example: azure - name: search in: query description: Search term to filter by risk title or data store name. schema: type: string example: example-search - name: sortBy in: query description: Field to sort results by. schema: type: string enum: - riskLevel - detectedAt example: detectedAt - name: sortOrder in: query description: Sort order direction. schema: type: string enum: - asc - desc default: desc example: desc responses: '200': description: Data risks returned successfully. content: application/json: schema: type: object properties: totalCount: type: integer description: Total number of data risks matching filters. risks: type: array items: $ref: '#/components/schemas/DataRisk' examples: ListRisks200Example: summary: Default listRisks 200 response x-microcks-default: true value: totalCount: 464 risks: - id: example-id title: Branch Sensor 28 description: Endpoint applied threat investigation violation Security traffic detected. riskLevel: medium riskCategory: backupMissing status: open dataStoreId: '132179' dataStoreName: Staging Agent 64 cloudProvider: gcp cloudAccountId: '452369' region: us-east-1 affectedClassifications: &id003 - example-affectedClassifications_item affectedDataAssetCount: 700 remediation: &id004 description: Firewall rule violation applied endpoint detected endpoint alert rule suspicious. steps: - example-steps_item automatedRemediationAvailable: true detectedAt: '2026-10-09T08:11:21Z' lastEvaluatedAt: '2024-12-04T00:05:27Z' '400': $ref: '#/components/responses/BadRequest' '401': $ref: '#/components/responses/Unauthorized' '403': $ref: '#/components/responses/Forbidden' '500': $ref: '#/components/responses/InternalServerError' x-microcks-operation: delay: 0 dispatcher: FALLBACK /dspm/api/v1/risks/{id}: get: operationId: getRisk summary: Palo Alto Networks Get Risk Details description: >- Returns detailed information for a specific data security risk including full risk description, affected data store details, impacted data assets, and step-by-step remediation guidance. tags: - Risks parameters: - name: id in: path required: true description: Unique risk identifier. schema: type: string example: example-id responses: '200': description: Risk details returned successfully. content: application/json: schema: $ref: '#/components/schemas/DataRisk' examples: GetRisk200Example: summary: Default getRisk 200 response x-microcks-default: true value: id: example-id title: Branch Sensor 28 description: Endpoint applied threat investigation violation Security traffic detected. riskLevel: medium riskCategory: backupMissing status: open dataStoreId: '132179' dataStoreName: Staging Agent 64 cloudProvider: gcp cloudAccountId: '452369' region: us-east-1 affectedClassifications: *id003 affectedDataAssetCount: 700 remediation: *id004 detectedAt: '2026-10-09T08:11:21Z' lastEvaluatedAt: '2024-12-04T00:05:27Z' '401': $ref: '#/components/responses/Unauthorized' '403': $ref: '#/components/responses/Forbidden' '404': $ref: '#/components/responses/NotFound' '500': $ref: '#/components/responses/InternalServerError' x-microcks-operation: delay: 0 dispatcher: FALLBACK /dspm/api/v1/risks/{id}/status: put: operationId: updateRiskStatus summary: Palo Alto Networks Update Risk Status description: >- Updates the status of a specific data security risk. Use this endpoint to acknowledge, suppress, or mark a risk as remediated after applying corrective actions to the affected data store. tags: - Risks parameters: - name: id in: path required: true description: Unique risk identifier. schema: type: string example: example-id requestBody: required: true content: application/json: schema: type: object required: - status properties: status: type: string enum: - open - remediated - suppressed - acknowledged description: New status for the risk. comment: type: string description: Comment explaining the status change. examples: UpdateRiskStatusRequestExample: summary: Default updateRiskStatus request x-microcks-default: true value: status: open comment: Detected detected policy investigation threat incident policy Security violation firewall network. responses: '200': description: Risk status updated successfully. content: application/json: schema: $ref: '#/components/schemas/DataRisk' examples: UpdateRiskStatus200Example: summary: Default updateRiskStatus 200 response x-microcks-default: true value: id: example-id title: Branch Sensor 28 description: Endpoint applied threat investigation violation Security traffic detected. riskLevel: medium riskCategory: backupMissing status: open dataStoreId: '132179' dataStoreName: Staging Agent 64 cloudProvider: gcp cloudAccountId: '452369' region: us-east-1 affectedClassifications: *id003 affectedDataAssetCount: 700 remediation: *id004 detectedAt: '2026-10-09T08:11:21Z' lastEvaluatedAt: '2024-12-04T00:05:27Z' '400': $ref: '#/components/responses/BadRequest' '401': $ref: '#/components/responses/Unauthorized' '403': $ref: '#/components/responses/Forbidden' '404': $ref: '#/components/responses/NotFound' '500': $ref: '#/components/responses/InternalServerError' x-microcks-operation: delay: 0 dispatcher: FALLBACK /dspm/api/v1/data-stores: get: operationId: listDataStores summary: Palo Alto Networks List Data Stores Inventory description: >- Returns a list of all cloud data stores discovered