Guides

Investigations Events

Events related to Investigations that will trigger webhooks

Suggest Edits

Alloy uses webhooks to notify you every time a significant event occurs during your Investigation. Configure your listener to receive these status updates and automatically trigger reactions.

Webhooks can be configured on the Settings page.

Investigation Creation

create:investigationevents:investigation_event_type_id

Get notified if a new investigation is created — either manually or automatically via evaluation.

Response
{
  "request_token": ":request_token" ,
  "timestamp": 1724694191647,
  "type": "create: investigationevents:investigation_event_type_id",
  "description": "Notify on Investigation creation",
  "data": {
    "status_changed_at": 1724694191540,
    "status": "created",
    "agent": null,
    "investigation_token": ":investigation_token" ,
    "alert_tokens": [
      ":alert_token"
    ],
    "entity_tokens": [
      ":entity_token"
    ]
  }
}

Investigation Status Update

update:investigationevents:investigation_event_type_id

Get notified when a investigation's status is updated..

Promoted to case
Response
{
  "request_token": ":request_token",
  "timestamp": 1724696341237,
  "type": "update:investigationevents:investigation_event_type_id",
  "description": "Notify on Investigation status change",
  "data": {
    "status_changed_at": 1724696340562,
    "status": "promoted_to_case",
    "agent": ":agent_email",
    "investigation_token": ":investigation_token" ,
    "alert_tokens": [
      ":journey_alert_token"
    ],
    "entity_tokens": [
      ":entity_token"
    ]
  }
}
Investigation closed
Response
{
  "request_token": ":request_token" ,
  "timestamp": 1724698766122,
  "type": "update:investigationevents:investigation_event_type_id",
  "description": "Notify on Investigation status change",
  "data": {
    "status_changed_at": 1724698765964,
    "status": "closed",
    "agent": ":agent_email",
    "investigation_token": ":investigation_token",
    "alert_tokens": [
      ":journey_alert_token"
    ],
    "entity_tokens": [
      ":entity_token"
    ]
  }
}

Alert Assigned/Unassigned to/from Agent

update:investigationalerts:assigned_agent_id

Get notified when an Alert within an Investigation is assigned to an Agent, unassigned from an Agent, or re-assigned from one Agent to another.

Response
{
  "request_token": ":request_token" ,
  "timestamp": 1724698766122,
  "type": "update:investigationalerts:assigned_agent_id",
  "description": "Notify on Alert assignment change within Investigation",
  "data": {
    "assignment_changed_at": 1754511653863,
    "investigation_token": ":investigation-token",
    "journey_application_token": ":ja-token",
    "assigned_by": ":assigners-email",
    "assigned_agent": null,
    "action": "unassigned",
    "amr_token": ":amr-token"
  }
}

Investigation Assigned/Unassigned to/from Agent

update:investigationsalerts:assigned_agent_id

Get notified when an Investigation needing review is assigned to Agent, unassigned from an Agent, or re-assigned from one Agent to another.

Response
{
  "request_token": ":request_token" ,
  "timestamp": 1724698766122,
  "type": "update:investigations:assigned_agent_id",
  "description": "Notify on investigation assignment change",
  "data": {
    "assignment_changed_at": 1754511653863,
    "investigation_token": ":investigation-token",
    "journey_application_token": ":ja-token",
    "assigned_by": ":assigners-email",
    "assigned_agent": ":assigned-to-email",
    "action": "assigned",
  }
}

Updated 8 days ago