Security Analytics Alerts API is not returning the same number of alerts (always less) than Dashboards Alerts web interface

Hi,

Like the title suggests, the Alerts API (Dev tools) is not giving to me the same number of alerts than the graphical Alerts list in opensearch dashboards. All alerts are coming from the same detector type, the only one i’m using. I’m using detectorType filter in the API calls. When i use detector_id as the API query parameter instead of detectorType, things seems to be different, since i’m using more than 50 detectors with the same detectorType

I have not check if the sum of the alerts returned by API calls filtered by every detector id is the same as the num of alerts returned by the web interface, but can be a good test

Does someone have heard or have some idea about what could be happening?

I’d appreciate every help or suggestion, thanks!!

Hey @pberrocal ,

What version are you using that you’re seeing this behaviour? Are you seeing similar results across all detectors? Or is it a particular detector?

Leeroy.

Hey @pberrocal ,

I done some further testing on this using v3.4.0 and created 387 alerts triggered, both UI and dev tools reported the same for total alerting.

I would need more information on what you’re trying that is resulting in issue. But from my tests so far I see no issue.

Leeroy.