Skip to Main Content
Liongard Library

Welcome to Liongard Library, where Lions share! This is a community-led space where Liongard users can come to teach and learn from one another.
Share custom Metrics, get inspired and see what’s trending in the Pride.

Pride Etiquette:
➕ Have great custom Metrics? Add them as entries!
🌟 Want to use a Metric? Copy the query and
follow this doc.
👍 Tried a Metric from the Library? Like it!
📣 Have a question or feedback on a Metric? Add a comment!
🔎 Not sure where to start? Learn about Metrics and how to write them.
💬 Need help writing a metric or want to help support others? Join the conversation in our Liongard Lounge #metrics slack channel.


🥴 See something off? Open a support chat to let us know.

Categories SentinelOne
Created by Steve King
Created on May 13, 2024

SentinelOne - Resolved/unresolved Threats

Adjust as needed - working on some reporting KPI metrics and wanted to share. Credit to support for the query!

Query

Current unresolved threats

Threats[? time_since(threatInfo.createdAt, `days`) <`30` && threatInfo.incidentStatus == `unresolved`][`Threat Name:`threatInfo. threatName, `|``Path: `threatInfo.filePath, `|` `Status:` threatInfo.incidentStatusDescription] | length(@)


Unresolved threats over 30d

Threats[? time_since(threatInfo.createdAt, `days`) >`30` && threatInfo.incidentStatus == `unresolved`][`Threat Name:`threatInfo. threatName, `|``Path: `threatInfo.filePath, `|` `Status:` threatInfo.incidentStatusDescription] | length(@)


Resolved threats last 30d

Threats[? time_since(threatInfo.createdAt, `days`) <`30` && threatInfo.incidentStatus == `resolved`][`Threat Name:`threatInfo. threatName, `|``Path: `threatInfo.filePath, `|` `Status:` threatInfo.incidentStatusDescription] | length(@)


  • Attach files