Incident Reporting Overview with Search Query

  • 26 September 2022
  • 0 replies
  • 66 views

Userlevel 3
Badge +3

Hi,

I have been looking into how to get an overview over actions taken by an Security Analyst whilst using the Incidents view on Logpoint.

Therefore i have created this Search Query to get an overview over Incdents and Actions.
Repository to be searched on is _LogPoint


incident_id = * | chart count() by incident_id, log_ts, alert_id, status, action, user, alert_name, comment order by incident_id, log_ts asc


 

Hope this could be useful.

Best Regards,
Gustav


0 replies

Be the first to reply!

Reply