by Prisma Cloud DSPM. Includes relational databases, NoSQL databases, object storage, file shares, data warehouses, and other cloud-native data services. Supports filtering by cloud provider, region, service type, and risk level. tags: - DataStores parameters: - name: offset in: query description: Number of records to skip for pagination. schema: type: integer default: 0 example: 0 - name: limit in: query description: Maximum number of records to return. schema: type: integer default: 25 example: 25 - name: cloudProvider in: query description: Filter by cloud provider. schema: type: string enum: - aws - azure - gcp example: gcp - name: region in: query description: Filter by cloud region. schema: type: string example: eu-west-1 - name: serviceType in: query description: Filter by data store service type. schema: type: string enum: - relationalDatabase - noSqlDatabase - objectStorage - fileShare - dataWarehouse - dataLake - cache - messageQueue example: objectStorage - name: riskLevel in: query description: Filter by assigned risk level. schema: type: string enum: - critical - high - medium - low example: critical - name: hasSensitiveData in: query description: Filter to only data stores containing classified sensitive data. schema: type: boolean example: false - name: search in: query description: Search term to filter by data store name or identifier. schema: type: string example: example-search - name: sortBy in: query description: Field to sort results by. schema: type: string enum: - name - riskLevel - sensitiveDataCount - discoveredAt example: riskLevel - name: sortOrder in: query description: Sort order direction. schema: type: string enum: - asc - desc default: desc example: desc responses: '200': description: Data stores returned successfully. content: application/json: schema: type: object properties: totalCount: type: integer description: Total number of discovered data stores matching filters. dataStores: type: array items: $ref: '#/components/schemas/DataStore' examples: ListDataStores200Example: summary: Default listDataStores 200 response x-microcks-default: true value: totalCount: 423 dataStores: - id: example-id name: Branch Sensor 82 cloudProvider: gcp cloudAccountId: '191154' region: us-west-2 serviceType: fileShare serviceName: Corporate Agent 94 encryptionEnabled: true isPubliclyAccessible: true riskLevel: critical sensitiveDataCount: 866 classificationLabels: &id005 - example-classificationLabels_item - example-classificationLabels_item dataAssetCount: 315 discoveredAt: '2026-05-16T02:34:09Z' lastScannedAt: '2026-06-05T18:50:04Z' '400': $ref: '#/components/responses/BadRequest' '401': $ref: '#/components/responses/Unauthorized' '403': $ref: '#/components/responses/Forbidden' '500': $ref: '#/components/responses/InternalServerError' x-microcks-operation: delay: 0 dispatcher: FALLBACK /dspm/api/v1/classifications: get: operationId: listClassifications summary: Palo Alto Networks List Data Classification Results description: >- Returns the data classification taxonomy used by Prisma Cloud DSPM, including built-in and custom classification labels. Each classification includes the label name, description, detection patterns, associated regulatory frameworks, and the sensitivity level assigned to matching data. tags: - Classifications parameters: - name: offset in: query description: Number of records to skip for pagination. schema: type: integer default: 0 example: 0 - name: limit in: query description: Maximum number of records to return. schema: type: integer default: 25 example: 25 - name: category in: query description: Filter by classification category. schema: type: string enum: - PII - PHI - PCI - Financial - Credentials - Intellectual Property - Custom example: Custom - name: isBuiltIn in: query description: Filter by built-in vs custom classifications. schema: type: boolean example: true - name: search in: query description: Search term to filter by classification name. schema: type: string example: example-search responses: '200': description: Data classifications returned successfully. content: application/json: schema: type: object properties: totalCount: type: integer description: Total number of classifications. classifications: type: array items: $ref: '#/components/schemas/Classification' examples: ListClassifications200Example: summary: Default listClassifications 200 response x-microcks-default: true value: totalCount: 213 classifications: - id: example-id name: Staging Gateway 14 description: Violation monitoring configured configured activity network. category: Intellectual Property sensitivityLevel: internal isBuiltIn: false regulatoryFrameworks: &id006 - GLBA - HIPAA dataStoreCount: 931 dataAssetCount: 760 '401': $ref: '#/components/responses/Unauthorized' '403': $ref: '#/components/responses/Forbidden' '500': $ref: '#/components/responses/InternalServerError' x-microcks-operation: delay: 0 dispatcher: FALLBACK /dspm/api/v1/policies: get: operationId: listDSPMPolicies summary: Palo Alto Networks List DSPM Policies description: >- Returns a list of DSPM policies that define data security requirements and governance rules. Policies specify which data classification labels and sensitivity levels require specific security controls such as encryption, access restrictions, and