InsightIDR REST API
Available InsightIDR APIs
Below are the available InsightIDR APIs and the capabilities of each. To learn more about Authentication and basic concepts, see Insight Platform API.
Only the APIs listed below will work for InsightIDR
The Investigations resource allows you to see any existing investigations, close investigations, and set the investigation status.
- List Investigation
- Close Investigations in Bulk
- Set the Status of an Investigation
- Assign User to Investigation
The Threats resource allows you to add or replace threat indicators.
The Query API allows you to perform LEQL queries through an API interface in the same manner that you would in the UI.
The Saved Queries resource allows you to create and manage search queries.
- Get All Saved Queries
- Create a Saved Query
- Update a Saved Query
- Modify a Query Saved Query
- Delete a Saved Query
The Logs resource allows you to interact with Logs in your account.
The Logsets resource allows you to see existing Logsets in your account.