Documentation Index
Fetch the complete documentation index at: https://learninghub.blinkops.com/llms.txt
Use this file to discover all available pages before exploring further.
Parameters
| Parameter | Description |
|---|
| Include | A comma separated list of the relationship records to include in the response.For example: organization,created_by,updated_by.This is useful when you are querying for a record, and want to resolve specific relationship data without making multiple calls, such as expel_alerts. For further information, please refer to Expel Documentation. |
| Investigation ID | The ID of the investigation to retrieve. Can be obtained using the List Investigations action. |
Example Output
{ "links": { "self": " https://workbench.expel.io/api/v2/investigations/exampleid" }, "data": { "analyst_severity": "CRITICAL", "attack_lifecycle": "INITIAL_RECON", "attack_timing": "HISTORICAL", "attack_vector": "DRIVE_BY", "close_comment": "string", "created_at": "2019-01-15T15:35:00-05:00", "critical_comment": "string", "decision": "FALSE_POSITIVE", "default_plugin_slug": "string", "deleted_at": "2019-01-15T15:35:00-05:00", "detection_type": "UNKNOWN", "has_hunting_status": true, "initial_attack_vector": "string", "is_downgrade": true, "is_incident": true, "is_incident_status_updated_at": "2019-01-15T15:35:00-05:00", "is_soc_support_required": true, "is_surge": true, "last_published_at": "2019-01-15T15:35:00-05:00", "last_published_value": "string", "lead_description": "string", "malware_family": "string", "next_steps": "string", "open_reason": "ACCESS_KEYS", "open_summary": "string", "review_requested_at": "2019-01-15T15:35:00-05:00", "short_link": "string", "source_reason": "HUNTING", "status_updated_at": "2019-01-15T15:35:00-05:00", "threat_type": "TARGETED", "title": "string", "updated_at": "2019-01-15T15:35:00-05:00" }}
Workflow Library Example
Get Investigation with Expel and Send Results Via Email
Preview this Workflow on desktop