Hi Community,
I wanted to create a visualization of the meantime to detect. (Alert created timestamps - event timestamps) Do we have any resources that can help me with this? I can get the detection.commit_timestamp, which is when the alert was created, but I’m unable to get the case event timestamps.
I tried using detection.detection_timestamp Time, but it appears to be the time of the detection window.
Can you try detection.created_time.seconds? That should be actual detection creation, rather than time window.
Unfortunately the relationship between the events and detections is not exposed in BQ. The best you can do in BQ is to compare the detection.time_window.end_time.seconds with the detection.commit_timestamp.seconds.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.