-
|
Hi, I am working on unifying multiple Crowdstrike siems to get all the alerts in a unified dashboard, I'll use FalconPy SDK. As a beginner, I couldn't understand what operation from the documentation I should use in my piece of code to retrieve alert information in real-time to get them on my dashboard anyone can help by a tutorial so I make sure I am using the SDK correctly? I'm wondering, if I should use the Alerts service collection or Falcon Complete dashboard, I don't wanna get IDs or Aggregates I want real-time alert info. Thank you in advance! |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
Hi @abbesemna - Start with the Alerts service collection and the GetQueriesAlertsV2 operation. Then pass the returned Let us know if you have any questions! |
Beta Was this translation helpful? Give feedback.
Hi @abbesemna -
Start with the Alerts service collection and the GetQueriesAlertsV2 operation. Then pass the returned
composite_idsto the PostEntitiesAlertsV2 operation to retrieve the alert detail.Let us know if you have any questions!