Exporting Investigations to CSV

Hi all,

Please, is there a way to export the investigations from InsightIDR to a CSV or Excel.

Thank you.

1 Like

looks like it is just pdf but depending on what your trying to do you could create an alert for all new investigations that get sent to your help desk system, you could then possibly parse or report on. not sure what the end goal is.


If the following properties are sufficient you can use InsightIDR API:

  • Investigation id
  • Investigation title
  • Investigation status
  • Investigation source
  • Investigation alerts
  • Investigation created_time

This article can help you to setup the API from InsightIDR side:

General InsightIDR API information:

This PowerShell command bellow will download the last 99 investigations in JSON format and convert them into CSV format and create TheSpreadSheetFile.csv file in your current PowerShell directory:
(((Invoke-WebRequest -Uri "https://eu.api.insight.rapid7.com/idr/v1/investigations?size=99" -Headers @{'X-Api-Key' = ' API key goes here between the quote marks '; 'Content-Type' = 'application/json'}).content|ConvertFrom-Json).data)|Export-Csv -NoTypeInformation -Path TheSpreadSheetFile.csv

You can also pull investigations based on their status as well - open or close.

Please note that with each API call you can pull limited number of investigations - more details can be found in the document above.

Alternatively if you wish to pull more details about investigations you can open the Investigation page then fire up the built-in browser DevTools then refresh the investigation page.
Under the "Network’ section of DevTools look for request for “list”. The response section will contain the currently displayed investigations in JSON format. Then this JSON can be manipulated with PowerShell and converted to CSV, but that is a tedious process.

Let me know if you wish to take this path so I can share some additional details.

1 Like

Thank you for this! This really satisfy what I was looking for.
I created my organization API key and used it with the Powershell script.


Thank you very much for your help.
The PoweShell script helped me.

The problem is that the csv does not export the fields:

Would you know what to modify in PowerShell to get these values?

Thank you very much.

Unfortunately “Priority” and “Disposition” are not provided by the API. “Assignee” is present in the API response. However it is a nested value. I will try to modify the script so the “Assignee” value can be added properly to the resulting .csv file.

Also just to note, priority and disposition will be coming soon to a new evolved investigation API


1 Like

(((Invoke-WebRequest -Uri "https://eu.api.insight.rapid7.com/idr/v1/investigations?size=99" -Headers @{'X-Api-Key' = ' API key goes here between the quote marks '; 'Content-Type' = 'application/json'}).content|ConvertFrom-Json).data)| foreach {$r=$_|select * -ExcludeProperty assignee,alerts; $_.assignee | foreach {$r | Add-Member -Name "assignee_name" -Value $_.name -MemberType NoteProperty; $r| Add-Member -Name "assignee_email" -Value $_.email -MemberType NoteProperty}; $_.alerts | foreach {$r | Add-Member -Name "alert_type" -Value $_.type -MemberType NoteProperty; $r| Add-Member -Name "alert_description" -Value $_.type_description -MemberType NoteProperty}; return $r}|Export-Csv -NoTypeInformation -Path TheSpreadSheetFile.csv

(Please adjust “size=” accordingly - from 1 to 1000, please fill in the Api-Key accordingly.)

The script should print the following columns:

The “assignee” object is replaced by two new objects based on the “assignee” values (this is done by the script):
assignee_name and assignee_email
Same for the “alerts” object - replaced by:

Credits for the script:

Let me know how it goes.