Rapid7 InsightIDR V2

the rapid7 insightidr v2 connector enables seamless integration with swimlane turbine, providing users with the ability to automate and orchestrate security operations tasks rapid7 insightidr v2 is a powerful security analytics and incident detection platform that enables teams to detect and investigate security incidents quickly this connector allows swimlane turbine users to automate key security operations tasks such as assigning users to investigations, closing multiple investigations, managing saved queries, and updating investigation statuses by integrating with rapid7 insightidr v2, users can streamline their incident response process, reduce manual workload, and accelerate threat detection and resolution within the swimlane turbine platform prerequisites to effectively utilize the rapid7 insightidr v2 connector within swimlane turbine, ensure you have the following prerequisites api key authentication url the base endpoint url for the rapid7 insightidr api api key a valid api key provided by rapid7 to authenticate api requests capabilities this connector provides the following capabilities assign user to investigation bulk close investigations create a saved query create investigation delete a saved query get investigation get product list alerts by investigation list alerts investigation list all saved queries list investigations retrieve evidence for alert run saved query search investigations set disposition investigation set priority investigation and so on asset setup fill in the region parameter with the data center used for your account to find the data center, log in to your insightidr account, then look at the url of the home page the url should look similar to this http //region idr insight rapid7 com indicates your data center enter that as the value in the region parameter actions setup you need a threat key in order to use actions that manage threats if you do not have a threat to use, follow the instructions here to create a new threat for actions that take datetime inputs, you can use any standard datetime format notes https //docs rapid7 com/insightidr/insightidr rest api/ configurations api key authentication authenticates using an api key configuration parameters parameter description type required url a url to the target host string required x api key api key string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions assign user to investigation assign a user to an investigation in rapid7 insightidr v2 by specifying the investigation id and user's email address endpoint url idr/v2/investigations/{{id}}/assignee method put input argument name type required description path parameters id string required parameters for the assign user to investigation action parameters multi customer boolean optional parameters for the assign user to investigation action headers object required http headers for the request headers accept version string required http headers for the request user email address string optional parameter for assign user to investigation input example {"parameters" {"multi customer"\ false},"json body" {"user email address" "example\@test com"},"path parameters" {"id" "3726c3aa a4d8 4be4 969d ff2c156ddd78"},"headers" {"accept version" "investigations preview"}} output parameter type description status code number http status code of the response reason string response reason phrase assignee object output field assignee assignee email string output field assignee email assignee name string name of the resource created time string time value disposition string output field disposition first alert time string time value last accessed string output field last accessed latest alert time string time value organization id string unique identifier priority string output field priority responsibility string output field responsibility rrn string output field rrn source string output field source status string status value tags array output field tags title string output field title output example {"assignee" {"email" "user\@example com","name" "example name"},"created time" "string","disposition" "string","first alert time" "string","last accessed" "string","latest alert time" "string","organization id" "string","priority" "string","responsibility" "string","rrn" "string","source" "string","status" "active","tags" \["string"],"title" "string"} bulk close investigations closes multiple investigations in rapid7 insightidr within a specified date range, requiring 'from', 'source', and 'to' parameters endpoint url idr/v2/investigations/bulk close method post input argument name type required description headers object required http headers for the request headers accept version string required http headers for the request alert type string optional type of the resource detection rule rrn string optional parameter for bulk close investigations disposition string optional parameter for bulk close investigations from string optional parameter for bulk close investigations max investigations to close number optional parameter for bulk close investigations source string optional parameter for bulk close investigations to string optional parameter for bulk close investigations input example {"json body" {"alert type" "attacker behavior detected","detection rule rrn" "string","disposition" "benign","from" "2023 07 19t03 21 57 980z","max investigations to close" 10,"source" "manual","to" "2023 07 20t03 21 57 980z"},"headers" {"accept version" "investigations preview"}} output parameter type description status code number http status code of the response reason string response reason phrase ids array unique identifier num closed number output field num closed output example {"status code" 200,"response headers" {},"reason" "","json