In the Investigations section in InsightIDR is there a way to filter/search to view all unassigned investigations? Right now we can only filter by specific users, and we have to manually go through our open investigations to find unassigned ones
1 Like
Hi @cberklite this is not currently an option unfortunately, it is however something that has been requested previously and is on our backlog of enhancement requests.
If it’s not possible in the UI is there a way to do so through the API, or is there a way to auto assign investigations as they come in? Just trying to think of work arounds while it’s in your backlog
Hello! If you are a Python user you could use InsightIDR4Py, which provides access to most of the InsightIDR API functionality.
You can install it with pip:
pip install InsightIDR4Py
Then the following code snippet will provide a list of unassigned investigations:
import InsightIDR4Py as idr
api = idr.InsightIDR("api_key_here")
# list unassigned investigations
unassigned = [inv for inv in api.ListInvestigations() if not inv["assignee"]]
Hope that helps! Let me know if you have any questions.
Micah
PS I’ve just published a blog about the tool with some more examples here:
That is perfect, thank you!
1 Like
This feature did exist in the past but then it was taken away for some reason. It was a really good feature to make sure no investigations were missed. I really hope that it will be re-introduced!
1 Like