Domain Model
Incident
Fields
| Field | Type | Required | Default | Description |
|---|---|---|---|---|
| id | string.uuid | Yes | — | Id |
| createdAt | string.date-time | Yes | — | Created at |
| updatedAt | string.date-time | Yes | — | Updated at |
| siteId | string | Yes | — | ID of the associated site |
| systemId | string | No | — | ID of the associated system |
| incidentType | enum(access_event, asset_failure, breach_attempt, system_error, health_check_failed, unauthorized_activity, physical_tampering, connectivity_loss, other) | Yes | — | Incident type |
| priority | enum(low, medium, high, critical) | Yes | — | Priority |
| status | enum(new, investigating, assigned, in_progress, resolved, closed, false_alarm) | Yes | — | Status |
| escalationStatus | enum(not_escalated, escalated_to_team, escalated_to_manager, critical_escalation) | Yes | — | Escalation status |
| assignedUserId | string | No | — | ID of the associated assigned user |
| title | string | Yes | — | Title |
| rootCauseSummary | string | No | — | Root cause summary |
| resolutionSummary | string | No | — | Resolution summary |
| linkedTicketId | string | No | — | ID of the associated linked ticket |
| resolvedAt | string.date-time | No | — | Resolved at |
| alertCount | integer | Yes | 0 | Alert count |
| workspaceId | string | Yes | — | ID of the associated workspace |
| visibilityMode | enum(global, workspace_local, shared) | Yes | — | Visibility mode |
Create Schema
Fields accepted when creating a new record:
| Field | Type | Required | Default | Description |
|---|---|---|---|---|
| siteId | string | Yes | — | ID of the associated site |
| systemId | string | No | — | ID of the associated system |
| incidentType | enum(access_event, asset_failure, breach_attempt, system_error, health_check_failed, unauthorized_activity, physical_tampering, connectivity_loss, other) | Yes | — | Incident type |
| priority | enum(low, medium, high, critical) | Yes | "medium" | Priority |
| status | enum(new, investigating, assigned, in_progress, resolved, closed, false_alarm) | Yes | "new" | Status |
| escalationStatus | enum(not_escalated, escalated_to_team, escalated_to_manager, critical_escalation) | Yes | "not_escalated" | Escalation status |
| assignedUserId | string | No | — | ID of the associated assigned user |
| title | string | Yes | — | Title |
| rootCauseSummary | string | No | — | Root cause summary |
| resolutionSummary | string | No | — | Resolution summary |
| linkedTicketId | string | No | — | ID of the associated linked ticket |
| workspaceId | string | No | — | ID of the associated workspace |
| visibilityMode | enum(global, workspace_local, shared) | Yes | "workspace_local" | Visibility mode |
Update Schema
All fields are optional when updating:
| Field | Type | Required | Default | Description |
|---|---|---|---|---|
| siteId | string | No | — | ID of the associated site |
| systemId | string | No | — | ID of the associated system |
| incidentType | enum(access_event, asset_failure, breach_attempt, system_error, health_check_failed, unauthorized_activity, physical_tampering, connectivity_loss, other) | No | — | Incident type |
| priority | enum(low, medium, high, critical) | No | "medium" | Priority |
| status | enum(new, investigating, assigned, in_progress, resolved, closed, false_alarm) | No | "new" | Status |
| escalationStatus | enum(not_escalated, escalated_to_team, escalated_to_manager, critical_escalation) | No | "not_escalated" | Escalation status |
| assignedUserId | string | No | — | ID of the associated assigned user |
| title | string | No | — | Title |
| rootCauseSummary | string | No | — | Root cause summary |
| resolutionSummary | string | No | — | Resolution summary |
| linkedTicketId | string | No | — | ID of the associated linked ticket |