The use case was more to run a UDM search via SOAR i believe to lookup whether a particular alert had triggered recently. This would be part of a playbook. I didn't think it would be possible but wanted to ask just incase.

You can use the UDM search to get a listing of alerts that meet the criteria in UDM search. This is the third sub-tab, this should also align to the events in the middle tab that have an alert flag on them. Basically this view is used to search for alerts from the rules engine where you want to get more granular in the fields rather than just the rule name, priority, etc. 

Regarding the follow on comment about the SOAR piece, I think the UDM action in the integration would just return the events but i have not recently looked at that. There is also a find associated alerts action that could be of interest depending on the use case. If there are additional integrations that you feel are needed, opening a ticket/request is always a good way to raise those issues.

Thanks John, very useful feedback.

In hindsight, does the "find associated alerts action" in SOAR allow for a search to be completed via the playbook which can lookup other alerts by name that may have also triggered within the last hour for example?

Thanks

On the face of it, it appears that it is tied to similar rule https://cloud.google.com/chronicle/docs/soar/marketplace-integrations/google-chronicle#lookup_simila... I have not dug deeply into this, but based on what you are asking feels like there may be some things you could do here with this.

@Cyber_Chief1999 , have a look at "Google Chronicle - Chronicle Alerts Connector" , I think it meets your requirements.  (https://cloud.google.com/chronicle/docs/soar/marketplace-integrations/google-chronicle#chronicle-ale...

in SOAR, you can add it from Settings--> Ingestions --> connectors and then click to add it

Thank you for the links. I have passed this to a colleague to review.

Kind regards