Close Multiple Investigations - Blink Documentation

Close all the investigations that match the filtering criteria. Note: One of the following parameters is required - Alert Type, Detection Rule RRN.

External DocumentationTo learn more, visit the Rapid7 InsightIDR documentation.

Parameters

Parameter	Description
Alert Type	The type of the alert that should be closed. For example - `Attacker Behavior Detected`. Note: This parameter is required when closing `ALERT` investigations.
Detection Rule RRN	The RRN of the detection rule. Note: Using this parameter requires `Alert Type` to be set to `Attacker Behavior Detected`.
Disposition	A disposition to set the investigation to. Defaults to `NOT_APPLICABLE`.
From	A starting timeframe to close investigations created after it.
Max Investigations To Close	The maximum number of investigations to close. Note: If this limit is exceeded - status code `400` will be returned.
Source	The source of an investigations to close.
To	An ending timeframe to close investigations created after it.

Example Output

{
	"ids": [
		"581134c9-2510-4010-865c-7ae81761315b",
		"114c706d-e64a-4731-997b-9115beef3026"
	],
	"num_closed": 2
}

Workflow Library Example

Close Multiple Investigations with Rapid7 Insightidr and Send Results Via Email

Preview this Workflow on desktop

Integrations

​Parameters

​Example Output

​Workflow Library Example

Parameters

Example Output

Workflow Library Example