04-10-2024 10:04 AM
Hey guys,
I'm trying to create a health monitoring playbook in XSOAR for my Data ingestion log source in Cortex XDR using the XDR API. Running XDR query using the API works well however what I need is an XQL Query that returns the following information on all log sources :
Vendor, Last Seen date and if possible last day ingested (MB), current day ingested (MB) just like the data ingestion dashboard.
Any Idea how this can be done? using the dataset = xdr_data doesn't seem to be what I need. Is there a dataset that queries only data ingestion log source?
Thank you!
04-16-2024 09:01 AM
Hi Jeankervens,
Please take a look at the LIVEcommunity - Cortex XDR Customer Success Webinar: Monitoring with XQL - LIVEcommunity - 567803 (p... which provides some Data Ingestion XQL queries that you may find useful.
Thank you
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
