Retrieve investigation metadata by ID.
External DocumentationTo learn more, visit the Proofpoint Threat Response Auto Pull documentation.

Parameters

ParameterDescription
Expand EventsRetrieve investigations with events data expanded.
Expand IncidentsRetrieve investigations with incidents data expanded.
Investigation IDThe ID of the investigation to retrieve.

Example Output

{
	"id": 1,
	"created_at": "2021-01-08T17:20:07Z",
	"updated_at": "2021-03-11T05:49:15Z",
	"name": "test",
	"assignee": "System Administrator",
	"team": "Script Admins",
	"description": "asdadad",
	"investigation_field_values": [
		{
			"name": "Classification",
			"value": "Malware"
		},
		{
			"name": "Severity",
			"value": "Informational"
		},
		{
			"name": "Attack Vector",
			"value": "Email"
		},
		{
			"name": "IS-Unknown",
			"value": "False"
		}
	],
	"incident_ids": [
		132,
		124
	],
	"incidents": []
}

Workflow Library Example

Get Investigation Details with Proofpoint Threat Response Auto Pull and Send Results Via Email
Workflow LibraryPreview this Workflow on desktop