Hi,
Could anyone help me to fetch alert detections (custom as well as curated) of a specific entity from case using UDM Search Query and REST API?
So that I can display it on the case overview.
Question
Fetch Alerts By Entity (via UDM and REST API)
+13The Search API now supports querying the Detection dataset, so I do not believe you need to build anything custom here, you can work with a query and the Execute UDM Query action. You’ll likely want to tweak the query (fields returned as well as placeholder for the host or some other entity), but as an example:
Results:
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.