Get Investigation Details - Blink Documentation

Retrieve investigation metadata by ID.

External DocumentationTo learn more, visit the Proofpoint Threat Response Auto Pull documentation.

Parameters

Parameter	Description
Expand Events	Retrieve investigations with events data expanded.
Expand Incidents	Retrieve investigations with incidents data expanded.
Investigation ID	The ID of the investigation to retrieve.

Example Output

{
	"id": 1,
	"created_at": "2021-01-08T17:20:07Z",
	"updated_at": "2021-03-11T05:49:15Z",
	"name": "test",
	"assignee": "System Administrator",
	"team": "Script Admins",
	"description": "asdadad",
	"investigation_field_values": [
		{
			"name": "Classification",
			"value": "Malware"
		},
		{
			"name": "Severity",
			"value": "Informational"
		},
		{
			"name": "Attack Vector",
			"value": "Email"
		},
		{
			"name": "IS-Unknown",
			"value": "False"
		}
	],
	"incident_ids": [
		132,
		124
	],
	"incidents": []
}

Workflow Library Example

Get Investigation Details with Proofpoint Threat Response Auto Pull and Send Results Via Email

Preview this Workflow on desktop

Integrations

​Parameters

​Example Output

​Workflow Library Example

Parameters

Example Output

Workflow Library Example