Retrieve Evidence for Alert

5 min

description retrieve associated evidence for a specific alert in rapid7 insightidr using the alert's unique resource name (rrn) endpoint url /idr/at/alerts/{{alert rrn}}/evidences method get inputs path parameters (object) – required alert rrn (string) – required the unique identifier of the alert parameters (object) index (number) the index of the page to retrieve (zero indexed) size (number) the size of the page to retrieve headers (object) – required accept version (string) – required acknowledges the api preview status output example \[ { "status code" 200, "response headers" { "date" "fri, 21 jun 2024 08 01 46 gmt", "content type" "application/json", "transfer encoding" "chunked", "connection" "keep alive", "r7 correlation id" "04bad1e4 ac8d 4645 adc2 9d4d3588cb80", "vary" "accept encoding, origin", "content encoding" "gzip", "x envoy upstream service time" "261", "server" "istio envoy", "x envoy decorator operation" "protonclass1apigatewayapp default svc cluster local 9873/ ", "access control allow credentials" "true", "access control expose headers" "r7 correlation id", "ratelimit limit" "250", "ratelimit reset" "19", "ratelimit remaining" "249" }, "reason" "ok", "json body" { "evidences" \[ { "rrn" "string", "version" 0, "created at" "2019 08 24t14 15 22z", "updated at" "2019 08 24t14 15 22z", "evented at" "2019 08 24t14 15 22z", "external source" "string", "event type" "string", "data" "string" } ], "metadata" { "index" 0, "size" 0, "items in index" 0, "total items" 0, "is last index" true } } } ] output parameters status code (number) reason (string) json body (object) evidences (array) rrn (string) version (number) created at (string) updated at (string) evented at (string) external source (string) event type (string) data (string) metadata (object) index (number) size (number) items in index (number) total items (number) is last index (boolean) response headers header type date string content type string transfer encoding string connection string r7 correlation id string vary string content encoding string x envoy upstream service time string server string x envoy decorator operation string access control allow credentials string access control expose headers string ratelimit limit string ratelimit reset string ratelimit remaining string

List Investigations

Run Saved Query