Rapid7 InsightIDR 12.0.4 Release (#3678)

* Investigation statuses update and SDK bump (#3674)

* Bump aiohttp from 3.13.0 to 3.13.3 in /plugins/rapid7_insightidr (#3677)

---
updated-dependencies:
- dependency-name: aiohttp
  dependency-version: 3.13.3
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

---------

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Author: lcwiklinski-r7

plugins/rapid7_insightidr/.CHECKSUM

@@ -1,7 +1,7 @@
 {
-	"spec": "1ad12e1d839b9b3c756b86feb61f5fac",
-	"manifest": "4bf910db7bce11facb3dd160458a1424",
-	"setup": "ae40dbffd1d68ee997034cc1e3a78484",
+	"spec": "e895b3394b9d1d7b7ec4e2b0ad85cf5f",
+	"manifest": "0f84afa8c1addc39d7de98e1b1bf422c",
+	"setup": "56c2ff87966ad10417c1ab061a9558c0",
 	"schemas": [
 		{
 			"identifier": "add_indicators_to_a_threat/schema.py",
@@ -29,7 +29,7 @@
 		},
 		{
 			"identifier": "create_investigation/schema.py",
-			"hash": "d68a161838209167ada525f4befcefad"
+			"hash": "0a86344c71d67580f8ba676028df7e4c"
 		},
 		{
 			"identifier": "create_threat/schema.py",
@@ -141,15 +141,15 @@
 		},
 		{
 			"identifier": "set_status_of_investigation_action/schema.py",
-			"hash": "1f6b204e5077956c0ab661f90ed30c52"
+			"hash": "8873fa8b3663d7cd57b80e580e21a97d"
 		},
 		{
 			"identifier": "update_alert/schema.py",
 			"hash": "525e7b7f6fbe9a3ce3d5db4239e29710"
 		},
 		{
 			"identifier": "update_investigation/schema.py",
-			"hash": "225c52f604b553f51863dd7d062abe3c"
+			"hash": "6d79b30cac0f8044ba6e67f4a53bcd52"
 		},
 		{
 			"identifier": "upload_attachment/schema.py",

plugins/rapid7_insightidr/Dockerfile

@@ -1,4 +1,4 @@
-FROM --platform=linux/amd64 rapid7/insightconnect-python-3-plugin:6.3.10 AS builder
+FROM --platform=linux/amd64 rapid7/insightconnect-python-3-plugin:6.4.1 AS builder
 
 WORKDIR /python/src
 
@@ -11,7 +11,7 @@ ADD . /python/src
 RUN pip install .
 RUN pip uninstall -y setuptools
 
-FROM --platform=linux/amd64 rapid7/insightconnect-python-3-plugin:6.3.10
+FROM --platform=linux/amd64 rapid7/insightconnect-python-3-plugin:6.4.1
 
 LABEL organization=rapid7
 LABEL sdk=python

plugins/rapid7_insightidr/bin/komand_rapid7_insightidr

@@ -6,7 +6,7 @@ from sys import argv
 
 Name = "Rapid7 InsightIDR"
 Vendor = "rapid7"
-Version = "12.0.3"
+Version = "12.0.4"
 Description = "This plugin allows you to add indicators to a threat and see the status of investigations"
 
 

plugins/rapid7_insightidr/help.md

@@ -746,7 +746,7 @@ This action is used to allows to create investigation manually
 |disposition|string|None|False|Investigation's disposition|["", "BENIGN", "FALSE_POSITIVE", "MALICIOUS", "NOT_APPLICABLE", "SECURITY_TEST", "UNDECIDED", "UNKNOWN"]|BENIGN|None|None|
 |email|string|None|False|A user's email address for investigation to be assigned|None|[email protected]|None|None|
 |priority|string|None|False|Investigation's priority|["", "LOW", "MEDIUM", "HIGH", "CRITICAL"]|LOW|None|None|
-|status|string|None|False|Investigation's status|["", "OPEN", "CLOSED"]|OPEN|None|None|
+|status|string|None|False|Investigation's status|["", "OPEN", "INVESTIGATING", "WAITING", "CLOSED"]|OPEN|None|None|
 |title|string|None|True|Investigation's title|None|Example Title|None|None|
 
 Example input:
@@ -2517,7 +2517,7 @@ This action is used to set the status of the investigation with the given ID
 |Name|Type|Default|Required|Description|Enum|Example|Placeholder|Tooltip|
 | :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- |
 |id|string|None|True|The ID of the investigation to change the status of|None|174e4f99-2ac7-4481-9301-4d24c34baf06|None|None|
-|status|string|CLOSED|True|The new status for the investigation|["OPEN", "CLOSED"]|CLOSED|None|None|
+|status|string|CLOSED|True|The new status for the investigation|["OPEN", "INVESTIGATING", "WAITING", "CLOSED"]|CLOSED|None|None|
 
 Example input:
 
