Get Investigation Details
Retrieve investigation metadata by ID.
External Documentation
To learn more, visit the Proofpoint Threat Response Auto Pull documentation.
Parameters
| Parameter | Description |
|---|---|
| Expand Events | Retrieve investigations with events data expanded. |
| Expand Incidents | Retrieve investigations with incidents data expanded. |
| Investigation ID | The ID of the investigation to retrieve. |
Example Output
{
"id": 1,
"created_at": "2021-01-08T17:20:07Z",
"updated_at": "2021-03-11T05:49:15Z",
"name": "test",
"assignee": "System Administrator",
"team": "Script Admins",
"description": "asdadad",
"investigation_field_values": [
{
"name": "Classification",
"value": "Malware"
},
{
"name": "Severity",
"value": "Informational"
},
{
"name": "Attack Vector",
"value": "Email"
},
{
"name": "IS-Unknown",
"value": "False"
}
],
"incident_ids": [
132,
124
],
"incidents": []
}
Workflow Library Example
Get Investigation Details with Proofpoint Threat Response Auto Pull and Send Results Via Email
Preview this Workflow on desktop