body" {"ids" \["581134c9 2510 4010 865c 7ae81761315b","114c706d e64a 4731 997b 9115beef3026"],"num closed" 2}} create a saved query initiates the creation of a saved query in rapid7 insightidr using the provided 'saved query' details endpoint url /log search/query/saved queries method post input argument name type required description saved query object optional parameter for create a saved query saved query name string required the name for the saved query saved query leql object required parameter for create a saved query saved query leql during object optional parameter for create a saved query saved query leql during from number optional the start of the time range for the query, as a unix timestamp in milliseconds saved query leql during to number optional the end of the time range for the query, as a unix timestamp in milliseconds saved query leql during time range string optional relative time range (instead of absolute from + to time range) possible values are "yesterday", "today" and "last x timeunits" where x is the number of time unit back from the current server time supported time units (case insensitive) are min(s) or minute(s), hr(s) or hour(s), day(s), week(s), month(s) and year(s) saved query leql statement string required the leql query run against the log(s) if empty, the query retrieves all log entries in the specified time range saved query logs array optional the log keys of the logs which the query is run against input example {"json body" {"saved query" {"name" "saved query 2","leql" {"statement" "where(test)"}}}} output parameter type description status code number http status code of the response reason string response reason phrase saved query object output field saved query saved query id string unique identifier saved query name string name of the resource saved query leql object output field saved query leql saved query leql statement string output field saved query leql statement saved query leql during object output field saved query leql during saved query leql during time range object output field saved query leql during time range saved query leql during to object output field saved query leql during to saved query leql during from object output field saved query leql during from saved query logs array output field saved query logs output example {"status code" 201,"response headers" {"date" "fri, 21 jun 2024 09 18 35 gmt","content type" "application/json","content length" "180","connection" "keep alive","vary" "origin, accept encoding, origin","location" "https //us3 api insight rapid7 com/log search/query/saved queries/00000000 0000 ","strict transport security" "max age=31536000; includesubdomains","r7 correlation id" "3f4f3a96 4af9 4229 9303 30dd632beb93","access control allow credentials" "true","access control expose headers" "r create investigation initiate a manual investigation in rapid7 insightidr v2 with custom headers and json body data endpoint url idr/v2/investigations method post input argument name type required description headers object required http headers for the request headers accept version string required http headers for the request assignee object optional parameter for create investigation assignee email string optional parameter for create investigation disposition string optional parameter for create investigation priority string optional parameter for create investigation status string optional status value title string optional parameter for create investigation input example {"json body" {"assignee" {"email" "example\@test com"},"disposition" " benign","priority" "low","status" "open","title" "jane smith"},"headers" {"accept version" "investigations preview"}} output parameter type description status code number http status code of the response reason string response reason phrase assignee object output field assignee assignee email string output field assignee email assignee name string name of the resource created time string time value disposition string output field disposition first alert time string time value last accessed string output field last accessed latest alert time string time value organization id string unique identifier priority string output field priority responsibility string output field responsibility rrn string output field rrn source string output field source status string status value tags array output field tags title string output field title output example {"assignee" {"email" "user\@example com","name" "example name"},"created time" "string","disposition" "string","first alert time" "string","last accessed" "string","latest alert time" "string","organization id" "string","priority" "string","responsibility" "string","rrn" "string","source" "string","status" "active","tags" \["string"],"title" "string"} delete a saved query removes a specified saved query from rapid7 insightidr using the provided unique saved query id endpoint url /log search/query/saved queries/{{saved query id}} method delete input argument name type required description path parameters saved query id string required the id of the saved query input example {"path parameters" {"saved query id" "00000000 0000 1616 0000 000000000000"}} output parameter type description status code number http status code of the response reason string response reason phrase response text string output field response text output example {"status code" 204,"response headers" {"date" "fri, 21 jun 2024 09 07 47 gmt","connection" "keep alive","vary" "origin, origin","strict transport security" "max age=31536000; includesubdomains","r7 correlation id" "5d143985 8028 4204 a2f9 f18e1848b30b","access control allow credentials" "true","access control expose headers" "r7 correlation id","ratelimit limit" "1500","ratelimit reset" "445","ratelimit