Hello,
This might be a very simple request (forgive me) - but how do you SIEM search for a single user to see every alert that user has triggered in the past 7-days. I know you can see the results in the “alerts” tab next to the SIEM results. But I don’t know what the UDM search would be specifically for alerts.
I’d like to include this UDM search into a playbook which checks how many alerts have returned, and based on the number makes a conditional jump.
Thanks,