Abstract
You can run queries on incident and alert data with the incidents
and alerts
datasets.
Notice
XQL queries are available in Cortex XDR Pro only.
You can query incident and alert data in the incidents
and alerts
datasets.
When using the alerts dataset, keep in mind the following:
Info alerts are not included in the this dataset.
Alert fields are limited to certain fields available in the API. For the full list, see Get Alerts Multi-Events v2 API.