Search investigations by filter

Cortex XSOAR API
post /investigations/search Show code example 
CURL
curl -X POST \
-H "Authorization: [[apiKey]]"  \ 
-H "Accept: application/json" \
 -H "Content-Type: application/json,application/xml" \
"https://hostname:443/investigations/search" \
 -d '{
  "filter" : {
    "reason" : [ "reason", "reason" ],
    "notIDs" : [ "notIDs", "notIDs" ],
    "ignoreWorkers" : true,
    "idsOnly" : true,
    "type" : [ null, null ],
    "notCategory" : [ "notCategory", "notCategory" ],
    "fromDateLicense" : "2000-01-23T04:56:07.000+00:00",
    "andOp" : true,
    "searchAfterElastic" : [ "searchAfterElastic", "searchAfterElastic" ],
    "searchBefore" : [ "searchBefore", "searchBefore" ],
    "fromCloseDate" : "2000-01-23T04:56:07.000+00:00",
    "id" : [ "id", "id" ],
    "includeChildInv" : true,
    "period" : {
      "fromValue" : "fromValue",
      "toValue" : "toValue",
      "byFrom" : "byFrom",
      "field" : "field",
      "by" : "by",
      "byTo" : "byTo"
    },
    "searchAfterMap" : {
      "key" : [ "searchAfterMap", "searchAfterMap" ]
    },
    "searchAfterMapOrder" : {
      "key" : 6
    },
    "searchBeforeElastic" : [ "searchBeforeElastic", "searchBeforeElastic" ],
    "toDate" : "2000-01-23T04:56:07.000+00:00",
    "toCloseDate" : "2000-01-23T04:56:07.000+00:00",
    "sort" : [ {
      "asc" : true,
      "field" : "field",
      "fieldType" : "fieldType"
    }, {
      "asc" : true,
      "field" : "field",
      "fieldType" : "fieldType"
    } ],
    "timeFrame" : 5,
    "fromDate" : "2000-01-23T04:56:07.000+00:00",
    "size" : 1,
    "name" : [ "name", "name" ],
    "searchAfter" : [ "searchAfter", "searchAfter" ],
    "page" : 0,
    "category" : [ "category", "category" ],
    "user" : [ "user", "user" ],
    "Cache" : {
      "key" : [ "Cache", "Cache" ]
    },
    "status" : [ null, null ]
  }
}' \
 -d '
'
This will search investigations across all indices You can filter by multiple options