SentinelOne - Resolved/unresolved Threats
submitted
S
Steven King
Adjust as needed - working on some reporting KPI metrics and wanted to share. Credit to support for the query!
Current unresolved threats
Threats[? time_since(threatInfo.createdAt,
days
) <30
&& threatInfo.incidentStatus == unresolved
][Threat Name:
threatInfo. threatName, |
Path:
threatInfo.filePath, |
Status:
threatInfo.incidentStatusDescription] | length(@)Unresolved threats over 30d
Threats[? time_since(threatInfo.createdAt,
days
) >30
&& threatInfo.incidentStatus == unresolved
][Threat Name:
threatInfo. threatName, |
Path:
threatInfo.filePath, |
Status:
threatInfo.incidentStatusDescription] | length(@)Resolved threats last 30d
Threats[? time_since(threatInfo.createdAt,
days
) <30
&& threatInfo.incidentStatus == resolved
][Threat Name:
threatInfo. threatName, |
Path:
threatInfo.filePath, |
Status:
threatInfo.incidentStatusDescription] | length(@)