Skip to main content
Panther Knowledge Base

How do I query the alerts that matched a Panther rule in the API?

  1. Last updated
  2. Save as PDF

QUESTION

 How do I query the alerts that matched a rule in Panther? For example, I want to query the alerts from the Okta API Key Created rule.

Screen Shot 2022-08-09 at 5.53.49 PM.png

ANSWER

  Locate the rule's ID, then set that as the value for detectionId in your query, as shown below.

query ListAlertsByRule {
  alerts(input:{
		pageSize: 50,
    detectionId: "Okta.APIKeyCreated"
  }) {
    edges {
      node {
        id
        title
        createdAt
        severity
		status
		runbook
		reference
      }
    }
    pageInfo {
      hasNextPage
      endCursor
    }
  }
}

 

  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Page type
    Topic
  2. Tags
    This page has no tags.