Hey thanks for the reply. The only time related filters I see are start and end time, which I assume is for the case and would yield the same problem I'm having now. Can you help me understand how to use this to fetch recently closed cases?

hey @Chase_Hammons , it depends of how you want to write your job, so you can either adjust start time/end time, or for example do it how we do it in Jira integration, where we are searching based on specific tag:
cases_ids = siemplify.get_cases_by_filter(ticked_ids_free_search=ticket_id, tags=[JIRA_TAG])

Won't that get pretty massive after a few months in production - querying every case tagged with Jira? That seems like a lot of data to pull back.

there are other filters to choose for the function, please check out the refence

I don't see any that would enable filtering to recently closed cases. I can filter to status of closed, but that doesn't get me the recently piece

can you provide example of what you are expecting to use as a filter?

Something that would let me fetch alerts after a certain "last_updated" or "closed_at" timestamp

Or any other way to identify recently closed cases

I think I found an endpoint that does what I described:
https://cloud.google.com/chronicle/docs/soar/reference/siemplify-module#get_cases_ids_by_filter

That includes a close_time_from_unix_time_in_ms parameter

great, glad you have it solved!

Hey Chase, did you manage to solve this? I have a similar post, trying to retrieve closed cases to back sync some other systems we have.

I'm not getting any results using get_cases_ids_by_filter("CLOSE", sort_by="CLOSE_TIME", close_time_from_unix_time_in_ms=1706745600000, close_time_to_unix_time_in_ms=1707091200000, sort_order="DESC)

Neither the close_time nor the update_time filters for get_cases_ids_by_filter are working for me. It's quite a bummer. However, the