Forum Discussion
Query Alert Status and Assigned User
Looking to query to alerts/incidents that have not been assigned/picked up or to look at the current status (New/In Progress) to detect and alert on stale events. I use the following query to genera...
Thanks GaryBushey I'll take a look, very surprised we cant query this without to jump though a bunch of hoops, I have been able in every other SIEM I have worked with.
ryanksmith I agree, but considering the API is still not G.A. we may be able to see something to make it easier once it does. I would love to be able to have a workbook showing me the stats of my Incidents, but I guess that is more what something like ServiceNow is for.