diff --git a/example_alert.json b/example_alert.json
new file mode 100644
index 000000000..6493d6af4
--- /dev/null
+++ b/example_alert.json
@@ -0,0 +1,10 @@
+{
+  "title": "Phishing Attempt",
+  "description": "Suspicious email with a fake login link detected by the email gateway.",
+  "source": "Email Gateway",
+  "type": "alert",
+  "severity": 2,
+  "tags": ["phishing", "email", "login"],
+  "tlp": 2,
+  "pap": 2
+}