audit logging. tags: - Policies parameters: - name: offset in: query description: Number of records to skip for pagination. schema: type: integer default: 0 example: 0 - name: limit in: query description: Maximum number of records to return. schema: type: integer default: 25 example: 25 - name: enabled in: query description: Filter by policy enabled status. schema: type: boolean example: false - name: search in: query description: Search term to filter by policy name. schema: type: string example: example-search responses: '200': description: DSPM policies returned successfully. content: application/json: schema: type: object properties: totalCount: type: integer description: Total number of DSPM policies. policies: type: array items: $ref: '#/components/schemas/DSPMPolicy' examples: ListDspmpolicies200Example: summary: Default listDSPMPolicies 200 response x-microcks-default: true value: totalCount: 302 policies: - id: example-id name: Corporate Agent 18 description: Threat network applied traffic network threat network activity Security investigation. enabled: false severity: medium classification: example-classification requiredControls: &id007 - accessRestriction cloudProviders: &id008 - gcp - aws createdAt: '2024-03-06T08:41:09Z' updatedAt: '2026-12-26T20:52:00Z' '401': $ref: '#/components/responses/Unauthorized' '403': $ref: '#/components/responses/Forbidden' '500': $ref: '#/components/responses/InternalServerError' x-microcks-operation: delay: 0 dispatcher: FALLBACK /dspm/api/v1/alerts: get: operationId: listDataSecurityAlerts summary: Palo Alto Networks List Data Security Alerts description: >- Returns data security alerts generated when sensitive data exposure conditions are detected. Alerts are triggered by new public data store discoveries, anomalous data access patterns, policy violations, and newly identified sensitive data in previously clean data stores. tags: - Alerts parameters: - name: offset in: query description: Number of records to skip for pagination. schema: type: integer default: 0 example: 0 - name: limit in: query description: Maximum number of records to return. schema: type: integer default: 25 example: 25 - name: severity in: query description: Filter alerts by severity level. schema: type: string enum: - critical - high - medium - low example: critical - name: status in: query description: Filter by alert status. schema: type: string enum: - open - dismissed - resolved example: dismissed - name: cloudProvider in: query description: Filter by cloud provider. schema: type: string enum: - aws - azure - gcp example: azure - name: start_time in: query description: Start of time range filter (ISO 8601 format). schema: type: string format: date-time example: '2025-05-15T20:05:55Z' - name: end_time in: query description: End of time range filter (ISO 8601 format). schema: type: string format: date-time example: '2024-06-25T20:37:39Z' responses: '200': description: Data security alerts returned successfully. content: application/json: schema: type: object properties: totalCount: type: integer description: Total number of alerts matching filters. alerts: type: array items: $ref: '#/components/schemas/DataSecurityAlert' examples: ListDataSecurityAlerts200Example: summary: Default listDataSecurityAlerts 200 response x-microcks-default: true value: totalCount: 663 alerts: - id: example-id title: Staging Gateway 49 description: Applied Security suspicious Security activity incident endpoint rule violation monitoring configured policy. severity: high status: dismissed alertType: accessAnomaly dataStoreId: '172843' dataStoreName: Primary Gateway 98 cloudProvider: aws cloudAccountId: '796638' region: us-west-2 affectedClassifications: &id009 - example-affectedClassifications_item - example-affectedClassifications_item detectedAt: '2026-06-24T13:35:39Z' resolvedAt: '2025-06-12T03:49:03Z' '400': $ref: '#/components/responses/BadRequest' '401': $ref: '#/components/responses/Unauthorized' '403': $ref: '#/components/responses/Forbidden' '500': $ref: '#/components/responses/InternalServerError' x-microcks-operation: delay: 0 dispatcher: FALLBACK components: securitySchemes: bearerAuth: type: http scheme: bearer bearerFormat: JWT description: >- JWT token obtained from the Prisma Cloud /login endpoint. Valid for 10 minutes. Include as Authorization: Bearer in request headers. responses: BadRequest: description: Invalid request parameters or body. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' Unauthorized: description: Invalid or expired JWT token. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' Forbidden: description: Insufficient permissions for this operation. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' NotFound: description: The requested resource was not found. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' InternalServerError: description: Internal server error. