This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Regarding Data Visualization

Posted on 01-29-2025 08:07 PM
bhattarainayan
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Hi Community,

I wanted to create a visualization of the meantime to detect. (Alert created timestamps - event timestamps) Do we have any resources that can help me with this? I can get the detection.commit_timestamp, which is when the alert was created, but Iโ€™m unable to get the case event timestamps.

I tried using detection.detection_timestamp Time, but it appears to be the time of the detection window. 

0 2 188
Topic Labels
0 Likes
2 REPLIES 2

Posted on --/--/---- --:-- AM
cmorris
Staff
Reply posted on --/--/---- --:-- AM

Can you try detection.created_time.seconds? That should be actual detection creation, rather than time window.

0 Likes

Posted on --/--/---- --:-- AM
rajukg
Staff
Reply posted on --/--/---- --:-- AM

Unfortunately the relationship between the events and detections is not exposed in BQ.  The best you can do in BQ is to compare the detection.time_window.end_time.seconds with the detection.commit_timestamp.seconds.  

0 Likes
Top Solution Authors
View all