Investigation
Returns an alert investigation
Investigation data object. For progress: investigation.status=
Malformed request
Access denied
No investigation found for ID
System error
GET /app/api/v1/investigation/{investigation_id} HTTP/1.1
Host:
Authorization: YOUR_API_KEY
Accept: */*
{
"id": 1,
"findings": [
{
"headline": "text",
"finding": "text",
"outcome": "COMPLETED_BREACHED_CONFIRMED",
"artifacts": [
"text"
],
"evidences": [
{
"evidence_type": "text",
"tag": "text",
"data": "text"
}
]
}
],
"recommended_remediations": [
"text"
],
"alert": {
"id": 1,
"entities": [
{
"type": "text",
"value": "text"
}
],
"origin_integration_display_name": "text",
"original_title": "text",
"created_at": "2025-11-02T15:12:38.164Z",
"updated_at": "2025-11-02T15:12:38.164Z",
"handler_version": "v1",
"schema_key": "text",
"coalesce_key": "text",
"direct_source_label": "text",
"proxy_source_label": "text",
"origin_ticket_id": "text",
"origin_ticket_id_label": "text",
"origin_ticket_url": "text",
"start_time": "2025-11-02T15:12:38.164Z",
"create_time": "2025-11-02T15:12:38.164Z",
"severity": "text",
"alert_type": "text",
"title": "text",
"assets": {
"ANY_ADDITIONAL_PROPERTY": "anything"
},
"raw_alert_content": "text",
"tenant_id": "text",
"tenant_label": "text",
"tenant_integration_key": "text",
"enrich_result": {
"ANY_ADDITIONAL_PROPERTY": "anything"
},
"origin_integration": "text",
"tenant_union": 1
},
"conclusion": "text",
"inv_url": "text",
"created_at": "2025-11-02T15:12:38.164Z",
"updated_at": "2025-11-02T15:12:38.164Z",
"start_time": "2025-11-02T15:12:38.164Z",
"status": "not_asked",
"ready": true,
"canceled": "CANCEL_MANUAL",
"error_msg": "text",
"generated_time": "2025-11-02T15:12:38.164Z",
"is_retried": true,
"exec_summary": "text",
"alert_summary": "text",
"attack_surface": "text",
"mitre_tactic": "text",
"conclusion_summary": "text",
"outcome": "COMPLETED_BREACHED_CONFIRMED",
"priority": "informational",
"insight_tags": {
"ANY_ADDITIONAL_PROPERTY": "anything"
},
"key_findings": {
"ANY_ADDITIONAL_PROPERTY": "anything"
},
"findings_ranking": {
"ANY_ADDITIONAL_PROPERTY": "anything"
},
"related_alert_hypothesis": {
"ANY_ADDITIONAL_PROPERTY": "anything"
},
"interview_proposals": {
"ANY_ADDITIONAL_PROPERTY": "anything"
},
"email_screenshot": "text",
"backfill": 1,
"ignored_for": 1
}Creates a new alert investigation, returning investigation_id
Returns existing id if alert already exists (unless force_reinvestigation=True)
Then: Use GET /app/api/v1/investigation/{investigation_id} for updates
falsenullExisting investigation found
New investigation created
Malformed request
Access denied
Alert skipped due to missing data (e.g., propagation delay)
System error
System not ready for requests
POST /app/api/v1/investigation/create HTTP/1.1
Host:
Authorization: YOUR_API_KEY
Content-Type: application/json
Accept: */*
Content-Length: 94
{
"schema_key": "text",
"raw_alert_content": {},
"force_reinvestigation": false,
"tenant_union_id": 1
}{
"investigation_id": 1
}Request body = arbitrary alert JSON to be parsed & investigated
Response = investigation_id if successful, error_msg otherwise
Returns existing id if alert already exists (unless ?force_reinvestigation=True)
Then: Use GET /app/api/v1/investigation/{investigation_id} for updates
Force reinvestigation
Existing investigation found
New investigation created
Malformed request
Access denied
Content Too Large
System error
System not ready for requests
POST /app/api/v1/investigation/create/custom HTTP/1.1
Host:
Authorization: YOUR_API_KEY
Content-Type: application/json
Accept: */*
Content-Length: 2
{}{
"investigation_id": 1
}Last updated
Was this helpful?