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' schemas: DataAsset: type: object properties: id: type: string description: Unique data asset identifier. example: example-id dataStoreId: type: string description: Parent data store identifier. example: '875945' dataStoreName: type: string description: Name of the parent data store. example: Corporate Gateway 15 name: type: string description: >- Name of the data asset (e.g., table name, column name, object prefix, directory name). example: Branch Agent 83 assetType: type: string enum: - table - column - objectPrefix - directory - file - collection - index - schema description: Type of data asset. example: file path: type: string description: Full path to the data asset within the data store. example: /api/v1/2a87d6 classificationLabels: type: array items: type: string description: Classification labels applied to this data asset. example: *id001 sensitivityLevel: type: string enum: - public - internal - confidential - restricted description: Sensitivity level based on the most sensitive classification. example: internal sampleFindings: type: array items: type: object properties: classificationLabel: type: string description: Classification label matched. example: example-classificationLabel pattern: type: string description: Pattern description. example: example-pattern count: type: integer description: Approximate number of matching records. example: 168 sampleValue: type: string description: Masked sample value showing the pattern match. example: example-sampleValue description: Sample data patterns found during classification. example: *id002 recordCount: type: integer description: Approximate number of records in this data asset. example: 706 discoveredAt: type: string format: date-time description: Timestamp when the data asset was first discovered. example: '2026-12-08T04:17:43Z' lastScannedAt: type: string format: date-time description: Timestamp of the most recent classification scan. example: '2024-11-10T12:02:32Z' DataRisk: type: object properties: id: type: string description: Unique risk identifier. example: example-id title: type: string description: Short description of the risk. example: Branch Sensor 28 description: type: string description: Detailed explanation of the risk and its potential impact. example: Endpoint applied threat investigation violation Security traffic detected. riskLevel: type: string enum: - critical - high - medium - low description: Severity of the risk. example: medium riskCategory: type: string enum: - publicExposure - encryptionMissing - excessivePermissions - dataResidency - auditLogging - backupMissing - crossAccountAccess - sensitiveDataExposure description: Category of the data security risk. example: backupMissing status: type: string enum: - open - remediated - suppressed - acknowledged description: Current status of the risk. example: open dataStoreId: type: string description: Data store where the risk was identified. example: '132179' dataStoreName: type: string description: Name of the affected data store. example: Staging Agent 64 cloudProvider: type: string enum: - aws - azure - gcp description: Cloud provider of the affected data store. example: gcp cloudAccountId: type: string description: Cloud account ID of the affected data store. example: '452369' region: type: string description: Cloud region of the affected data store. example: us-east-1 affectedClassifications: type: array items: type: string description: Classification labels of sensitive data at risk. example: *id003 affectedDataAssetCount: type: integer description: Number of data assets affected by this risk. example: 700 remediation: type: object properties: description: type: string description: Human-readable description of the recommended remediation. example: Malware traffic detected threat blocked policy suspicious firewall rule alert blocked malware. steps: type: array items: type: string description: Step-by-step remediation instructions. example: - example-steps_item - example-steps_item automatedRemediationAvailable: type: boolean description: Whether automated remediation is available. example: false description: Recommended remediation steps. example: *id004 detectedAt: type: string format: date-time description: Timestamp when the risk was first detected. example: '2026-10-09T08:11:21Z' lastEvaluatedAt: type: string format: date-time description: Timestamp of the most recent risk evaluation. example: '2024-12-04T00:05:27Z' DataStore: type: object properties: id: type: string description: Unique data store identifier in Prisma Cloud. example: example-id name: type: string description: Name of the data store as it appears in the cloud provider. example: Branch Sensor 82 cloudProvider: type: string enum: - aws - azure - gcp description: Cloud provider where the data store is hosted. example: gcp cloudAccountId: type: string description: Cloud account ID that owns the data store. example: '191154' region: type: string description: Cloud region where the data store is located. example: us-west-2 serviceType: type: string enum: - relationalDatabase - noSqlDatabase - objectStorage - fileShare - dataWarehouse - dataLake - cache - messageQueue description: Category of the data store service. example: fileShare serviceName: type: string description: Specific cloud service name (e.g., Amazon S3, Amazon RDS). example: Corporate Agent 94 encryptionEnabled: type: boolean description: Whether encryption at rest is enabled. example: true isPubliclyAccessible: type: boolean description: Whether the data store is accessible from the public internet. example: true riskLevel: type: string enum: - critical - high - medium - low description: Overall