Hi All,
Building a native dashboard to quickly assess entity context and associated detections activity across the environment.
Would like to write a query retrieve enriched data of a particular entity (say Domain name, IP) such as first_seen_time, etc. and map all related security detections for that specified domain.
Thanks in advance