Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.blinkops.com/llms.txt

Use this file to discover all available pages before exploring further.

Set the status of an investigation.
External DocumentationTo learn more, visit the Rapid7 InsightIDR documentation.

Basic Parameters

ParameterDescription
DispositionA disposition to set the investigation to.

Notes:
- Only used if the new status is CLOSED.
- Defaults to UNDECIDED upon creation.
Investigation IDThe ID or RRN of an investigation to set the status of.
StatusThe status to set for the investigation.
Threat Command - Close ReasonThe threat command reason when setting the investigation to closed.

Note: Use only if the investigation being closed has an associated alert in Threat Command.
Threat Command - Free TextAdditional information to add when closing the investigation.

Advanced Parameters

ParameterDescription
Multi CustomerWhen selected, investigations will be returned from all organizations the connected user has access to.

Note: This feature is available for multi-customer user keys only.

Example Output

{
	"id": "174e4f99-2ac7-4481-9301-4d24c34baf06",
	"rrn": "rrn:investigation:us1:174e4f99-2ac7-4481-9301-4d24c34baf06:investigation:6A74T2A4",
	"title": "Joe enabled account Joebob",
	"status": "OPEN",
	"source": "ALERT",
	"disposition": "BENIGN",
	"assignee": {
		"name": "Ellen Example",
		"email": "example@test.com"
	},
	"alerts": [
		{
			"type": "Account Created",
			"type_description": "A new account has been created.",
			"first_event_time": "2018-06-06T16:56:42Z"
		}
	],
	"created_time": "2018-06-06T16:56:42Z"
}

Workflow Library Example

Set Investigation Status with Rapid7 Insightidr and Send Results Via Email
Workflow LibraryPreview this Workflow on desktop