Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.blinkops.com/llms.txt

Use this file to discover all available pages before exploring further.

Retrieves a list of investigations.
External DocumentationTo learn more, visit the Expel documentation.

Parameters

ParameterDescription
FilterFilters the results based on the given expression.

The syntax of a filter expression filter[<field>]=<operator><value>.

For example: filter[created_at]=>2020-01-01T00:00:00Z equals to created_at > 2020-01-01T00:00:00Z.

For further information regarding filtering resources, please refer to Expel Documentation.
LimitThe maximum amount of results to be returned.

The limit may be set to 0. This is useful if your api client needs a count of records without needing to retrieve the actual content of those records.
OffsetThe offset of the pagination. Specifies the starting index of the results to be returned.
SortSorts the results by a particular attribute.

Example Output

{
	"links": {
		"self": " https://workbench.expel.io/api/v2/investigations"
	},
	"data": [
		{
			"analyst_severity": "CRITICAL",
			"attack_lifecycle": "INITIAL_RECON",
			"attack_timing": "HISTORICAL",
			"attack_vector": "DRIVE_BY",
			"close_comment": "string",
			"created_at": "2019-01-15T15:35:00-05:00",
			"critical_comment": "string",
			"decision": "FALSE_POSITIVE",
			"default_plugin_slug": "string",
			"deleted_at": "2019-01-15T15:35:00-05:00",
			"detection_type": "UNKNOWN",
			"has_hunting_status": true,
			"initial_attack_vector": "string",
			"is_downgrade": true,
			"is_incident": true,
			"is_incident_status_updated_at": "2019-01-15T15:35:00-05:00",
			"is_soc_support_required": true,
			"is_surge": true,
			"last_published_at": "2019-01-15T15:35:00-05:00",
			"last_published_value": "string",
			"lead_description": "string",
			"malware_family": "string",
			"next_steps": "string",
			"open_reason": "ACCESS_KEYS",
			"open_summary": "string",
			"review_requested_at": "2019-01-15T15:35:00-05:00",
			"short_link": "string",
			"source_reason": "HUNTING",
			"status_updated_at": "2019-01-15T15:35:00-05:00",
			"threat_type": "TARGETED",
			"title": "string",
			"updated_at": "2019-01-15T15:35:00-05:00"
		}
	]
}

Workflow Library Example

List Investigations with Expel and Send Results Via Email
Workflow LibraryPreview this Workflow on desktop