Skip to main content
Retrieves a list of investigations.
External DocumentationTo learn more, visit the Expel documentation.

Parameters

ParameterDescription
FilterFilters the results based on the given expression.

The syntax of a filter expression filter[<field>]=<operator><value>.

For example: filter[created_at]=>2020-01-01T00:00:00Z equals to created_at > 2020-01-01T00:00:00Z.

For further information regarding filtering resources, please refer to Expel Documentation.
LimitThe maximum amount of results to be returned.

The limit may be set to 0. This is useful if your api client needs a count of records without needing to retrieve the actual content of those records.
OffsetThe offset of the pagination. Specifies the starting index of the results to be returned.
SortSorts the results by a particular attribute.

Example Output

{
	"links": {
		"self": " https://workbench.expel.io/api/v2/investigations"
	},
	"data": [
		{
			"analyst_severity": "CRITICAL",
			"attack_lifecycle": "INITIAL_RECON",
			"attack_timing": "HISTORICAL",
			"attack_vector": "DRIVE_BY",
			"close_comment": "string",
			"created_at": "2019-01-15T15:35:00-05:00",
			"critical_comment": "string",
			"decision": "FALSE_POSITIVE",
			"default_plugin_slug": "string",
			"deleted_at": "2019-01-15T15:35:00-05:00",
			"detection_type": "UNKNOWN",
			"has_hunting_status": true,
			"initial_attack_vector": "string",
			"is_downgrade": true,
			"is_incident": true,
			"is_incident_status_updated_at": "2019-01-15T15:35:00-05:00",
			"is_soc_support_required": true,
			"is_surge": true,
			"last_published_at": "2019-01-15T15:35:00-05:00",
			"last_published_value": "string",
			"lead_description": "string",
			"malware_family": "string",
			"next_steps": "string",
			"open_reason": "ACCESS_KEYS",
			"open_summary": "string",
			"review_requested_at": "2019-01-15T15:35:00-05:00",
			"short_link": "string",
			"source_reason": "HUNTING",
			"status_updated_at": "2019-01-15T15:35:00-05:00",
			"threat_type": "TARGETED",
			"title": "string",
			"updated_at": "2019-01-15T15:35:00-05:00"
		}
	]
}

Workflow Library Example

List Investigations with Expel and Send Results Via Email
Workflow LibraryPreview this Workflow on desktop