Skip to main content

Hi,

I have been looking into how to get an overview over actions taken by an Security Analyst whilst using the Incidents view on Logpoint.

Therefore i have created this Search Query to get an overview over Incdents and Actions.
Repository to be searched on is _LogPoint


incident_id = * | chart count() by incident_id, log_ts, alert_id, status, action, user, alert_name, comment order by incident_id, log_ts asc


 

Hope this could be useful.

Best Regards,
Gustav

Be the first to reply!

Reply