I want to handle multiple triggered investigations into single investigation. For this I created custom log for user and asset also I have list for user and asset. But, I couldnt find anyway to push users and asset inside to investigation. I tried Custom rule but there is no way to add actor there. I looked already IDR api. Do you have any idea to share?
It is not possible today to add any data other than a comment to an investigation. You can create an investigation with a few details, title, status, assignee I believe, but that is it. The option to add evidence, actors, it doesn’t exist. You would then add that data into a comment if that is something you are still looking to do.