@@ -2692,7 +2692,7 @@ This action is used to allows to update existing investigation by ID or RRN
 |email|string|None|False|A user's email address for investigation to be assigned|None|[email protected]|None|None|
 |id|string|None|True|The identifier of investigation to be update (ID or RRN)|None|rrn:investigation:example:11111111-1111-1111-1111-111111111111:investigation:11111111|None|None|
 |priority|string|None|False|Investigation's priority|["", "UNSPECIFIED", "LOW", "MEDIUM", "HIGH", "CRITICAL"]|LOW|None|None|
-|status|string|None|False|Investigation's status|["", "OPEN", "INVESTIGATING", "CLOSED"]|OPEN|None|None|
+|status|string|None|False|Investigation's status|["", "OPEN", "INVESTIGATING", "WAITING", "CLOSED"]|OPEN|None|None|
 |title|string|None|False|Investigation's title|None|Example Title|None|None|
 
 Example input:
@@ -3428,6 +3428,7 @@ Example output:
 
 # Version History
 
+* 12.0.4 - Update Investigation status values to include `WAITING` and `INVESTIGATING` | SDK bump to 6.4.1
 * 12.0.3 - Actions: `Advanced Query on Log` and `Advanced Query on Log Set` - Updated schema
 * 12.0.2 - Triggers: `Get New Investigations` - Improved error handling | Updated SDK to the latest version (6.3.10)
 * 12.0.1 - Updated SDK to latest version (6.3.8) | Resolved Snyk Vulnerability

plugins/rapid7_insightidr/komand_rapid7_insightidr/actions/create_investigation/schema.py

@@ -68,6 +68,8 @@ class CreateInvestigationInput(insightconnect_plugin_runtime.Input):
       "enum": [
         "",
         "OPEN",
+        "INVESTIGATING",
+        "WAITING",
         "CLOSED"
       ],
       "order": 2

plugins/rapid7_insightidr/komand_rapid7_insightidr/actions/set_status_of_investigation_action/schema.py

@@ -36,6 +36,8 @@ class SetStatusOfInvestigationActionInput(insightconnect_plugin_runtime.Input):
       "default": "CLOSED",
       "enum": [
         "OPEN",
+        "INVESTIGATING",
+        "WAITING",
         "CLOSED"
       ],
       "order": 2

plugins/rapid7_insightidr/komand_rapid7_insightidr/actions/update_investigation/schema.py

@@ -77,6 +77,7 @@ class UpdateInvestigationInput(insightconnect_plugin_runtime.Input):
         "",
         "OPEN",
         "INVESTIGATING",
+        "WAITING",
         "CLOSED"
       ],
       "order": 3

plugins/rapid7_insightidr/plugin.spec.yaml

@@ -4,7 +4,7 @@ products: [insightconnect]
 name: rapid7_insightidr
 title: "Rapid7 InsightIDR"
 description: "This plugin allows you to add indicators to a threat and see the status of investigations"
-version: 12.0.3
+version: 12.0.4
 connection_version: 5
 supported_versions: ["Latest release successfully tested on 2025-07-22."]
 vendor: rapid7
@@ -32,9 +32,10 @@ key_features:
   - "Incident Response and Investigations"
 sdk:
   type: full
-  version: 6.3.10
+  version: 6.4.1
   user: nobody
 version_history:
+  - "12.0.4 - Update Investigation status values to include `WAITING` and `INVESTIGATING` | SDK bump to 6.4.1"
   - "12.0.3 - Actions: `Advanced Query on Log` and `Advanced Query on Log Set` - Updated schema"
   - "12.0.2 - Triggers: `Get New Investigations` - Improved error handling | Updated SDK to the latest version (6.3.10)"
   - "12.0.1 - Updated SDK to latest version (6.3.8) | Resolved Snyk Vulnerability"
@@ -1563,6 +1564,8 @@ actions:
         enum:
           - ""
           - OPEN
+          - INVESTIGATING
+          - WAITING
           - CLOSED
         required: false
         example: OPEN
@@ -1685,6 +1688,7 @@ actions:
           - ""
           - OPEN
           - INVESTIGATING
+          - WAITING
           - CLOSED
         required: false
         example: OPEN
@@ -1826,6 +1830,8 @@ actions:
         example: CLOSED
         enum:
         - OPEN
+        - INVESTIGATING
+        - WAITING
         - CLOSED
     output:
       investigation:

plugins/rapid7_insightidr/requirements.txt

@@ -3,5 +3,5 @@
 # See: https://pip.pypa.io/en/stable/user_guide/#requirements-files
 python-dateutil==2.9.0
 validators==0.35.0
-aiohttp==3.13.0
+aiohttp==3.13.3
 parameterized==0.8.1

plugins/rapid7_insightidr/setup.py

@@ -4,7 +4,7 @@
 
 setup(
     name="rapid7_insightidr-rapid7-plugin",
-    version="12.0.3",
+    version="12.0.4",
     description="This plugin allows you to add indicators to a threat and see the status of investigations",
     author="rapid7",
     author_email="",