02-01-2023 06:53 AM
For XSIAM product, you will have more options using the XQL query to customize results related to incidents, for example , you have the below datasets natively in XQL search for XSIAM:
1- dataset = incidents
2- dataset = incidents_artifacts
3- dataset = incidents_assets
This will be providing you information about incidents that you can customize to get your required result, for example , in the use case you have provided, in the "dataset = incidents" schema, you will find the resolve comment , where you can find the True positive incidents as well as the severity that we can use to generate a count and identify a time period afterward to generated the widget for the reports and dashboard, screen shot form XSIAM seen below for that dataset
