Ability to Use Lucene Techniques Query in Incident Management


In this article, the use of Lucene techniques in the incident management section will be explained.


Lucene Techniques in Incident Management

All Lucene techniques can be used in the incident management section, just like in the search section. A detailed example regarding this is given below:

For the incident owner "mahmut" user, the incident status is closed, the occurrence count is not 1 for the same incident, the risk score is between 0 and 30, the reason for closing the incident is not "Other" or "False Positive", an action or investigation has been taken for the incident, the incident category name is "Malware", the phrase "Threat Intelligence" must be present in the incident information, and the time interval must be between April 4 and April 14, 2023. An example query is shown below:



Query: !Incident.Count:1 !Close.Reason:(Other OR "False Positive") !Risk.Score:[0 TO 30] exists:Cards Category.Name:Malware Incident.Info:"Threat Intelligence" Time.Generated:["2023-04-01 00:00:00" TO "2023-04-14 23:59:59"]

Incident.Owner: Incident owner username

Incident.Status: Incident status

Incident Count: Incident occurrence count

Close.Reason: Reason for closing the incident

Risk.Score: Risk score given for the incident

"_exists_:Cards": Any action or investigation card created for the incident

Category.Name: Incident category name

Incident.Info: General incident information

Time.Generated:[X TO Y]: Time interval in which the incident should occur.

Was this article helpful?
0 out of 0 found this helpful

Articles in this section

Become a Certified Logsign User/Administrator
Sign-up for Logsign Academy and take the courses to learn about Logsign USO Platform in detail. Enjoy the courses, and get your badges and certificates. In these courses, you'll learn how to use Logsign in your work and add value to your career.
Visit Our Blog
Our Logsign USO Platform illustrate our expertise. So do the blog. Through our blog posts, deepen your knowledge on various SecOps topics or get updated about important news & modern approaches for cybersecurity. Get into the habit of reading valuable information provided by Logsign. Be a step ahead.