Skip to main content
Get a list of investigations with optional filtering.
External DocumentationTo learn more, visit the Rapid7 InsightIDR documentation.

Basic Parameters

ParameterDescription
End TimeThe end of the timeframe to filter the results by.
PageThe number of the page to return results from (zero-based).
Page SizeThe maximum number of results to return per page. Valid range is 1-1000.
Return All PagesAutomatically fetch all resources, page by page.
Start TimeThe start of the timeframe to filter the results by.
StatusesA comma-separated list of statuses of investigations to filter by.
TagsA comma-separated list of tags to include in the response. Only investigations who have all specified tags will be included.

For Example: Incident, Security Test, Reported to Customer.

Advanced Parameters

ParameterDescription
Assignee Email AddressThe email address of the assignee to filter the results by.
Multi CustomerWhen selected, investigations will be returned from all organizations the connected user has access to.

Note: This feature is available for multi-customer user keys only.
PrioritiesA comma-separated list of investigation priorities to filter the results by. For Example - UNSPECIFIED, LOW, MEDIUM, HIGH, CRITICAL
SortAn investigation field to filter the results by, concatenated with the direction of sorting.

For Example: priority,DESC

Available sorting parameters:
- created_time
- priority
- rrn
- alerts_most_recent_created_time
- alerts_most_recent_detection_created_time

Available sorting directions:
- DESC
- ASC
SourcesA comma-separated list of investigation sources to filter the results by. For Example - USER,ALERT

Example Output

{
	"data": [
		{
			"rrn": "rrn:investigation:us1:174e4f99-2ac7-4481-9301-4d24c34baf06:investigation:6A74T2A4",
			"organization_id": "174e4f99-2ac7-4481-9301-4d24c34baf06",
			"title": "Jane Smith enabled account Roger Johnson",
			"source": "ALERT",
			"status": "OPEN",
			"priority": "CRITICAL",
			"last_accessed": "2018-06-06T16:56:42Z",
			"created_time": "2018-06-06T16:56:42Z",
			"disposition": "BENIGN",
			"assignee": {
				"name": "Ellen Example",
				"email": "example@test.com"
			},
			"first_alert_time": "2018-06-06T16:56:42Z",
			"latest_alert_time": "2018-06-06T16:56:42Z",
			"tags": [
				"Incident",
				"Security Test"
			],
			"responsibility": "CUSTOMER"
		}
	],
	"metadata": {
		"index": 0,
		"size": 20,
		"total_pages": 1,
		"total_data": 15
	}
}

Workflow Library Example

List Investigations with Rapid7 Insightidr and Send Results Via Email
Workflow LibraryPreview this Workflow on desktop