remaining" "1497","x ratelimit limit" "1500","x ratelimit reset" "445","x ratelimit remaining get investigation retrieve a specific investigation in rapid7 insightidr v2 using the unique identifier (id) provided in path parameters endpoint url idr/v2/investigations/{{id}} method get input argument name type required description path parameters id string required parameters for the get investigation action parameters multi customer boolean optional parameters for the get investigation action headers object required http headers for the request headers accept version string required http headers for the request input example {"parameters" {"multi customer"\ false},"path parameters" {"id" "3726c3aa a4d8 4be4 969d ff2c156ddd78"},"headers" {"accept version" "investigations preview"}} output parameter type description status code number http status code of the response reason string response reason phrase assignee object output field assignee assignee email string output field assignee email assignee name string name of the resource created time string time value disposition string output field disposition first alert time string time value last accessed string output field last accessed latest alert time string time value organization id string unique identifier priority string output field priority responsibility string output field responsibility rrn string output field rrn source string output field source status string status value tags array output field tags title string output field title output example {"assignee" {"email" "user\@example com","name" "example name"},"created time" "string","disposition" "string","first alert time" "string","last accessed" "string","latest alert time" "string","organization id" "string","priority" "string","responsibility" "string","rrn" "string","source" "string","status" "active","tags" \["string"],"title" "string"} get product list alerts by investigation retrieve all rapid7 insightidr alerts associated with a given investigation identifier, including path parameters and headers endpoint url idr/v2/investigations/{{identifier}}/rapid7 product alerts method get input argument name type required description path parameters identifier string required parameters for the get product list alerts by investigation action parameters multi customer boolean optional parameters for the get product list alerts by investigation action headers object required http headers for the request headers accept version string required http headers for the request input example {"parameters" {"multi customer"\ false},"path parameters" {"identifier" "3726c3aa a4d8 4be4 969d ff2c156ddd78"},"headers" {"accept version" "investigations preview"}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {"date" "tue, 25 jul 2023 05 13 19 gmt","content type" "application/json","transfer encoding" "chunked","connection" "keep alive","cache control" "no cache, no store, max age=0, must revalidate","expires" "0","pragma" "no cache","x content type options" "nosniff","x frame options" "deny","x xss protection" "1; mode=block","vary" "origin","access control allow credentials" "true"},"reason" "ok","json body" \[{"threat command details" {},"type" "threat command" list alerts investigation retrieve all alerts associated with a given investigation in rapid7 insightidr v2, utilizing the unique identifier endpoint url idr/v2/investigations/{{identifier}}/alerts method get input argument name type required description path parameters identifier string required parameters for the list alerts investigation action parameters index number optional parameters for the list alerts investigation action parameters multi customer boolean optional parameters for the list alerts investigation action parameters size number optional parameters for the list alerts investigation action headers object required http headers for the request headers accept version string required http headers for the request input example {"parameters" {"index" 10,"multi customer"\ false,"size" 20},"path parameters" {"identifier" "3726c3aa a4d8 4be4 969d ff2c156ddd78"},"headers" {"accept version" "investigations preview"}} output parameter type description status code number http status code of the response reason string response reason phrase metadata object response data metadata index number response data metadata size number response data metadata total pages number response data metadata total data number response data data array response data data alert source string response data data alert type string response data data alert type description string response data data created time string response data data detection rule rrn object response data data detection rule rrn rule name string response data data detection rule rrn rule rrn string response data data first event time string response data data id string response data data latest event time string response data data title string response data output example {"status code" 200,"response headers" {"date" "tue, 25 jul 2023 05 00 27 gmt","content type" "application/json","transfer encoding" "chunked","connection" "keep alive","cache control" "no cache, no store, max age=0, must revalidate","expires" "0","pragma" "no cache","x content type options" "nosniff","x frame options" "deny","x xss protection" "1; mode=block","vary" "origin","access control allow credentials" "true"},"reason" "ok","json body" {"data" \[{}]},"metadata" {"index" 10,"size" 20,"total list all saved queries retrieve all saved queries from rapid7 insightidr for analysis or investigation purposes endpoint url /log search/query/saved queries method get output parameter type description status code number http status code of the response reason string response reason phrase saved