risk level computed from data sensitivity and security posture. example: critical sensitiveDataCount: type: integer description: Number of sensitive data assets found in this data store. example: 866 classificationLabels: type: array items: type: string description: Distinct classification labels found in the data store. example: *id005 dataAssetCount: type: integer description: Total number of data assets discovered in this data store. example: 315 discoveredAt: type: string format: date-time description: Timestamp when the data store was first discovered by DSPM. example: '2026-05-16T02:34:09Z' lastScannedAt: type: string format: date-time description: Timestamp of the most recent data classification scan. example: '2026-06-05T18:50:04Z' Classification: type: object properties: id: type: string description: Unique classification identifier. example: example-id name: type: string description: Classification label name. example: Staging Gateway 14 description: type: string description: Detailed description of what the classification detects. example: Violation monitoring configured configured activity network. category: type: string enum: - PII - PHI - PCI - Financial - Credentials - Intellectual Property - Custom description: Broad category of the classification. example: Intellectual Property sensitivityLevel: type: string enum: - public - internal - confidential - restricted description: Default sensitivity level for data matching this classification. example: internal isBuiltIn: type: boolean description: Whether this is a built-in or custom classification. example: false regulatoryFrameworks: type: array items: type: string enum: - GDPR - CCPA - HIPAA - PCI-DSS - SOX - GLBA - FERPA description: Regulatory frameworks referencing this data classification. example: *id006 dataStoreCount: type: integer description: Number of data stores where matching data has been found. example: 931 dataAssetCount: type: integer description: Number of data assets matching this classification. example: 760 DSPMPolicy: type: object properties: id: type: string description: Unique DSPM policy identifier. example: example-id name: type: string description: Policy name. example: Corporate Agent 18 description: type: string description: Policy description. example: Threat network applied traffic network threat network activity Security investigation. enabled: type: boolean description: Whether the policy is currently active. example: false severity: type: string enum: - critical - high - medium - low description: Severity level of violations detected by this policy. example: medium classification: type: string description: Classification label this policy governs. example: example-classification requiredControls: type: array items: type: string enum: - encryption - accessRestriction - auditLogging - backup - networkIsolation description: Security controls required for data matching this policy. example: *id007 cloudProviders: type: array items: type: string enum: - aws - azure - gcp description: Cloud providers this policy applies to. example: *id008 createdAt: type: string format: date-time readOnly: true example: '2024-03-06T08:41:09Z' updatedAt: type: string format: date-time readOnly: true example: '2026-12-26T20:52:00Z' DataSecurityAlert: type: object properties: id: type: string description: Unique alert identifier. example: example-id title: type: string description: Short description of the alert condition. example: Staging Gateway 49 description: type: string description: Detailed alert description. example: Applied Security suspicious Security activity incident endpoint rule violation monitoring configured policy. severity: type: string enum: - critical - high - medium - low description: Alert severity level. example: high status: type: string enum: - open - dismissed - resolved description: Current alert status. example: dismissed alertType: type: string description: Category of data security alert. enum: - newPublicDataStore - newSensitiveData - accessAnomaly - policyViolation - dataExfiltration example: accessAnomaly dataStoreId: type: string description: Affected data store identifier. example: '172843' dataStoreName: type: string description: Name of the affected data store. example: Primary Gateway 98 cloudProvider: type: string enum: - aws - azure - gcp description: Cloud provider of the affected data store. example: aws cloudAccountId: type: string description: Cloud account identifier. example: '796638' region: type: string description: Cloud region of the affected data store. example: us-west-2 affectedClassifications: type: array items: type: string description: Data classification labels involved in the alert. example: *id009 detectedAt: type: string format: date-time description: Timestamp when the alert was generated. example: '2026-06-24T13:35:39Z' resolvedAt: type: string format: date-time description: Timestamp when the alert was resolved. Null if still open. example: '2025-06-12T03:49:03Z' ErrorResponse: type: object properties: status: type: integer description: HTTP status code. example: 177 message: type: string description: Human-readable error message. example: Suspicious traffic configured monitoring malware endpoint applied. error: type: string description: Error code. example: example-error