Hi all -
I've recently researched querying the SDK via NwConsole, and worked through a number of issues to produce a report of current Alerts. (Integrating these Alerts into our SIEM).
The problem now is that somehow I am only receiving a percentage of the total alerts.
If I load Investigator, I usually have about 40-50 meta keys populated with values in Alerts per 24 hours, but
my NwConsole SDK query only returns about 20 of the keys.
In NwConsole I login, then open, then the query:
send /sdk query size=0 query="select * where alert exists && time='.....'" output-format=json