:doc:`SecurityIncidentResponse <../../security-ir>` / Client / list_investigations

*******************
list_investigations
*******************



.. py:method:: SecurityIncidentResponse.Client.list_investigations(**kwargs)

  

  Investigation performed by an agent for a security incident...

  

  See also: `AWS API Documentation <https://docs.aws.amazon.com/goto/WebAPI/security-ir-2018-05-10/ListInvestigations>`_  


  **Request Syntax**
  ::

    response = client.list_investigations(
        nextToken='string',
        maxResults=123,
        caseId='string'
    )
    
  :type nextToken: string
  :param nextToken: 

    Investigation performed by an agent for a security incident request

    

  
  :type maxResults: integer
  :param maxResults: 

    Investigation performed by an agent for a security incident request, returning max results

    

  
  :type caseId: string
  :param caseId: **[REQUIRED]** 

    Investigation performed by an agent for a security incident per caseID

    

  
  
  :rtype: dict
  :returns: 
    
    **Response Syntax**

    
    ::

      {
          'nextToken': 'string',
          'investigationActions': [
              {
                  'investigationId': 'string',
                  'actionType': 'Evidence'|'Investigation'|'Summarization',
                  'title': 'string',
                  'content': 'string',
                  'status': 'Pending'|'InProgress'|'Waiting'|'Completed'|'Failed'|'Cancelled',
                  'lastUpdated': datetime(2015, 1, 1),
                  'feedback': {
                      'usefulness': 'USEFUL'|'NOT_USEFUL',
                      'comment': 'string',
                      'submittedAt': datetime(2015, 1, 1)
                  }
              },
          ]
      }
      
    **Response Structure**

    

    - *(dict) --* 
      

      - **nextToken** *(string) --* 

        Investigation performed by an agent for a security incident for next Token

        
      

      - **investigationActions** *(list) --* 

        Investigation performed by an agent for a security incid…Unique identifier for the specific investigation>

        
        

        - *(dict) --* 

          Represents an investigation action performed within a case. This structure captures the details of an automated or manual investigation, including its status, results, and user feedback.

          
          

          - **investigationId** *(string) --* 

            The unique identifier for this investigation action. This ID is used to track and reference the specific investigation throughout its lifecycle.

            
          

          - **actionType** *(string) --* 

            The type of investigation action being performed. This categorizes the investigation method or approach used in the case.

            
          

          - **title** *(string) --* 

            Human-readable summary of the investigation focus. This provides a brief description of what the investigation is examining or analyzing.

            
          

          - **content** *(string) --* 

            Detailed investigation results in rich markdown format. This field contains the comprehensive findings, analysis, and conclusions from the investigation.

            
          

          - **status** *(string) --* 

            The current execution status of the investigation. This indicates whether the investigation is pending, in progress, completed, or failed.

            
          

          - **lastUpdated** *(datetime) --* 

            ISO 8601 timestamp of the most recent status update. This indicates when the investigation was last modified or when its status last changed.

            
          

          - **feedback** *(dict) --* 

            User feedback for this investigation result. This contains the user's assessment and comments about the quality and usefulness of the investigation findings.

            
            

            - **usefulness** *(string) --* 

              User assessment of the investigation result's quality and helpfulness. This rating indicates how valuable the investigation findings were in addressing the case.

              
            

            - **comment** *(string) --* 

              Optional user comments providing additional context about the investigation feedback. This allows users to explain their rating or provide suggestions for improvement.

              
            

            - **submittedAt** *(datetime) --* 

              ISO 8601 timestamp when the feedback was submitted. This records when the user provided their assessment of the investigation results.

              
        
      
    
  
  **Exceptions**
  
  *   :py:class:`SecurityIncidentResponse.Client.exceptions.ServiceQuotaExceededException`

  
  *   :py:class:`SecurityIncidentResponse.Client.exceptions.AccessDeniedException`

  
  *   :py:class:`SecurityIncidentResponse.Client.exceptions.ValidationException`

  
  *   :py:class:`SecurityIncidentResponse.Client.exceptions.SecurityIncidentResponseNotActiveException`

  
  *   :py:class:`SecurityIncidentResponse.Client.exceptions.InternalServerException`

  
  *   :py:class:`SecurityIncidentResponse.Client.exceptions.ThrottlingException`

  
  *   :py:class:`SecurityIncidentResponse.Client.exceptions.ConflictException`

  
  *   :py:class:`SecurityIncidentResponse.Client.exceptions.ResourceNotFoundException`

  
  *   :py:class:`SecurityIncidentResponse.Client.exceptions.InvalidTokenException`

  