Is there any way through which i can show in graphical form total investigations in graphicial form
Hello Saad,
Thank you for your patience and hopefully you found a good answer already. It does not seem Rapid7 has an innate way to query for all investigations. Of their audit logs’ keys, the one they are missing is for automatic/rule-based openings of Investigations. Here are the Investigation-related events that they are logged: Audit Logging | InsightIDR Documentation
If you only manually open investigations then you can use that key, query for it, and build a dashboard card around it.
Additionally I’ve seen a similar question asked a few years a go and the answer was that this was something to be added. I’m not yet very knowledgeable on R7. I would recommend something like querying the audit logs and using groupby(action) to get a decent estimate depending on your team’s investigation handling procedures. If every investigation is either assigned to someone or handled within a timely manner you can use the “action” key to get a good estimate with your time range. You can then add this query as a dashboard card.