Skip to main content
Open an investigation of an incident. Its status will change to Active and the remediation process will start.
External DocumentationTo learn more, visit the Palo Alto Cortex Xsoar documentation.

Parameters

ParameterDescription
Incident IDThe ID of the incident to start investigating.
VersionThe version of the investigation to start investigating.

Example Output

{
	"error": null,
	"id": "123456",
	"invPlaybook": null,
	"investigation": {
		"cacheVersn": 0,
		"category": "",
		"closed": "0001-01-01T00:00:00Z",
		"created": "2024-02-21T09:41:41.293Z",
		"creatingUserId": "XSOARPAPIUser_3992",
		"dbotCreatedBy": "user@company.com",
		"details": "",
		"entryUsers": [
			"user@company.com"
		],
		"highPriority": false,
		"id": "157448",
		"isDebug": false,
		"lastOpen": "0001-01-01T00:00:00Z",
		"mirrorAutoClose": null,
		"mirrorTypes": null,
		"modified": "0001-01-01T00:00:00Z",
		"name": "b",
		"rawCategory": "",
		"reason": null,
		"runStatus": "",
		"sizeInBytes": 0,
		"slackMirrorAutoClose": false,
		"slackMirrorType": "",
		"status": 0,
		"systems": null,
		"tags": null,
		"type": 0,
		"users": [
			"user@company.com",
			""
		],
		"version": 2
	},
	"version": 1
}

Workflow Library Example

Investigate Incident with Palo Alto Cortex Xsoar and Send Results Via Email
Workflow LibraryPreview this Workflow on desktop