Is there any way to extract "Framework Mapping" from a specific detection/alert using API in Panther?

Last updated
Save as PDF

QUESTION

Is there any way to extract "Framework Mapping" from a specific detection/alert using API? I see this information is available in p_rule_reports for an alert.

ANSWER

In order to achieve this you can query the p_rule_reports via the API, running a data lake query similar to running the query in the Data Explorer.

The following steps should be taken:

Use the mutation IssueDataLakeQuery to issue the SQL query (as explained in the documentation).
Run a second API call, to retrieve the results using the ID in the query QueryResultobtained from the mutation.