If the following properties are sufficient you can use InsightIDR API:
- Investigation id
- Investigation title
- Investigation status
- Investigation source
- Investigation alerts
- Investigation created_time
This article can help you to setup the API from InsightIDR side:
https://docs.rapid7.com/insight/managing-platform-api-keys
General InsightIDR API information:
https://docs.rapid7.com/insightidr/insightidr-rest-api/
This PowerShell command bellow will download the last 99 investigations in JSON format and convert them into CSV format and create TheSpreadSheetFile.csv file in your current PowerShell directory:
(((Invoke-WebRequest -Uri "https://eu.api.insight.rapid7.com/idr/v1/investigations?size=99" -Headers @{'X-Api-Key' = ' API key goes here between the quote marks '; 'Content-Type' = 'application/json'}).content|ConvertFrom-Json).data)|Export-Csv -NoTypeInformation -Path TheSpreadSheetFile.csv
You can also pull investigations based on their status as well - open or close.
E.g.:
https://eu.api.insight.rapid7.com/idr/v1/investigations?statuses=OPEN&size=99
Please note that with each API call you can pull limited number of investigations - more details can be found in the document above.
Alternatively if you wish to pull more details about investigations you can open the Investigation page then fire up the built-in browser DevTools then refresh the investigation page.
Under the "Network’ section of DevTools look for request for “list”. The response section will contain the currently displayed investigations in JSON format. Then this JSON can be manipulated with PowerShell and converted to CSV, but that is a tedious process.
Let me know if you wish to take this path so I can share some additional details.