Skip to main content
Create a new investigation.
External DocumentationTo learn more, visit the Rapid7 InsightIDR documentation.

Parameters

ParameterDescription
Assignee EmailThe email address of the user to assign to the new investigation.
DispositionA disposition to set the investigation to. Defaults to UNDECIDED.
PriorityThe priority to set to the investigation.
StatusThe status to set for the investigation. Defaults to OPEN.
TitleThe title of the new investigation.

Example Output

{
	"rrn": "rrn:investigation:us1:174e4f99-2ac7-4481-9301-4d24c34baf06:investigation:6A74T2A4",
	"organization_id": "174e4f99-2ac7-4481-9301-4d24c34baf06",
	"title": "Jane Smith enabled account Roger Johnson",
	"source": "ALERT",
	"status": "OPEN",
	"priority": "CRITICAL",
	"last_accessed": "2018-06-06T16:56:42Z",
	"created_time": "2018-06-06T16:56:42Z",
	"disposition": "BENIGN",
	"assignee": {
		"name": "Ellen Example",
		"email": "example@test.com"
	},
	"first_alert_time": "2018-06-06T16:56:42Z",
	"latest_alert_time": "2018-06-06T16:56:42Z",
	"tags": [
		"Incident",
		"Security Test"
	],
	"responsibility": "CUSTOMER"
}

Workflow Library Example

Create Investigation with Rapid7 Insightidr and Send Results Via Email
Workflow LibraryPreview this Workflow on desktop