Is there any way to extract "Framework Mapping" from a specific detection/alert using API? I see this information is available in p_rule_reports
for an alert.
In order to achieve this you can query the p_rule_reports
via the API, running a data lake query similar to running the query in the Data Explorer.
The following steps should be taken:
Use the mutation IssueDataLakeQuery
to issue the SQL query (as explained in the documentation).
Run a second API call, to retrieve the results using the ID in the queryQueryResult
obtained from the mutation.