Hi
We are using api’s to generate weekly and monthly reports for the IDR Investigations.
I see that using /idr/v1/investigations, v1 version gives the ‘alert.type’ and /idr/v2/investigations ,the v2 version gives the alert ‘priority’.
These are the output for each of the calls:
v1 output
{
"id": "",
"rrn": "",
"title": "",
"status": "",
"source": "ALERT",
"disposition": "BENIGN",
"assignee": {
"name": "",
"email": ""
},
"alerts": [
{
"type": "Custom Alert - Pattern Detection",
"type_description": "One or more logs matched the pattern you defined.",
"first_event_time": "2023-01-01T05:56:49.034Z"
}
],
"created_time": "2023-01-01T06:02:28.523Z"
},
v2 output
{
"rrn": "",
"organization_id": "",
"title": "",
"source": "ALERT",
"status": "CLOSED",
"priority": "LOW",
"last_accessed": "2023-01-01T06:02:28.523Z",
"created_time": "2023-01-01T06:02:28.523Z",
"disposition": "BENIGN",
"assignee": {
"name": "",
"email": ""
},
"first_alert_time": "2023-01-01T06:02:28.523Z",
"latest_alert_time": "2023-01-01T06:02:28.523Z"
}
Is there a way to get both ‘priority’ and ‘alerts.type’ from a single call?