queries array output field saved queries saved queries id string unique identifier saved queries name string name of the resource saved queries leql object output field saved queries leql saved queries leql statement string output field saved queries leql statement saved queries leql during object output field saved queries leql during saved queries leql during time range object output field saved queries leql during time range saved queries leql during to object output field saved queries leql during to saved queries leql during from object output field saved queries leql during from saved queries logs array output field saved queries logs output example {"status code" 200,"response headers" {"date" "fri, 21 jun 2024 09 00 13 gmt","content type" "application/json","content length" "191","connection" "keep alive","vary" "origin, accept encoding, origin","strict transport security" "max age=31536000; includesubdomains","r7 correlation id" "14f165c3 d476 45e3 a9f1 13df3a33426b","access control allow credentials" "true","access control expose headers" "r7 correlation id","ratelimit limit" "1500","ratelimit reset" "900","ratelimit remaining" "1499"," list investigations retrieve a paginated list of investigations from rapid7 insightidr using specified request headers endpoint url idr/v2/investigations method get input argument name type required description parameters assignee email string optional parameters for the list investigations action parameters end time string optional parameters for the list investigations action parameters index number optional parameters for the list investigations action parameters multi customer boolean optional parameters for the list investigations action parameters priorities string optional parameters for the list investigations action parameters size number optional parameters for the list investigations action parameters sort string optional parameters for the list investigations action parameters sources string optional parameters for the list investigations action parameters start time string optional parameters for the list investigations action parameters statuses string optional parameters for the list investigations action parameters tags string optional parameters for the list investigations action headers object required http headers for the request headers accept version string required http headers for the request input example {"parameters" {"assignee email" "vemula dilip\@swimlane com","end time" "2018 07 04t00 00 00z","index" 10,"multi customer"\ false,"priorities" "low","size" 20,"sort" "priority,desc","sources" "user,alert","start time" "2018 07 04t00 00 00z","statuses" "open","tags" "incident"},"headers" {"accept version" "investigations preview"}} output parameter type description status code number http status code of the response reason string response reason phrase data array response data data assignee object response data data assignee email string response data data assignee name string response data data created time string response data data disposition string response data data first alert time string response data data last accessed string response data data latest alert time string response data data organization id string response data data priority string response data data responsibility string response data data rrn string response data data source string response data data status string response data data tags array response data data title string response data metadata object response data metadata index number response data metadata size number response data metadata total data number response data metadata total pages number response data output example {"data" \[{"assignee" {},"created time" "string","disposition" "string","first alert time" "string","last accessed" "string","latest alert time" "string","organization id" "string","priority" "string","responsibility" "string","rrn" "string","source" "string","status" "active","tags" \[],"title" "string"}],"metadata" {"index" 123,"size" 123,"total data" 123,"total pages" 123}} retrieve evidence for alert retrieve associated evidence for a specific alert in rapid7 insightidr using the alert's unique resource name (rrn) endpoint url /idr/at/alerts/{{alert rrn}}/evidences method get input argument name type required description path parameters alert rrn string required the unique identifier of the alert parameters index number optional the index of the page to retrieve (zero indexed) parameters size number optional the size of the page to retrieve headers object required http headers for the request headers accept version string required acknowledges the api preview status input example {"parameters" {"index" 0,"size" 1},"path parameters" {"alert rrn" "14457f42 5f94 4125 aa6d b3de4346f2bd"},"headers" {"accept version" "strong force preview"}} output parameter type description status code number http status code of the response reason string response reason phrase evidences array unique identifier evidences rrn string unique identifier evidences version number unique identifier evidences created at string unique identifier evidences updated at string unique identifier evidences evented at string unique identifier evidences external source string unique identifier evidences event type string unique identifier evidences data string response data metadata object response data metadata index number response data metadata size number response data metadata items in index number response data metadata total items number response data metadata is last index boolean response data output example {"status code" 200,"response headers" {"date" "fri, 21 jun 2024 08 01 46 gmt","content type" "application/json","transfer encoding" "chunked","connection" "keep alive","r7 