Rapid7 · Schema

Investigation

SecurityVulnerability ManagementSIEMXDRCloud SecuritySOARApplication Security

Properties

Name Type Description
id string The ID of the investigation.
rrn string The RRN of the investigation.
title string The investigation's title.
status string The status of the investigations.
source string The source of this investigation.
disposition string This disposition of this investigation.
assignee object The user assigned to this investigation, if any.
alerts array The alerts involved in this investigation, if any.
created_time string The time the investigation was created, as an ISO formatted timestamp.
View JSON Schema on GitHub

JSON Schema

rapid7-investigation-schema.json Raw ↑ 
{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "$id": "#/components/schemas/Investigation",
  "title": "Investigation",
  "type": "object",
  "properties": {
    "id": {
      "type": "string",
      "description": "The ID of the investigation.",
      "example": "174e4f99-2ac7-4481-9301-4d24c34baf06"
    },
    "rrn": {
      "type": "string",
      "description": "The RRN of the investigation.",
      "example": "rrn:investigation:us1:174e4f99-2ac7-4481-9301-4d24c34baf06:investigation:6A74T2A4"
    },
    "title": {
      "type": "string",
      "description": "The investigation's title.",
      "example": "Joe enabled account Joebob"
    },
    "status": {
      "type": "string",
      "description": "The status of the investigations.",
      "enum": [
        "OPEN,INVESTIGATING,CLOSED"
      ],
      "example": "OPEN"
    },
    "source": {
      "type": "string",
      "description": "The source of this investigation.",
      "example": "ALERT"
    },
    "disposition": {
      "type": "string",
      "description": "This disposition of this investigation.",
      "enum": [
        "BENIGN,MALICIOUS,NOT_APPLICABLE,UNSPECIFIED"
      ],
      "example": "BENIGN"
    },
    "assignee": {
      "$ref": "#/components/schemas/Assignee",
      "description": "The user assigned to this investigation, if any."
    },
    "alerts": {
      "type": "array",
      "description": "The alerts involved in this investigation, if any.",
      "items": {
        "$ref": "#/components/schemas/AlertInfo"
      }
    },
    "created_time": {
      "type": "string",
      "description": "The time the investigation was created, as an ISO formatted timestamp.",
      "example": "2018-06-06T16:56:42Z"
    }
  },
  "required": [
    "created_time",
    "id",
    "rrn",
    "source",
    "status",
    "title"
  ]
}