{ "$schema": "https://json-schema.org/draft/2020-12/schema", "$id": "https://github.com/api-evangelist/tanium/blob/main/json-schema/tanium-alert-schema.json", "title": "Tanium Threat Alert", "description": "Represents a threat alert generated by Tanium Threat Response when an indicator of compromise (IOC) or threat signature matches on an endpoint. Alerts are the primary output of threat detection scanning.", "type": "object", "properties": { "id": { "type": "integer", "description": "Unique numeric identifier for the alert" }, "priority": { "type": "string", "description": "Alert priority level indicating urgency" }, "severity": { "type": "string", "description": "Alert severity level indicating impact" }, "type": { "type": "string", "description": "Classification type of the alert" }, "state": { "type": "string", "description": "Current investigation state of the alert", "enum": ["unresolved", "inprogress", "resolved", "dismissed", "ignored"] }, "computerName": { "type": "string", "description": "Hostname of the affected endpoint" }, "computerIpAddress": { "type": "string", "description": "IP address of the affected endpoint" }, "guid": { "type": "string", "description": "Globally unique identifier for the alert" }, "intelDocId": { "type": "integer", "description": "Identifier of the intel document that triggered the alert" }, "scanConfigId": { "type": "integer", "description": "Identifier of the scan configuration that detected the threat" }, "alertedAt": { "type": "string", "format": "date-time", "description": "Timestamp when the alert was first generated" }, "createdAt": { "type": "string", "format": "date-time", "description": "Timestamp when the alert record was created" }, "updatedAt": { "type": "string", "format": "date-time", "description": "Timestamp when the alert was last updated" } }, "required": ["id", "state"] }