Palo Alto Networks · JSON-LD Context
Palo Alto Networks Context
JSON-LD context defining the semantic vocabulary for Palo Alto Networks from Palo Alto Networks.
0 Classes
72 Properties
7 Namespaces
Namespaces
pan:
https://pan.dev/schema/
schema:
https://schema.org/
dcterms:
http://purl.org/dc/terms/
xsd:
http://www.w3.org/2001/XMLSchema#
sec:
https://w3id.org/security#
owl:
http://www.w3.org/2002/07/owl#
skos:
http://www.w3.org/2004/02/skos/core#
Properties
| Property | Type | Container |
|---|---|---|
| SecurityIncident | reference | |
| FirewallPolicy | reference | |
| ThreatSignature | reference | |
| NetworkDevice | reference | |
| VulnerabilityAssessment | reference | |
| CloudAccount | reference | |
| SecurityAlert | reference | |
| DataLossEvent | reference | |
| name | string | |
| description | string | |
| identifier | string | |
| url | reference | |
| datePublished | dateTime | |
| dateModified | dateTime | |
| dateCreated | dateTime | |
| creator | reference | |
| severity | string | |
| status | string | |
| action | string | |
| category | string | |
| incidentId | string | |
| alertId | string | |
| alertCount | integer | |
| alertSources | string | |
| assignedTo | string | |
| detectionSource | string | |
| resolutionComment | string | |
| policyId | string | |
| policyName | string | |
| policyType | string | |
| sourceZone | string | |
| destinationZone | string | |
| sourceAddress | string | |
| destinationAddress | string | |
| application | string | |
| ruleAction | string | |
| signatureId | string | |
| signatureType | string | |
| threatName | string | |
| threatId | string | |
| verdict | string | |
| sha256 | string | |
| malwareFamily | string | |
| serialNumber | string | |
| deviceName | string | |
| deviceModel | string | |
| deviceIp | string | |
| softwareVersion | string | |
| cveId | string | |
| cvssScore | decimal | |
| cvssVector | string | |
| affectedProduct | reference | |
| fixedVersion | string | |
| exploitStatus | string | |
| cloudType | string | |
| accountId | string | |
| accountName | string | |
| resourceId | string | |
| resourceType | string | |
| region | string | |
| complianceStandard | string | |
| dataClassification | string | |
| exposureType | string | |
| dataStore | string | |
| relatedIncident | reference | |
| relatedAlert | reference | |
| relatedPolicy | reference | |
| affectsResource | reference | |
| detectedBy | reference | |
| mitigatedBy | reference | |
| partOf | reference | |
| enforcedBy | reference |
JSON-LD Document
{
"@context": {
"@version": 1.1,
"pan": "https://pan.dev/schema/",
"schema": "https://schema.org/",
"dcterms": "http://purl.org/dc/terms/",
"xsd": "http://www.w3.org/2001/XMLSchema#",
"sec": "https://w3id.org/security#",
"owl": "http://www.w3.org/2002/07/owl#",
"skos": "http://www.w3.org/2004/02/skos/core#",
"SecurityIncident": {
"@id": "pan:SecurityIncident",
"@type": "@id",
"skos:closeMatch": "schema:Event",
"dcterms:description": "A correlated collection of security alerts representing a potential threat or attack campaign detected across endpoints, networks, or cloud environments."
},
"FirewallPolicy": {
"@id": "pan:FirewallPolicy",
"@type": "@id",
"skos:closeMatch": "sec:Policy",
"dcterms:description": "A PAN-OS security policy rule defining traffic enforcement criteria including source zones, destination zones, applications, services, and the enforcement action applied to matching sessions."
},
"ThreatSignature": {
"@id": "pan:ThreatSignature",
"@type": "@id",
"skos:relatedMatch": "sec:Signature",
"dcterms:description": "A Palo Alto Networks threat prevention signature used to detect and block exploitation of known vulnerabilities, malware, spyware, command-and-control traffic, and other threat patterns."
},
"NetworkDevice": {
"@id": "pan:NetworkDevice",
"@type": "@id",
"skos:exactMatch": "schema:Device",
"dcterms:description": "A Palo Alto Networks next-generation firewall, Prisma Access node, or other network security appliance managing and enforcing security policy on network traffic."
},
"VulnerabilityAssessment": {
"@id": "pan:VulnerabilityAssessment",
"@type": "@id",
"skos:closeMatch": "schema:Report",
"dcterms:description": "An assessment of a security vulnerability affecting Palo Alto Networks products, including CVSS scoring, affected version ranges, exploitation status, and available remediations as published by the Palo Alto Networks PSIRT."
},
"CloudAccount": {
"@id": "pan:CloudAccount",
"@type": "@id",
"skos:closeMatch": "schema:Organization",
"dcterms:description": "A cloud service provider account, subscription, or project onboarded into Prisma Cloud for security posture monitoring. Represents an AWS account, Azure subscription, GCP project, OCI tenancy, or Alibaba Cloud account."
},
"SecurityAlert": {
"@id": "pan:SecurityAlert",
"@type": "@id",
"skos:relatedMatch": "schema:AlertAction",
"dcterms:description": "A security event notification generated by Prisma Cloud for a policy violation, by Cortex XDR for a detection, or by other Palo Alto Networks products indicating suspicious or malicious activity requiring investigation."
},
"DataLossEvent": {
"@id": "pan:DataLossEvent",
"@type": "@id",
"skos:closeMatch": "schema:Event",
"dcterms:description": "An event indicating that sensitive data has been exposed, exfiltrated, or otherwise disclosed without authorization. Detected by Prisma Cloud data security policies or Cortex XDR data loss prevention capabilities."
