Skip to main content

List Investigations

Retrieves a list of investigations.

External Documentation

To learn more, visit the Expel documentation.

Parameters

ParameterDescription
FilterFilters the results based on the given expression.

The syntax of a filter expression filter[<field>]=<operator><value>.

For example: filter[created_at]=>2020-01-01T00:00:00Z equals to created_at > 2020-01-01T00:00:00Z.

For further information regarding filtering resources, please refer to Expel Documentation.
LimitThe maximum amount of results to be returned.

The limit may be set to 0. This is useful if your api client needs a count of records without needing to retrieve the actual content of those records.
OffsetThe offset of the pagination. Specifies the starting index of the results to be returned.
SortSorts the results by a particular attribute.

Example Output

{
    "links": {
        "self": " https://workbench.expel.io/api/v2/investigations"
    },
    "data": [
        {
            "analyst_severity": "CRITICAL",
            "attack_lifecycle": "INITIAL_RECON",
            "attack_timing": "HISTORICAL",
            "attack_vector": "DRIVE_BY",
            "close_comment": "string",
            "created_at": "2019-01-15T15:35:00-05:00",
            "critical_comment": "string",
            "decision": "FALSE_POSITIVE",
            "default_plugin_slug": "string",
            "deleted_at": "2019-01-15T15:35:00-05:00",
            "detection_type": "UNKNOWN",
            "has_hunting_status": true,
            "initial_attack_vector": "string",
            "is_downgrade": true,
            "is_incident": true,
            "is_incident_status_updated_at": "2019-01-15T15:35:00-05:00",
            "is_soc_support_required": true,
            "is_surge": true,
            "last_published_at": "2019-01-15T15:35:00-05:00",
            "last_published_value": "string",
            "lead_description": "string",
            "malware_family": "string",
            "next_steps": "string",
            "open_reason": "ACCESS_KEYS",
            "open_summary": "string",
            "review_requested_at": "2019-01-15T15:35:00-05:00",
            "short_link": "string",
            "source_reason": "HUNTING",
            "status_updated_at": "2019-01-15T15:35:00-05:00",
            "threat_type": "TARGETED",
            "title": "string",
            "updated_at": "2019-01-15T15:35:00-05:00"
        }
    ]
}

Workflow Library Example

List Investigations with Expel and Send Results Via Email

Workflow LibraryPreview this Workflow on desktop