List Alerts Investigation

6 min

description retrieve all alerts associated with a given investigation in rapid7 insightidr v2, utilizing the unique identifier endpoint url idr/v2/investigations/{{identifier}}/alerts method get inputs path parameters (object) – required identifier (string) – required parameters (object) index (number) multi customer (boolean) size (number) headers (object) – required accept version (string) – required output example \[ { "status code" 200, "response headers" { "date" "tue, 25 jul 2023 05 00 27 gmt", "content type" "application/json", "transfer encoding" "chunked", "connection" "keep alive", "cache control" "no cache, no store, max age=0, must revalidate", "expires" "0", "pragma" "no cache", "x content type options" "nosniff", "x frame options" "deny", "x xss protection" "1; mode=block", "vary" "origin", "access control allow credentials" "true" }, "reason" "ok", "json body" { "data" \[ { "alert source" "user behavior analytics", "alert type" "account created", "alert type description" "a new account has been created ", "created time" "2018 06 06t16 56 42z", "detection rule rrn" { "rule name" "attacker technique accessibility tool launching process", "rule rrn" "rrn\ cba detection rule\ fx11kbbsck20" }, "first event time" "2018 06 06t16 56 42z", "id" "174e4f99 2ac7 4481 9301 4d24c34baf06", "latest event time" "2018 06 06t16 56 42z", "title" "account jdoe had inbound firewall traffic from 1 2 3 4 (tracked in mythreat) to 10 1 2 3" } ] }, "metadata" { "index" 10, "size" 20, "total pages" 1, "total data" 1 } } ] output parameters status code (number) reason (string) json body (object) data (array) alert source (string) alert type (string) alert type description (string) created time (string) detection rule rrn (object) rule name (string) rule rrn (string) first event time (string) id (string) latest event time (string) title (string) metadata (object) index (number) size (number) total pages (number) total data (number) response headers header type date string content type string transfer encoding string connection string cache control string expires string pragma string x content type options string x frame options string x xss protection string vary string access control allow credentials string

Get Product List Alerts by Investigation

List All Saved Queries