Is there an API endpoint where I can get detections / alerts from rules that aren't closed by administrators? Basically this quick filter, but for the API. I can't seem to find the closed field in the api results for any of the seemingly obvious endpoints - detections, alerts, etc.
View files in slack
An API endpoint where I can get detections or alerts from rules
+5Sorry, I can't really help you with that. But this screenshot doesn't look like Siemplify/Chronicle SOAR. What is it?
+13
This comment was originally sent by Tom Fridman
Hi
@Michael_Schepp
, we are trying to think what will be best in that situation, thank you for suggesting that.
@joshgmi
I'm looking for an answer for you
+5@Tomtomfridman : Maybe it makes sense to create separate channels for Chronicle & Chronicle SOAR?
+1@joshgmi if you ever make any headway on this I would be very interested to find out what you can of this. We are currently trying something similar to pull open alerts out of chronicle for our current incident tracking system until we can get Siemplify up and running
+13
This comment was originally sent by Tom Fridman
Hi
@joshgmi
and
@Nathan_Morrow
It is not available at that moment but it is planned for the future I just do not have a date for it at the moment.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.