Parameters

ParameterDescription
Expand EventsRetrieve investigations with events data expanded.
Expand IncidentsRetrieve investigations with incidents data expanded.
Investigation IDThe ID of the investigation to retrieve.

Example Output

{    "id": 1,    "created_at": "2021-01-08T17:20:07Z",    "updated_at": "2021-03-11T05:49:15Z",    "name": "test",    "assignee": "System Administrator",    "team": "Script Admins",    "description": "asdadad",    "investigation_field_values": [        {            "name": "Classification",            "value": "Malware"        },        {            "name": "Severity",            "value": "Informational"        },        {            "name": "Attack Vector",            "value": "Email"        },        {            "name": "IS-Unknown",            "value": "False"        }    ],    "incident_ids": [        132,        124    ],    "incidents": []}

Workflow Library Example

Get Investigation Details with Proofpoint Threat Response Auto Pull and Send Results Via Email

Preview this Workflow on desktop