Hello everyone,

I am working on an advanced report to build an incident response matrix. So far, I've been able to gather the MTTR, alert creation time in SOAR, and case closure time. However, I'm facing an issue where I cannot retrieve the `event_metadata_eventTimestamp`cc in the advanced reports.

As a result, I am unable to calculate MTTD (Mean Time to Detection), which is the time difference between when an alert was first detected in SIEM and when the alert was created in SOAR.

The advanced report is very detailed, and I can see custom fields, system action results, alert entities, case assignment activities, playbooksand actions. Despite reviewing all of these, I have not been able to locate the event timestamp.

Has anyone encountered this issue before? Any insights or solutions or workaround would be greatly appreciated.

Thank you.