correlation id" "04bad1e4 ac8d 4645 adc2 9d4d3588cb80","vary" "accept encoding, origin","content encoding" "gzip","x envoy upstream service time" "261","server" "istio envoy","x envoy decorator operation" "protonclass1apigatewayapp default svc cluster local 9873/ ","access control allow credentials" "true","access control expo run saved query executes a predefined saved query within rapid7 insightidr using the provided 'saved query id' endpoint url /log search/query/saved query/{{saved query id}} method get input argument name type required description path parameters saved query id string required the id of the saved query parameters time range string optional an alternative to the from and to query parameters possible values are "yesterday", "today" and "last x timeunits" where x is the number of time unit back from the current server time supported time units (case insensitive) are min(s) or minute(s), hr(s) or hour(s), day(s), week(s), month(s) and year(s) if "time range" is used, then the "from" and "to" query parameters must not be used parameters from number optional the start of the time range for the query, as a unix timestamp in milliseconds parameters to number optional the end of the time range for the query, as a unix timestamp in milliseconds parameters per page number optional number of log entries to return per page, up to 500(the maximum allowed) parameters kvp info boolean optional when set to true, the events object that is returned will additionally contain information about all the key value pairs in each returned log entry parameters most recent first boolean optional when set to true, the query returns the most recent events first when set to false, it returns the oldest events first input example {"parameters" {"time range" "last 6 months","from" 1460557604000,"to" 1460557604000,"per page" 50,"kvp info"\ true,"most recent first"\ false},"path parameters" {"saved query id" "00000000 0000 00cf 0000 000000000000"}} output parameter type description status code number http status code of the response reason string response reason phrase logs array output field logs leql object output field leql leql statement string output field leql statement leql during object output field leql during leql during from number output field leql during from leql during to number output field leql during to events array output field events events labels array output field events labels events labels links array output field events labels links events labels links rel string output field events labels links rel events labels links href string output field events labels links href events labels id string unique identifier events timestamp number output field events timestamp events sequence number number output field events sequence number events log id string unique identifier events message string response message events links array output field events links events links rel string output field events links rel events links href string output field events links href events sequence number str number output field events sequence number str events kvp info array output field events kvp info events kvp info key object output field events kvp info key events kvp info key text string output field events kvp info key text output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"logs" \["565c1b7b c08b 4c87 a42a ab08bad56071"],"leql" {"statement" "where(931dde6c60>=800)","during" {}},"events" \[{},{}]}} search investigations performs a search for investigations in rapid7 insightidr v2 using specified criteria and returns matching results requires headers and path parameters endpoint url idr/v2/investigations/{{ search}} method post input argument name type required description parameters index number optional parameters for the search investigations action parameters multi customer boolean optional parameters for the search investigations action parameters size number optional parameters for the search investigations action headers object required http headers for the request headers accept version string required http headers for the request path parameters search string required parameters for the search investigations action end time string optional time value search array optional parameter for search investigations search field string optional parameter for search investigations search operator string optional parameter for search investigations search value object optional value for the parameter sort array optional parameter for search investigations sort field string optional parameter for search investigations sort order string optional parameter for search investigations start time string optional time value title string optional parameter for search investigations input example {"parameters" {"index" 0,"multi customer"\ true,"size" 20},"json body" {"end time" "2018 07 04t00 00 00z","search" \[{"field" "name","operator" "equals","value" {}}],"sort" \[{"field" "name","order" "asc"}],"start time" "2018 07 04t00 00 00z","title" "start time"},"headers" {"accept version" "investigations preview"},"path parameters" {" search" "search"}} output parameter type description status code number http status code of the response reason string response reason phrase data array response data data assignee object response data data assignee email string response data data assignee name string response data data created time string response data data disposition string response data data first alert time string response data data last accessed string response data data latest alert time string response data data organization id string response data data priority string response data data responsibility string response data data rrn string response data data source string response data data