Skip to main content

Get Investigation

Get an investigation by an investigation ID.

External Documentation

To learn more, visit the Agari Phishing Response documentation.

Basic Parameters

ParameterDescription
FieldsComma-delimited list of fields to include in the payload.
Investigation IDThe ID of the investigation. Can be obtained by the List Investigations action.

Advanced Parameters

ParameterDescription
Add FieldsA comma-delimited list of optional fields to add to the default payload. See Agari's Fields Language for more information.
Remove FieldsA comma-delimited list of optional fields to remove to the default payload. See Agari's Fields Language for more information.

Example Output

{
    "assignee": {
        "email": "string",
        "full_name": "string",
        "id": 0
    },
    "classification": "string",
    "created_at": "2024-02-18T07:03:45.469Z",
    "from": "string",
    "from_domain": "string",
    "id": 0,
    "indicators": {
        "domain": {
            "malicious": true,
            "malicious_count": 0,
            "total_count": 0,
            "summary": {
                "additionalProp": "string"
            }
        },
        "ip": {
            "malicious": true,
            "malicious_count": 0,
            "total_count": 0,
            "summary": {
                "additionalProp": "string"
            }
        },
        "uri": {
            "malicious": true,
            "malicious_count": 0,
            "total_count": 0,
            "summary": {
                "additionalProp": "string"
            }
        },
        "attachment": {
            "malicious": true,
            "malicious_count": 0,
            "total_count": 0,
            "summary": {
                "additionalProp": "string"
            }
        },
        "agari_msg_risk": {
            "malicious": true,
            "malicious_count": 0,
            "total_count": 0,
            "summary": {
                "additionalProp": "string"
            }
        }
    },
    "investigation_portal_link": "string",
    "phish_message_ids": {},
    "phish_messages_link": "string",
    "priority": "string",
    "reported_at": "2024-02-18T07:03:45.469Z",
    "reported_by": "string",
    "similar_message_ids": {
        "additionalProp": "string"
    },
    "similar_messages_link": "string",
    "source_type": "string",
    "state": "string",
    "subject": "string",
    "tag_ids": [
        0
    ],
    "updated_at": "2024-02-18T07:03:45.469Z",
    "user_id": 0
}

Workflow Library Example

Get Investigation with Agari Phishing Response and Send Results Via Email

Workflow LibraryPreview this Workflow on desktop