Skip to main content
Get investigation details by its ID.
External DocumentationTo learn more, visit the Rapid7 InsightIDR documentation.

Parameters

ParameterDescription
Investigation IDThe ID of the investigation to get details on.
Multi CustomerWhen selected, investigations will be returned from all organizations the connected user has access to.

Note: This feature is available for multi-customer user keys only.

Example Output

{
	"rrn": "rrn:investigation:us1:174e4f99-2ac7-4481-9301-4d24c34baf06:investigation:6A74T2A4",
	"organization_id": "174e4f99-2ac7-4481-9301-4d24c34baf06",
	"title": "Jane Smith enabled account Roger Johnson",
	"source": "ALERT",
	"status": "OPEN",
	"priority": "CRITICAL",
	"last_accessed": "2018-06-06T16:56:42Z",
	"created_time": "2018-06-06T16:56:42Z",
	"disposition": "BENIGN",
	"assignee": {
		"name": "Ellen Example",
		"email": "example@test.com"
	},
	"first_alert_time": "2018-06-06T16:56:42Z",
	"latest_alert_time": "2018-06-06T16:56:42Z",
	"tags": [
		"Incident",
		"Security Test"
	],
	"responsibility": "CUSTOMER"
}

Workflow Library Example

Get Investigation with Rapid7 Insightidr and Send Results Via Email
Workflow LibraryPreview this Workflow on desktop