Alerts API does not support wildcard for aggregate_id

[vkhos01]

Goal - I am trying to pull all detections based on an aggregate_id with just the first part (for example - aggind:8aa641d9207b4df3a7afd454492d3205:*). This FQL works fine in UI, but looks like that the API only supports exact matches for aggregate_id and no wild cards or partial matches.

Code -

from falconpy import Alerts

cs_alerts = Alerts(client_id=cs_client_id, client_secret=cs_client_secret)
agg_id = 'aggind:8aa641d9207b4df3a7afd454492d3205:12886535593'
partial_agg_id = 'aggind:8aa641d9207b4df3a7afd454492d3205'
wildcard_agg_id = 'aggind:8aa641d9207b4df3a7afd454492d3205:*'

# This works fine and returns 2 results in the body
response = cs_alerts.GetQueriesAlertsV2(
                filter=f"aggregate_id:{agg_id}",
                limit=100,
                offset=0
            )

# Status code 200, but empty body
response = cs_alerts.GetQueriesAlertsV2(
                filter=f"aggregate_id:{partial_agg_id}",
                limit=100,
                offset=0
            )

# Status code 200, but empty body
response = cs_alerts.GetQueriesAlertsV2(
                filter=f"aggregate_id:{wildcard_agg_id}",
                limit=100,
                offset=0
            )

The UI returns 4 results for partial and wildcard aggregate_id. By using exact match, we are missing some detections while using automation.

Falconpy version - 1.5.4
Python version - 3.10

OS - Mac, Linux

Is this a feature or a bug?