status string response data data tags array response data data title string response data metadata object response data metadata index number response data metadata size number response data metadata total data number response data metadata total pages number response data output example {"data" \[{"assignee" {},"created time" "string","disposition" "string","first alert time" "string","last accessed" "string","latest alert time" "string","organization id" "string","priority" "string","responsibility" "string","rrn" "string","source" "string","status" "active","tags" \[],"title" "string"}],"metadata" {"index" 123,"size" 123,"total data" 123,"total pages" 123}} set disposition investigation updates the disposition of an investigation in rapid7 insightidr using its id and returns the updated details endpoint url idr/v2/investigations/{{id}}/disposition/{{disposition}} method put input argument name type required description path parameters disposition string required parameters for the set disposition investigation action path parameters id string required parameters for the set disposition investigation action parameters multi customer boolean optional parameters for the set disposition investigation action headers object required http headers for the request headers accept version string required http headers for the request input example {"parameters" {"multi customer"\ false},"path parameters" {"disposition" "benign","id" "3726c3aa a4d8 4be4 969d ff2c156ddd78"},"headers" {"accept version" "investigations preview"}} output parameter type description status code number http status code of the response reason string response reason phrase assignee object output field assignee assignee email string output field assignee email assignee name string name of the resource created time string time value disposition string output field disposition first alert time string time value last accessed string output field last accessed latest alert time string time value organization id string unique identifier priority string output field priority responsibility string output field responsibility rrn string output field rrn source string output field source status string status value tags array output field tags title string output field title output example {"assignee" {"email" "user\@example com","name" "example name"},"created time" "string","disposition" "string","first alert time" "string","last accessed" "string","latest alert time" "string","organization id" "string","priority" "string","responsibility" "string","rrn" "string","source" "string","status" "active","tags" \["string"],"title" "string"} set priority investigation assign a priority level to a specific investigation in rapid7 insightidr by using the investigation's id or rrn endpoint url idr/v2/investigations/{{id}}/priority/{{priority}} method put input argument name type required description path parameters id string required parameters for the set priority investigation action path parameters priority string required parameters for the set priority investigation action parameters multi customer boolean optional parameters for the set priority investigation action headers object required http headers for the request headers accept version string required http headers for the request input example {"parameters" {"multi customer"\ false},"path parameters" {"id" "3726c3aa a4d8 4be4 969d ff2c156ddd78","priority" "unspecified"},"headers" {"accept version" "investigations preview"}} output parameter type description status code number http status code of the response reason string response reason phrase assignee object output field assignee assignee email string output field assignee email assignee name string name of the resource created time string time value disposition string output field disposition first alert time string time value last accessed string output field last accessed latest alert time string time value organization id string unique identifier priority string output field priority responsibility string output field responsibility rrn string output field rrn source string output field source status string status value tags array output field tags title string output field title output example {"assignee" {"email" "user\@example com","name" "example name"},"created time" "string","disposition" "string","first alert time" "string","last accessed" "string","latest alert time" "string","organization id" "string","priority" "string","responsibility" "string","rrn" "string","source" "string","status" "active","tags" \["string"],"title" "string"} set status investigation updates the status of a specified investigation in rapid7 insightidr v2 by using its unique id or rrn, requiring path parameters endpoint url idr/v2/investigations/{{id}}/status/{{status}} method put input argument name type required description path parameters id string required parameters for the set status investigation action path parameters status string required parameters for the set status investigation action parameters multi customer boolean optional parameters for the set status investigation action headers object required http headers for the request headers accept version string required http headers for the request disposition string optional parameter for set status investigation threat command close reason string optional response reason phrase threat command free text string optional parameter for set status investigation input example {"parameters" {"multi customer"\ false},"json body" {"disposition" "benign","threat command close reason" "problemsolved","threat command free text" "string"},"path parameters" {"id" "3726c3aa a4d8 4be4 969d ff2c156ddd78","status" "investigating"},"headers" {"accept version" "investigations