How do I query the alerts that matched a rule in Panther? For example, I want to query the alerts from the Okta API Key Created rule.
Locate the rule's ID, then set that as the value for detectionId
in your query, as shown below.
query ListAlertsByRule {
alerts(input:{
pageSize: 50,
detectionId: "Okta.APIKeyCreated"
}) {
edges {
node {
id
title
createdAt
severity
status
runbook
reference
}
}
pageInfo {
hasNextPage
endCursor
}
}
}