Skip to main content
Search for investigations.
External DocumentationTo learn more, visit the Rapid7 InsightIDR documentation.

Basic Parameters

ParameterDescription
End TimeThe end of the timeframe to filter the results by.
PageThe number of the page to return results from (zero-based).
Page SizeThe maximum number of results to return per page. Valid range is 1-100
Return All PagesAutomatically fetch all resources, page by page.
SearchAn array of searching objects to filter the results by.

For example:

[
  {
  “field”: “title”,
  “operator”: “EQUALS,CONTAINS,IN”,
  “value”: { } #Could be a value of any type.
  }
]
For more information about optional searching fields, please refer to - Rapid7 Insight IDR Documentation
SortAn array of sorting criteria.

For Example: 
[
  {
  “field”: “name”,
  “order”: “ASC”
  }
]
For more information about optional sorting fields, please refer to - Rapid7 Insight IDR Documentation
Start TimeThe start of the timeframe to filter the results by.

Advanced Parameters

ParameterDescription
Multi CustomerWhen selected, investigations will be returned from all organizations the connected user has access to.

Note: This feature is available for multi-customer user keys only.

Example Output

{
	"search": [
		{
			"field": "name",
			"operator": "EQUALS,CONTAINS,IN",
			"value": {}
		}
	],
	"sort": [
		{
			"field": "name",
			"order": "ASC"
		}
	],
	"start_time": "2018-07-04T00:00:00Z",
	"end_time": "2018-07-04T00:00:00Z"
}

Workflow Library Example

Search Investigations with Rapid7 Insightidr and Send Results Via Email
Workflow LibraryPreview this Workflow on desktop