diff --git a/docusaurus.config.ts b/docusaurus.config.ts index 9317e2c4b..c8ef284c8 100644 --- a/docusaurus.config.ts +++ b/docusaurus.config.ts @@ -1006,6 +1006,11 @@ const config = { outputDir: "products/scm/api/config/ciedss", sidebarOptions: { groupPathsBy: "tag" }, }, + incidentscm: { + specPath: "openapi-specs/scm/config/incidents", + outputDir: "products/scm/api/config/incidents", + sidebarOptions: { groupPathsBy: "tag" }, + }, sdwan: { specPath: "openapi-specs/sdwan/unified", outputDir: "products/sdwan/api", @@ -1197,14 +1202,14 @@ const config = { sidebarOptions: { groupPathsBy: "tag", categoryLinkSource: "tag" }, baseUrl: "/compute/api/34-00/", }, - compute_3401: { + compute_3401: { specPath: "openapi-specs/compute/34-01", outputDir: "products/compute/api/34-01", showExtensions: true, sidebarOptions: { groupPathsBy: "tag", categoryLinkSource: "tag" }, baseUrl: "/compute/api/34-01/", }, - compute_3402: { + compute_3402: { specPath: "openapi-specs/compute/34-02", outputDir: "products/compute/api/34-02", showExtensions: true, diff --git a/openapi-specs/scm/config/incidents/Unified_SCM_Incident.yaml b/openapi-specs/scm/config/incidents/Unified_SCM_Incident.yaml new file mode 100644 index 000000000..e6e51770c --- /dev/null +++ b/openapi-specs/scm/config/incidents/Unified_SCM_Incident.yaml @@ -0,0 +1,420 @@ +openapi: 3.0.0 +info: + title: Unified Incident Framework APIs + version: 3.0.0 + description: "Consolidates security and operational incidents from multiple Palo\ + \ Alto Networks products into a unified management interface. \nProvides read-only\ + \ access to search, filter, and analyze incident data across the Strata Cloud\ + \ Manager ecosystem. This Open API spec file was created on February 20, 2026.\ + \ \xA9 2026 Palo Alto Networks, Inc. Palo Alto Networks is a registered trademark\ + \ of Palo Alto Networks. A list of our trademarks can be found at [https://www.paloaltonetworks.com/company/trademarks.html](https://www.paloaltonetworks.com/company/trademarks.html).\ + \ All other marks mentioned herein may be trademarks of their respective companies." +servers: +- url: https://api.sase.paloaltonetworks.com + description: Production Server +security: +- JWT: [] +components: + securitySchemes: + JWT: + type: http + description: JWT authentication with bearer token + scheme: bearer + bearerFormat: Bearer [token] + parameters: + PrismaTenantHeader: + in: header + name: prisma-tenant + description: The tenant and sub-tenant ID identifier (e.g., tenant_id:sub_tenant_id). + required: true + schema: + type: string + PrismaRegionHeader: + in: header + name: X-PANW-Region + description: The region for request(e.g., americas, europe, uk, au etc). + required: true + schema: + type: string + schemas: + FilterRule: + type: object + properties: + property: + type: string + example: incident_id + operator: + type: string + values: + type: array + items: + type: string + FilterObject: + type: object + properties: + rules: + type: array + items: + $ref: '#/components/schemas/FilterRule' + PaginationObject: + type: object + properties: + page_size: + type: integer + page_number: + type: integer + order_by: + type: array + items: + type: object + properties: + property: + type: string + order: + type: string + enum: + - asc + - desc +ExternalTags: + Incidents APIs: + title: Incidents APIs + description: Operations related to listing, querying, and managing specific incidents. + tags: + - Incidents APIs +paths: + /incidents/search: + post: + summary: Search Incident List + description: "Retrieves a paginated list of security incidents using advanced\ + \ filtering criteria. \nFilters data by product type, release state, and severity\ + \ to streamline incident discovery across the security fabric." + operationId: PostIncidentsSearch + responses: + '200': + description: List of incidents + content: + application/json: + schema: + type: object + properties: + data: + type: array + items: + type: object + properties: + updated_time: + type: integer + format: int64 + example: 1765468859684 + severity: + type: string + example: Informational + severity_id: + type: integer + example: 200 + status: + type: string + example: Raised + title: + type: string + example: Tenant has 14 raised alerts + priority: + type: string + example: Not Set + product: + type: string + example: Prisma Access + category: + type: string + example: Network + sub_category: + type: string + example: '' + code: + type: string + example: INC_AOA_TENANT_ALERTS_NOTIFICATION + incident_id: + type: string + example: 21818c4a-8353-4d9c-ae3e-ae90004d4662 + raised_time: + type: integer + format: int64 + example: 1765468859684 + release_state: + type: string + example: Released + incident_type: + type: string + example: SOURCE_AGGREGATION_INCIDENT + designation: + type: string + example: root + primary_impacted_objects: + type: object + description: Comprehensive list of impacted objects associated + with the incident. + properties: + site_names: + type: array + items: + type: string + roles: + type: array + items: + type: string + tunnel_names: + type: array + items: + type: string + host_names: + type: array + items: + type: string + locations: + type: array + items: + type: string + bgp_peer_names: + type: array + items: + type: string + certificate_names: + type: array + items: + type: string + device_ids: + type: array + items: + type: string + packages: + type: array + items: + type: string + licenses: + type: array + items: + type: string + cves: + type: array + items: + type: string + security_objects: + type: array + items: + type: string + security_checks: + type: array + items: + type: string + security_types: + type: array + items: + type: string + aggr_locations: + type: array + items: + type: string + spn_names: + type: array + items: + type: string + agent_ids: + type: array + items: + type: string + directory_ids: + type: array + items: + type: string + theaters: + type: array + items: + type: string + gp_versions: + type: array + items: + type: string + auth_servers: + type: array + items: + type: string + dns_servers: + type: array + items: + type: string + app_names: + type: array + items: + type: string + ike_gateway_names: + type: array + items: + type: string + gre_tunnel_names: + type: array + items: + type: string + asn_org_names: + type: array + items: + type: string + user_locations: + type: array + items: + type: string + parameters: + - $ref: '#/components/parameters/PrismaTenantHeader' + - $ref: '#/components/parameters/PrismaRegionHeader' + tags: + - Incidents APIs + requestBody: + content: + application/json: + schema: + type: object + properties: + filter: + $ref: '#/components/schemas/FilterObject' + pagination: + $ref: '#/components/schemas/PaginationObject' + examples: + FilterWithPagination: + summary: Filter by Product/Status with Pagination + value: + filter: + rules: + - property: release_state + operator: in + values: + - Released + - property: product + operator: in + values: + - NGFW + - Prisma Access + - Posture + - property: status + operator: in + values: + - Raised + pagination: + page_size: 50 + page_number: 1 + order_by: + - property: updated_time + order: desc + /incidents/{incident_id}: + get: + summary: Get Incident Details + description: "Provides comprehensive metadata and alert-level data for a specific\ + \ security incident. \nReturns detailed impact objects, resource contexts,\ + \ and the underlying alerts that triggered the incident." + operationId: GetIncidentsbyincident_id + responses: + '200': + description: Detailed incident information + content: + application/json: + schema: + type: object + properties: + data: + type: array + items: + type: object + properties: + incident_id: + type: string + example: 21818c4a-8353-4d9c-ae3e-ae90004d4662 + title: + type: string + example: Tenant has 14 raised alerts + raised_time: + type: integer + format: int64 + example: 1765468859684 + updated_time: + type: integer + format: int64 + example: 1765468859684 + resource_keys: + type: string + description: JSON string containing resource identifiers. + example: '{"tenant_id": "24072002", "sub_tenant_id": "24072002"}' + status: + type: string + example: Raised + detail: + type: string + description: Stringified JSON array containing detailed + alert information. + alerts: + type: array + items: + type: object + properties: + alert_id: + type: string + severity: + type: string + state: + type: string + title: + type: string + updated_time: + type: integer + format: int64 + domain: + type: string + inc_prop: + type: integer + ctx_only_alert: + type: boolean + code: + type: string + incident_type: + type: string + example: SOURCE_AGGREGATION_INCIDENT + incident_code: + type: string + example: INC_AOA_TENANT_ALERTS_NOTIFICATION + severity_id: + type: integer + example: 200 + severity: + type: string + example: Informational + priority: + type: string + example: Not Set + release_state: + type: string + example: Released + product: + type: string + example: Prisma Access + resource_context: + type: string + example: '{}' + category: + type: string + example: Network + sub_category: + type: string + example: '' + designation: + type: string + example: root + acknowledged: + type: boolean + example: false + parameters: + - $ref: '#/components/parameters/PrismaTenantHeader' + - $ref: '#/components/parameters/PrismaRegionHeader' + - name: incident_id + in: path + required: true + schema: + type: string + tags: + - Incidents APIs diff --git a/products/sase/sidebars.ts b/products/sase/sidebars.ts index 14bce5d4a..cc62d1816 100644 --- a/products/sase/sidebars.ts +++ b/products/sase/sidebars.ts @@ -361,5 +361,4 @@ module.exports = { "sase/api/tenancy/tenancy-api", require("./api/tenancy/sidebar"), ], - }; diff --git a/products/scm/api/config/Incidents/incident-scm.md b/products/scm/api/config/Incidents/incident-scm.md new file mode 100644 index 000000000..e33d6156c --- /dev/null +++ b/products/scm/api/config/Incidents/incident-scm.md @@ -0,0 +1,17 @@ +--- +id: incident-scm +title: Unified Incident Framework APIs +sidebar_label: Incident Framework APIs +keywords: + - Strata Cloud Manager + - Configuration + - Objects + - Reference + - API +--- + +The Unified Incidents framework consolidates incident management across multiple Palo Alto Networks security products into a single, cohesive interface within Strata Cloud Manager. This unified approach brings all incidents into one view, streamlining incident response workflows and providing consistent visibility across your entire security infrastructure. + +The Unified Incidents APIs enable you to monitor and manage security and operational incidents across all Palo Alto Networks products managed by Strata Cloud Manager. Use these APIs to retrieve incident lists, access detailed incident information. + +These APIs use the [common SASE authentication](/sase/docs/getstarted) for service access and authorization. diff --git a/products/scm/docs/release-notes/changelog.md b/products/scm/docs/release-notes/changelog.md index 31adbbf2e..b295b31fc 100644 --- a/products/scm/docs/release-notes/changelog.md +++ b/products/scm/docs/release-notes/changelog.md @@ -12,6 +12,7 @@ keywords: | Date | Description | | --------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| February 23rd, 2026 | Added [Incidents APIs](/scm/api/config/incidents/incidents-scm/). | January 29, 2026 | Added [Strata Cloud Manager Best Practices](/scm/docs/api-best-practices/). | October 21, 2025 | Added [CIE Directory Sync Service APIs](/scm/api/config/ciedss/ciedss/). | June 27, 2025 | Added [Snippet Sharing APIs](/scm/api/config/sase/setup/snippet-sharing/). diff --git a/products/scm/sidebars.ts b/products/scm/sidebars.ts index 0d71d60e0..75bbdc96f 100644 --- a/products/scm/sidebars.ts +++ b/products/scm/sidebars.ts @@ -336,6 +336,17 @@ module.exports = { require("./api/config/cloudngfw/objects/sidebar"), ], }, + { + type: "category", + label: "Incidents", + items: [ + { + type: "doc", + id: "scm/api/config/incidents/incident-scm", + }, + require("./api/config/incidents/sidebar"), + ], + }, { type: "category", label: "Security Services", diff --git a/src/pages/strata-cloud-manager/index.js b/src/pages/strata-cloud-manager/index.js index 216edc9dc..8c400d3ca 100644 --- a/src/pages/strata-cloud-manager/index.js +++ b/src/pages/strata-cloud-manager/index.js @@ -185,6 +185,13 @@ export default function SCMLandingPage() { icon: "api-doc", }, ], + Incidents: [ + { + to: "scm/api/config/incidents/incident-scm", + label: "Incidents", + icon: "api-doc", + }, + ], "Other Configuration": [ { to: "/access/api/browser-mgmt/browser-mgmt-api",