Log into SQLPlus as protect user (or whatever the schema owner may be).
Find the response rule by running the following statement:
set pagesize 100
select responseruleid||':'||name from responserule;
Use this list to identify the response rule of interest.
Run the following script to get a count of incidents associated with these response rules through policy. It will prompt for the responserule id:
select count(*)
from incident i,
policyresponserule pr
where pr.responseruleid=&responseruleid
and pr.policyid=i.policyid;
Run the following script to list the incidentid associated with these response rules through policy. It will prompt for the responserule id:
select i.incidentid
from incident i,
policyresponserule pr
where pr.responseruleid=&responseruleid
and pr.policyid=i.policyid;
These scripts can be "throttled" to show targeted incidents for a specified time range. For example, this script will show only those incidents created during the month of March, 2023:
select i.incidentid
from incident i,
policyresponserule pr
where pr.responseruleid=&responseruleid
and pr.policyid=i.policyid
and creationdate between to_timestamp('01-MAR-2023','DD-MON-YYYY')
and to_timestamp('31-MAR-2023','DD-MON-YYYY');