- Assign multiple Investigations to a person at once
I am not aware of a straight forward method.
Potentially you can extract the IDs of the investigation you interested in using the API:
curl --output investigations.json --silent -k -H “X-Api-Key: xxxxxxx-zzzz-aaaa-bbbb-123456789012” -H “Content-Type: application/json” https:///eu.api.insight.rapid7.com/idr/v1/investigations?end_time=2021-02-03T00:00:00Z&index=0&size=1000&start_time=2018-07-01T00:00:00Z&statuses=OPEN
(The API will return a limited number of investigations so it needs to be run multiple times with different start and stop times)
Then use the list of IDs to create script that will go over this list of IDs and assign them to InsightIDR user using this API:
Unless you are comfortable with APIs and scripting this task might be easier to achieve manually.
- Close multiple Investigations at one time, with the same notes, based on some manner of filter (asset name, user name, etc.)
First option - via API:
Second option - from the GUI:
Navigate to Investigations:
In the left panel filter by “Alert type” or “Threat” or “Alert by attack chain” - whatever is suitable in your case.
Next click on the “Close” drop down menu on any of the investigations.
There is an option called - “Close all investigations of type in this date range”
This will close all displayed investigations.
You can further filter the list of investigations using the “Date range” filter - in the left panel.
I am not aware of any ways to filter investigations based on asset name or user name or an option add notes at bulk.
You can always contact Rapid7 support from InsightIDR GUI:
“Help” button - top right corner “Request Support”
They will provide the most adequate answer.