https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/xql-query-to-view-the-quot-incident-name-quot/m-p/534815#M3856 <P>I think this Top 10 Incidents provides list of last 24 hrs incidents only , can you help me how to get data for last 30 days.</P> Fri, 17 Mar 2023 07:48:27 GMT ShahrukhReza 2023-03-17T07:48:27Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/xql-query-to-view-the-quot-incident-name-quot/m-p/518080#M3029 <P>Hi People,&nbsp;</P> <P>&nbsp;</P> <P>I was wondering if anyone could assist me with XQL Query to display the Incident name. Please refer to the attached photo to get an idea of what I am trying to achieve. I have used the xdr_data dataset, however i cannot find the relevant field. Appreciate anyone's support.&nbsp;</P><BR /><BR />Please note you are posting a public message where community members and experts can provide assistance. Sharing private information such as serial numbers or company information is not recommended. Mon, 17 Oct 2022 08:15:45 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/xql-query-to-view-the-quot-incident-name-quot/m-p/518080#M3029 JBahardeen 2022-10-17T08:15:45Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/xql-query-to-view-the-quot-incident-name-quot/m-p/518084#M3030 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/247903">@JBahardeen</a>&nbsp;,</P> <P>&nbsp;</P> <P>Cortex XDR XQL shows raw data only. Incidents and alerts are events created by processing and stitching raw logs which we see in XQL and hence they are not exposed as of now with the capability to run queries on incidents and alerts.</P> <P>&nbsp;</P> <P>As a result, this is not possible,</P> <P>&nbsp;</P> <P>Regards.</P> Mon, 17 Oct 2022 10:41:15 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/xql-query-to-view-the-quot-incident-name-quot/m-p/518084#M3030 neelrohit 2022-10-17T10:41:15Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/xql-query-to-view-the-quot-incident-name-quot/m-p/518268#M3035 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/142551">@neelrohit</a>&nbsp;,&nbsp;<BR />Thank you for the prompt response and clarification. So just to confirm, it is impossible to achieve what is shown in the image and only through a feature request we could display the Incident "Description" ? and also The widget is created by PAN Internally ?<span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Screenshot 2022-10-17 181229.png" style="width: 999px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/44719i669F6D892770AD46/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="Screenshot 2022-10-17 181229.png" alt="Screenshot 2022-10-17 181229.png" /></span></P> Tue, 18 Oct 2022 22:51:20 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/xql-query-to-view-the-quot-incident-name-quot/m-p/518268#M3035 JBahardeen 2022-10-18T22:51:20Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/xql-query-to-view-the-quot-incident-name-quot/m-p/518302#M3036 <P>That's right. The incidents/alerts dataset is not exposed over XQL.</P> Wed, 19 Oct 2022 05:43:59 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/xql-query-to-view-the-quot-incident-name-quot/m-p/518302#M3036 bbarmanroy 2022-10-19T05:43:59Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/xql-query-to-view-the-quot-incident-name-quot/m-p/518303#M3037 <P>Thanks for the clarification everyone !</P> <P>I will&nbsp;<SPAN>reach out to your Customer Success Teams or TAC team to raise a feature request.&nbsp;</SPAN></P> Wed, 19 Oct 2022 05:48:02 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/xql-query-to-view-the-quot-incident-name-quot/m-p/518303#M3037 JBahardeen 2022-10-19T05:48:02Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/xql-query-to-view-the-quot-incident-name-quot/m-p/534815#M3856 <P>I think this Top 10 Incidents provides list of last 24 hrs incidents only , can you help me how to get data for last 30 days.</P> Fri, 17 Mar 2023 07:48:27 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/xql-query-to-view-the-quot-incident-name-quot/m-p/534815#M3856 ShahrukhReza 2023-03-17T07:48:27Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/xql-query-to-view-the-quot-incident-name-quot/m-p/555651#M5052 <P>Hello,</P> <P>I have the same question.&nbsp; I understand that it is not possible to create custom dashboard and reports based on incidents and alerts. For large company with multiple entities it is a must for me.&nbsp;</P> Tue, 29 Aug 2023 09:13:02 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/xql-query-to-view-the-quot-incident-name-quot/m-p/555651#M5052 Binetou_Lo 2023-08-29T09:13:02Z