AnsweredAssumed Answered

NwConsole sdk query

Question asked by Don Radick on Aug 24, 2017
Latest reply on Sep 19, 2017 by Don Radick

Hi all - 

I've recently researched querying the SDK via NwConsole, and worked through a number of issues to produce a report of current Alerts. (Integrating these Alerts into our SIEM).

The problem now is that somehow I am only receiving a percentage of the total alerts.

If I load Investigator, I usually have about 40-50 meta keys populated with values in Alerts per 24 hours, but 

my NwConsole SDK query only returns about 20 of the keys.

In NwConsole I login, then open, then the query:

send /sdk query size=0 query="select * where alert exists && time='.....'" output-format=json

 

Any ideas?

 

Don

Outcomes