Today we received lots of credential harvesting alerts, can we get one CSV report of all those alerts so we can dedup the accounts and get the count of actual accounts? I tried but there is no option to report when selected credential harvesting only. Please help asap.
Thank you
Pema, ABA IT Security
Hi,
its currently not possible to extract an investigation to CSV. We only have the option to output investigations in JSON format via the Investigation API
You can search Investigations using this API
David
Hi @plhanang ,
Maybe you can figure it out to make a report querying the harvesting investigations IP´s in order to get that counts, you could export the CSV.
Best Regards.
2 Likes
Hi, can any one help how to reduce this alerts because we are receiving more number of alerts on this harvesting
Thats a legacy rule, maybe if they come frome known IP you can allow that IP modifying and closing the investigation.