},
"name": {
"@id": "schema:name",
"@type": "xsd:string"
},
"description": {
"@id": "dcterms:description",
"@type": "xsd:string"
},
"identifier": {
"@id": "dcterms:identifier",
"@type": "xsd:string"
},
"url": {
"@id": "schema:url",
"@type": "@id"
},
"datePublished": {
"@id": "dcterms:issued",
"@type": "xsd:dateTime"
},
"dateModified": {
"@id": "dcterms:modified",
"@type": "xsd:dateTime"
},
"dateCreated": {
"@id": "dcterms:created",
"@type": "xsd:dateTime"
},
"creator": {
"@id": "dcterms:creator",
"@type": "@id"
},
"severity": {
"@id": "pan:severity",
"@type": "xsd:string"
},
"status": {
"@id": "pan:status",
"@type": "xsd:string"
},
"action": {
"@id": "pan:action",
"@type": "xsd:string"
},
"category": {
"@id": "dcterms:type",
"@type": "xsd:string"
},
"incidentId": {
"@id": "pan:incidentId",
"@type": "xsd:string"
},
"alertId": {
"@id": "pan:alertId",
"@type": "xsd:string"
},
"alertCount": {
"@id": "pan:alertCount",
"@type": "xsd:integer"
},
"alertSources": {
"@id": "pan:alertSources",
"@type": "xsd:string"
},
"assignedTo": {
"@id": "pan:assignedTo",
"@type": "xsd:string"
},
"detectionSource": {
"@id": "pan:detectionSource",
"@type": "xsd:string"
},
"resolutionComment": {
"@id": "pan:resolutionComment",
"@type": "xsd:string"
},
"policyId": {
"@id": "pan:policyId",
"@type": "xsd:string"
},
"policyName": {
"@id": "pan:policyName",
"@type": "xsd:string"
},
"policyType": {
"@id": "pan:policyType",
"@type": "xsd:string"
},
"sourceZone": {
"@id": "pan:sourceZone",
"@type": "xsd:string"
},
"destinationZone": {
"@id": "pan:destinationZone",
"@type": "xsd:string"
},
"sourceAddress": {
"@id": "pan:sourceAddress",
"@type": "xsd:string"
},
"destinationAddress": {
"@id": "pan:destinationAddress",
"@type": "xsd:string"
},
"application": {
"@id": "pan:application",
"@type": "xsd:string"
},
"ruleAction": {
"@id": "pan:ruleAction",
"@type": "xsd:string"
},
"signatureId": {
"@id": "pan:signatureId",
"@type": "xsd:string"
},
"signatureType": {
"@id": "pan:signatureType",
"@type": "xsd:string"
},
"threatName": {
"@id": "pan:threatName",
"@type": "xsd:string"
},
"threatId": {
"@id": "pan:threatId",
"@type": "xsd:string"
},
"verdict": {
"@id": "pan:verdict",
"@type": "xsd:string"
},
"sha256": {
"@id": "pan:sha256",
"@type": "xsd:string"
},
"malwareFamily": {
"@id": "pan:malwareFamily",
"@type": "xsd:string"
},
"serialNumber": {
"@id": "pan:serialNumber",
"@type": "xsd:string"
},
"deviceName": {
"@id": "pan:deviceName",
"@type": "xsd:string"
},
"deviceModel": {
"@id": "schema:model",
"@type": "xsd:string"
},
"deviceIp": {
"@id": "pan:deviceIp",
"@type": "xsd:string"
},
"softwareVersion": {
"@id": "schema:softwareVersion",
"@type": "xsd:string"
},
"cveId": {
"@id": "pan:cveId",
"@type": "xsd:string"
},
"cvssScore": {
"@id": "pan:cvssScore",
"@type": "xsd:decimal"
},
"cvssVector": {
"@id": "pan:cvssVector",
"@type": "xsd:string"
},
"affectedProduct": {
"@id": "pan:affectedProduct",
"@type": "@id"
},
"fixedVersion": {
"@id": "pan:fixedVersion",
"@type": "xsd:string"
},
"exploitStatus": {
"@id": "pan:exploitStatus",
"@type": "xsd:string"
},
"cloudType": {
"@id": "pan:cloudType",
"@type": "xsd:string"
},
"accountId": {
"@id": "pan:accountId",
"@type": "xsd:string"
},
"accountName": {
"@id": "pan:accountName",
"@type": "xsd:string"
},
"resourceId": {
"@id": "pan:resourceId",
"@type": "xsd:string"
},
"resourceType": {
"@id": "pan:resourceType",
"@type": "xsd:string"
},
"region": {
"@id": "pan:region",
"@type": "xsd:string"
},
"complianceStandard": {
"@id": "pan:complianceStandard",
"@type": "xsd:string"
},
"dataClassification": {
"@id": "pan:dataClassification",
"@type": "xsd:string"
},
"exposureType": {
"@id": "pan:exposureType",
"@type": "xsd:string"
},
"dataStore": {
"@id": "pan:dataStore",
"@type": "xsd:string"
},
"relatedIncident": {
"@id": "pan:relatedIncident",
"@type": "@id"
},
"relatedAlert": {
"@id": "pan:relatedAlert",
"@type": "@id"
},
"relatedPolicy": {
"@id": "pan:relatedPolicy",
"@type": "@id"
},
"affectsResource": {
"@id": "pan:affectsResource",
"@type": "@id"
},
"detectedBy": {
"@id": "pan:detectedBy",
"@type": "@id"
},
"mitigatedBy": {
"@id": "pan:mitigatedBy",
"@type": "@id"
},
"partOf": {
"@id": "dcterms:isPartOf",
"@type": "@id"
},
"enforcedBy": {
"@id": "pan:enforcedBy",
"@type": "@id"
}
}
}