Investigated users

The investigated_list API endpoint gathers users who are currently under investigation. The user data returned has fields shown in the following sample from the UBA database.

cURL command

curl -k -H 'Content-Type:application/json' -H 'Accept:application/json' -H 'SEC:SEC_TOKEN'https://QR_IP_ADDRESS/console/plugins/UBA_APP_ID/app_proxy/api/investigated_list

Sample return

Note: The following sample shows an example return of two users.
{"investigated":[{"alert":"Test","aliases":["john.doe"],"color":"#A2191F","color_severity":4,"display_name":"john.doe","id":4,"investigation_user":"admin","ml_id":"john.doe","risk0":1674,"risk1":1663,"risk2":1667,"risk3":1688,"risk_scale_max":1,"score":1674.72,"trending":1},{"alert":null,"aliases":["kelly.lin"],"color":"#A2191F","color_severity":4,"display_name":"kelly.lin","id":33,"investigation_user":"admin","ml_id":"kelly.lin","risk0":307,"risk1":326,"risk2":345,"risk3":366,"risk_scale_max":1,"score":307.63,"trending":-1}],"risk_threshold":244.0}