Investigation
Stay organized with collections Save and categorize content based on your preferences.

JSON representation

Represents the aggregated state of an investigation such as categorization, severity, and status. Can be expanded to include analyst assignment details and more.

JSON representation

JSON representation
{ "comments": [ string ], "verdict": enum (`Verdict`), "reputation": enum (`Reputation`), "severity_score": integer, "status": enum (`Status`), "priority": enum (`Priority`), "root_cause": string, "reason": enum (`Reason`), "risk_score": integer }

{
  "comments": [
    string
  ],
  "verdict": enum (Verdict),
  "reputation": enum (Reputation),
  "severity_score": integer,
  "status": enum (Status),
  "priority": enum (Priority),
  "root_cause": string,
  "reason": enum (Reason),
  "risk_score": integer
}

Fields
`comments[]`	`string` Comment added by the Analyst.
`verdict`	`enum (Verdict)` Describes reason a finding investigation was resolved.
`reputation`	`enum (Reputation)` Describes whether a finding was useful or not-useful.
`severity_score`	`integer (uint32 format)` Severity score for a finding set by an analyst.
`status`	`enum (Status)` Describes the workflow status of a finding.
`priority`	`enum (Priority)` Priority of the Alert or Finding set by analyst.
`root_cause`	`string` Root cause of the Alert or Finding set by analyst.
`reason`	`enum (Reason)` Reason for closing the Case or Alert.
`risk_score`	`integer (uint32 format)` Risk score for a finding set by an analyst.

Investigation Stay organized with collections Save and categorize content based on your preferences.

Investigation
Stay organized with collections Save and categorize content based on your preferences.