QUESTION

How can I count the total number of alerts triggered by policies in Panther?

ANSWER

To get a count of alerts, you can query Panther's ­GraphQL API Metrics endpoint by doing something like this:

Query:

query GetMetrics($input: MetricsInput!) {
  metrics(input: $input) {  
    totalAlerts     
  }   
}

Inputs:

{
  "input": {
    "fromDate": "2024-05-01T00:00:00Z",
    "toDate": "2024-05-31T23:59:59Z"
  }
}

Results:

{
  "data": {
    "metrics": {
      "totalAlerts": 138
    }
  }
}


If you want to apply filters, you will need to use the Alerts endpoint instead (making a request similar to the end-to-end example in the documentation). To filter the results, add the following input variables:

After applying this filter, you can use the len() function to count the results.