+1Hi Community,
I wanted to create a visualization of the meantime to detect. (Alert created timestamps - event timestamps) Do we have any resources that can help me with this? I can get the detection.commit_timestamp, which is when the alert was created, but I’m unable to get the case event timestamps.
I tried using detection.detection_timestamp Time, but it appears to be the time of the detection window.
+10Can you try detection.created_time.seconds? That should be actual detection creation, rather than time window.
+6Unfortunately the relationship between the events and detections is not exposed in BQ. The best you can do in BQ is to compare the detection.time_window.end_time.seconds with the detection.commit_timestamp.seconds.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.