Palo Alto Networks · JSON Structure

Cortex Xsoar Api Investigation Structure

A Cortex XSOAR investigation containing war room entries and playbook state.

Type: object Properties: 9
Cloud SecurityCybersecurityFirewallNetwork SecuritySASESOARThreat IntelligenceXDR

Investigation is a JSON Structure definition published by Palo Alto Networks, describing 9 properties. It conforms to the https://json-structure.org/meta/core/v0/# meta-schema.

Properties

id name status incidentId created modified entries playbookId runningPlaybooks

Meta-schema: https://json-structure.org/meta/core/v0/#

JSON Structure

Raw ↑ 
{
  "$schema": "https://json-structure.org/meta/core/v0/#",
  "$id": "https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-structure/cortex-xsoar-api-investigation-structure.json",
  "name": "Investigation",
  "description": "A Cortex XSOAR investigation containing war room entries and playbook state.",
  "type": "object",
  "properties": {
    "id": {
      "type": "string"
    },
    "name": {
      "type": "string"
    },
    "status": {
      "type": "int32"
    },
    "incidentId": {
      "type": "string"
    },
    "created": {
      "type": "datetime"
    },
    "modified": {
      "type": "datetime"
    },
    "entries": {
      "type": "array",
      "items": {
        "type": "object",
        "description": "A war room entry in a Cortex XSOAR investigation.",
        "properties": {
          "id": {
            "type": "string"
          },
          "investigationId": {
            "type": "string"
          },
          "type": {
            "type": "int32",
            "description": "Entry type: 1 (Note), 2 (Download), 3 (File), 4 (Error), 5 (Pinned), 6 (UserManagement), 7 (Image), 8 (PlaygroundCommand), 9 (PlaybookStatusNote), 10 (Canvas), 11 (Widget), 12 (Summary), 13 (Section), 14 (Table)."
          },
          "user": {
            "type": "string",
            "description": "Username of the user who created the entry."
          },
          "created": {
            "type": "datetime"
          },
          "modified": {
            "type": "datetime"
          },
          "contents": {
            "type": "string",
            "description": "Entry content text."
          },
          "humanReadable": {
            "type": "string",
            "description": "Human-readable formatted content."
          },
          "tags": {
            "type": "array",
            "items": {
              "type": "string"
            }
          }
        }
      }
    },
    "playbookId": {
      "type": "string"
    },
    "runningPlaybooks": {
      "type": "array",
      "items": {
        "type": "string"
      }
    }
  }
}