https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xql-incident-query/m-p/472952#M1676 <P>Hello PAN community !!</P><P>I'm new in this platform and I am a little lost here. I'm trying to create a query to list all endpoints of a specific endpoint group with all its incidents (malware,etc).</P><P>To get the endpointgroup and its endpoints I'm using</P><P>dataset = endpoints | fields group_names , endpoint_name</P><P>But I have not idea where to find the alert category of an incident and the incident details for cases like malware of other kind of incident.</P><P>&nbsp;</P><P>All support is always welcome</P> Mon, 14 Mar 2022 19:25:57 GMT rcamposb 2022-03-14T19:25:57Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xql-incident-query/m-p/472952#M1676 <P>Hello PAN community !!</P><P>I'm new in this platform and I am a little lost here. I'm trying to create a query to list all endpoints of a specific endpoint group with all its incidents (malware,etc).</P><P>To get the endpointgroup and its endpoints I'm using</P><P>dataset = endpoints | fields group_names , endpoint_name</P><P>But I have not idea where to find the alert category of an incident and the incident details for cases like malware of other kind of incident.</P><P>&nbsp;</P><P>All support is always welcome</P> Mon, 14 Mar 2022 19:25:57 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xql-incident-query/m-p/472952#M1676 rcamposb 2022-03-14T19:25:57Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xql-incident-query/m-p/472958#M1677 <P>Hi Rcamposb,</P><P>&nbsp;</P><P>Currently XDR data sets with Incident or Alert data are not available through XQL. You may consider reaching out to your account team to inquire about any future plans to support this capability.&nbsp;</P><P>&nbsp;</P><P>Best Regards,</P><P>Ben</P> Mon, 14 Mar 2022 19:34:12 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xql-incident-query/m-p/472958#M1677 bbucao 2022-03-14T19:34:12Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xql-incident-query/m-p/520309#M3098 <P>Hey Ben,&nbsp;</P> <P>&nbsp;</P> <P>Thanks for this clarification. Do you know if there is a place to make a feature request, as we are also missing option in our team?<BR /><BR />Best/Elisabeth</P> Fri, 04 Nov 2022 12:12:50 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xql-incident-query/m-p/520309#M3098 ElisabethNordentoft 2022-11-04T12:12:50Z