preview"}} output parameter type description status code number http status code of the response reason string response reason phrase assignee object output field assignee assignee email string output field assignee email assignee name string name of the resource created time string time value disposition string output field disposition first alert time string time value last accessed string output field last accessed latest alert time string time value organization id string unique identifier priority string output field priority responsibility string output field responsibility rrn string output field rrn source string output field source status string status value tags array output field tags title string output field title output example {"assignee" {"email" "user\@example com","name" "example name"},"created time" "string","disposition" "string","first alert time" "string","last accessed" "string","latest alert time" "string","organization id" "string","priority" "string","responsibility" "string","rrn" "string","source" "string","status" "active","tags" \["string"],"title" "string"} update investigation updates specific fields of an investigation in rapid7 insightidr using the provided id or rrn, with required path parameters and headers endpoint url idr/v2/investigations/{{id}} method patch input argument name type required description path parameters id string required parameters for the update investigation action parameters multi customer boolean optional parameters for the update investigation action headers object required http headers for the request headers accept version string required http headers for the request assignee object optional parameter for update investigation assignee email string optional parameter for update investigation disposition string optional parameter for update investigation priority string optional parameter for update investigation status string optional status value threat command close reason string optional response reason phrase threat command free text string optional parameter for update investigation title string optional parameter for update investigation input example {"parameters" {"multi customer"\ false},"json body" {"assignee" {"email" "example\@test com"},"disposition" "benign","priority" "critical","status" "open","threat command close reason" "problemsolved","threat command free text" "string","title" "assignee"},"path parameters" {"id" "9caa4d10 350d 4065 a0d6 99163abfebc7"},"headers" {"accept version" "investigations preview"}} output parameter type description status code number http status code of the response reason string response reason phrase assignee object output field assignee assignee email string output field assignee email assignee name string name of the resource created time string time value disposition string output field disposition first alert time string time value last accessed string output field last accessed latest alert time string time value organization id string unique identifier priority string output field priority responsibility string output field responsibility rrn string output field rrn source string output field source status string status value tags array output field tags title string output field title output example {"assignee" {"email" "user\@example com","name" "example name"},"created time" "string","disposition" "string","first alert time" "string","last accessed" "string","latest alert time" "string","organization id" "string","priority" "string","responsibility" "string","rrn" "string","source" "string","status" "active","tags" \["string"],"title" "string"} response headers header description example access control allow credentials http response header access control allow credentials true access control expose headers http response header access control expose headers r7 correlation id cache control directives for caching mechanisms no cache, no store, max age=0, must revalidate connection http response header connection keep alive content encoding http response header content encoding gzip content length the length of the response body in bytes 180 content type the media type of the resource application/json date the date and time at which the message was originated mon, 24 jul 2023 07 57 18 gmt expires the date/time after which the response is considered stale 0 location the url to redirect a page to https //us3 api insight rapid7 com/log search/query/saved queries/00000000 0000 1618 0000 000000000000 pragma http response header pragma no cache r7 correlation id http response header r7 correlation id 04bad1e4 ac8d 4645 adc2 9d4d3588cb80 ratelimit limit http response header ratelimit limit 1500 ratelimit remaining http response header ratelimit remaining 1499 ratelimit reset http response header ratelimit reset 19 server information about the software used by the origin server istio envoy strict transport security http response header strict transport security max age=31536000; includesubdomains transfer encoding http response header transfer encoding chunked vary http response header vary origin, origin x content type options http response header x content type options nosniff x envoy decorator operation http response header x envoy decorator operation protonclass1apigatewayapp default svc cluster local 9873 / x envoy upstream service time http response header x envoy upstream service time 261 x frame options http response header x frame options deny x ratelimit limit the number of requests allowed in the current rate limit window 1500 x ratelimit remaining the number of requests remaining in the current rate limit window 1497 x ratelimit reset the time at which the current rate limit window resets 445 x xss protection http response header x xss protection 1; mode=block