Investigated Entity List API
The Investigated Entity List API returns entities that have been marked as investigated. The API supports pagination, allowing consumers to retrieve and navigate through large sets of investigated entities.
Overview
The Offenses API returns the most recent offenses from QRadar. Results can be filtered by offense type or restricted to User and Entity Behavior Analytics (UEBA) offenses.
Endpoint
GET /api/investigated_entity_list
Query parameters
| Parameter | Type | Default | Description |
|---|---|---|---|
| limit | integer | 50 |
Maximum number of investigated entities returned in a single request. |
| offset | integer | 0 |
Number of entities to skip before returning results. Used for pagination. |
Pagination
limit: Controls the number of records returned per request.offset: Specifies the starting position within the result set.
Note: Use both parameters together to navigate through large result sets.
Response
The API returns a list of offenses containing information such as:
- A list of investigated entitites
- Entity identifiers and associated user information
- Investigation-related details, such as status and investigation date
- Pagination metadata, including
total_count,limit, andoffset
Response example
{
"investigated": [
{
"entity_id": 12345,
"username": "john.doe",
"investigation_date": "2026-06-15T10:15:00Z",
"investigation_status": "Closed",
"notes": "Investigation completed"
}
],
"total_count": 150,
"limit": 50,
"offset": 0
}
Error handling
| HTTP Status | Description |
|---|---|
| 500 Internal Server Error | An unexpected error occurred while retrieving investigated entity list. |