How can I count the total number of alerts triggered by policies in Panther?
To get a count of alerts, you can query Panther's GraphQL API Metrics endpoint by doing something like this:
Query:
query GetMetrics($input: MetricsInput!) {
metrics(input: $input) {
totalAlerts
}
}
Inputs:
{
"input": {
"fromDate": "2024-05-01T00:00:00Z",
"toDate": "2024-05-31T23:59:59Z"
}
}
Results:
{
"data": {
"metrics": {
"totalAlerts": 138
}
}
}
If you want to apply filters, you will need to use the Alerts endpoint instead (making a request similar to the end-to-end example in the documentation). To filter the results, add the following input variables:
type: "ALERT"
subtypes: ["POLICY"]
After applying this filter, you can use the len()
function to count the results.