{ "$schema": "https://json-schema.org/draft/2020-12/schema", "$id": "https://raw.githubusercontent.com/api-evangelist/saas-alerts/refs/heads/main/json-schema/saas-alerts-alert-schema.json", "title": "SaaS Alerts Security Alert", "description": "Schema for a SaaS Alerts security alert generated by anomalous behavior detection", "type": "object", "properties": { "alertId": { "type": "string", "description": "Unique alert identifier", "example": "alert_9876543210" }, "alertStatus": { "type": "string", "description": "Alert severity level", "enum": ["low", "medium", "critical"], "example": "critical" }, "title": { "type": "string", "description": "Alert title", "example": "Multiple Failed Login Attempts Detected" }, "description": { "type": "string", "description": "Detailed alert description and context" }, "customerId": { "type": "string", "description": "Affected customer identifier" }, "customerName": { "type": "string", "description": "Affected customer organization name" }, "application": { "type": "string", "description": "Affected SaaS application", "enum": ["microsoft365", "google_workspace", "salesforce", "slack", "dropbox"] }, "userId": { "type": "string", "description": "Affected user identifier" }, "resolved": { "type": "boolean", "description": "Whether the alert has been resolved", "example": false }, "createdAt": { "type": "string", "format": "date-time", "description": "Alert creation timestamp" }, "resolvedAt": { "type": ["string", "null"], "format": "date-time", "description": "Alert resolution timestamp, null if not yet resolved" }, "relatedEvents": { "type": "array", "description": "List of event IDs that triggered this alert", "items": { "type": "string" } } }, "required": ["alertId", "alertStatus", "title", "customerId", "application", "userId", "resolved", "createdAt"] }