- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
11-09-2021 07:13 AM
I'm looking to create a link which takes me directly to the list of low, medium, or high alerts, purely based on what is in the query string in the URL. For example, adding
/incidents?severity=SEV_040_HIGH&mode=all
to the end of my base XDR url works and takes me to the page will all high severity incidents.
Similarly, replacing this with
/alerts?source=ANALYTICS_BIOC
will take me to the page with all Analytics BIOC alerts.
However, I can't seem to add severity, or any other fields to this. For example, I wanted the link to take me to all low severity alerts, so I tried the following:
/alerts?severity=SEV_020_LOW
which does not work.
Is there any documentation on the accepted field names within query strings? I can't seem to find this anywhere.
11-09-2021 08:40 AM - edited 11-09-2021 08:41 AM
An alternative is to use the saved filter (persistent) on the alerts page. Although, this will require one more step
1. https://YOURTENANT.xdr.us.paloaltonetworks.com/alerts
2. Top right - 3 dots > filters > pick the saved filter (example: severity=low)
Note: before you can use a save filter, you need to create one first and save it for later use.
11-09-2021 08:49 AM
Hi I already have various saved filters set up already. I was trying to streamline my workflow just to make things a bit easier. Also if I load the alerts page as normal and add filters, and then leave the tab open for a while when it refreshes it removes the filter which is a pain, so that's why I would like to just have consistent URLs I can use. Thanks for your help though 🙂
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!