Is there any way to extract "Framework Mapping" from a specific detection/alert using API in Panther?

Last updated: September 3, 2024

QUESTION

Is there any way to extract "Framework Mapping" from a specific detection/alert using API? I see this information is available in p_rule_reports for an alert.

ANSWER

In order to achieve this you can query the p_rule_reports via the API, running a data lake query similar to running the query in the Data Explorer.

The following steps should be taken:

  • Use the mutation IssueDataLakeQuery to issue the SQL query (as explained in the documentation).

  • Run a second API call, to retrieve the results using the ID in the queryQueryResultobtained from the mutation.

    da7ea9c1-ce75-4a8a-82a1-99668352cdc8.png