[ threat intelligence ]: Display the number of alerts generated by a specific rule

TheHunter1 · January 8, 2021, 10:27am

Hello,

I would like to display in my canvas, the number of alertes generated the last 24 hours by a specific rule (Costume rule That I have created)

Could you tell me please how can I do that ?

Best regards

TheHunter1 · January 8, 2021, 1:10pm

I found the solution,
For all who wanna display the number of alerts for specific rule, you can use this query:

SELECT COUNT(*) as TotalCount FROM ".siem-signals-default-*"
WHERE "@timestamp" > NOW() - INTERVAL 24 HOURS
AND signal.rule.name = 'NameOfYourRule'

system · February 5, 2021, 1:11pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Create a rule / alert using dashboard formula Kibana	1	94	March 22, 2024
Kibana limit number of alerts Kibana elastic-stack-alerting	5	1299	March 23, 2022
No data showing in SIEM Detection tab SIEM detection-rules	5	705	February 8, 2022
Threshold rule : how to? Elastic Security	3	2206	February 28, 2022
Increasing number of Alerts for Detection Rules Elasticsearch detection-rules	18	502	July 10, 2024