List Investigations
Retrieves a list of investigations.
External Documentation
To learn more, visit the Expel documentation.
Parameters
Parameter | Description |
---|---|
Filter | Filters the results based on the given expression.The syntax of a filter expression filter[<field>]=<operator><value> .For example: filter[created_at]=>2020-01-01T00:00:00Z equals to created_at > 2020-01-01T00:00:00Z .For further information regarding filtering resources, please refer to Expel Documentation. |
Limit | The maximum amount of results to be returned.The limit may be set to 0 . This is useful if your api client needs a count of records without needing to retrieve the actual content of those records. |
Offset | The offset of the pagination. Specifies the starting index of the results to be returned. |
Sort | Sorts the results by a particular attribute. |
Example Output
{
"links": {
"self": " https://workbench.expel.io/api/v2/investigations"
},
"data": [
{
"analyst_severity": "CRITICAL",
"attack_lifecycle": "INITIAL_RECON",
"attack_timing": "HISTORICAL",
"attack_vector": "DRIVE_BY",
"close_comment": "string",
"created_at": "2019-01-15T15:35:00-05:00",
"critical_comment": "string",
"decision": "FALSE_POSITIVE",
"default_plugin_slug": "string",
"deleted_at": "2019-01-15T15:35:00-05:00",
"detection_type": "UNKNOWN",
"has_hunting_status": true,
"initial_attack_vector": "string",
"is_downgrade": true,
"is_incident": true,
"is_incident_status_updated_at": "2019-01-15T15:35:00-05:00",
"is_soc_support_required": true,
"is_surge": true,
"last_published_at": "2019-01-15T15:35:00-05:00",
"last_published_value": "string",
"lead_description": "string",
"malware_family": "string",
"next_steps": "string",
"open_reason": "ACCESS_KEYS",
"open_summary": "string",
"review_requested_at": "2019-01-15T15:35:00-05:00",
"short_link": "string",
"source_reason": "HUNTING",
"status_updated_at": "2019-01-15T15:35:00-05:00",
"threat_type": "TARGETED",
"title": "string",
"updated_at": "2019-01-15T15:35:00-05:00"
}
]
}
Workflow Library Example
List Investigations with Expel and Send Results Via Email
Preview this Workflow on desktop