+15Hi team,
In Chronicle SOAR case queries, I want to retrieve the Event Type value shown in the Events tab (for example RESOURCE_CREATION).
In the UI this appears under the TYPE column for the event. What is the correct field to reference in a case query to fetch this value?
Thanks!
+11In native dashboards, try case.alerts.metadata.collection_elements.references.event.metadata.event_type
Ex.
case.alerts.metadata.collection_elements.references.event.metadata.event_type = $event_type
$event_type = "RESOURCE_CREATION"
match:
$event_type, case.alerts.metadata.case_name
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.