GET /v0/computers/{:connector_guid}/trajectory
Description
Provides a list of all activities associated with a particular computer. This is analogous to the Device Trajectory on the FireAMP Console.
Using the q parameter, you can search for an IP Address, SHA256 or URL.
Query Parameters
| Name | Type | Example Values | Description |
|---|---|---|---|
q |
String | 37ceea0922d1177a9de74f4858678acf6afd22706489fcca35a509bca9688cb7 | |
limit |
Integer | 5 |
| Name | Type | Description |
|---|---|---|
| version | String | |
| metadata.links.self | String | |
| data.computer.connector_guid | GUID | |
| data.computer.hostname | String | |
| data.computer.active | Boolean | |
| data.computer.links.computer | String | |
| data.computer.links.trajectory | String | |
| data.computer.links.group | String | |
| data.computer.connector_version | String | |
| data.computer.operating_system | String | |
| data.computer.internal_ips | Array | |
| data.computer.internal_ips[] | String | |
| data.computer.external_ip | String | |
| data.computer.group_guid | GUID | |
| data.computer.install_date | String (Time ISO8601) | |
| data.computer.network_addresses | Array | |
| data.computer.network_addresses[].mac | String | |
| data.computer.network_addresses[].ip | String | |
| data.computer.policy.guid | GUID | |
| data.computer.policy.name | String | |
| data.events | Array | |
| data.events[].timestamp | Integer | |
| data.events[].timestamp_nanoseconds | Integer | |
| data.events[].date | String (Time ISO8601) | |
| data.events[].event_type | String | |
| data.events[].detection | String | |
| data.events[].group_guids | Array | |
| data.events[].group_guids[] | GUID | |
| data.events[].file.disposition | String | |
| data.events[].file.file_name | String | |
| data.events[].file.file_path | String | |
| data.events[].file.file_type | String | |
| data.events[].file.identity.sha256 | String | |
| data.events[].file.parent.disposition | String | |
| data.events[].file.parent.identity.sha256 | String |
Examples
- Fetch a specific computer's trajectory with given connector_guid
- Fetch a specific computer's trajectory with given connector_guid and filter for files with a SHA-...
Fetch a specific computer's trajectory with given connector_guid
Request
Requires AuthorizationGET /v0/computers/55d4faec-9481-4686-a667-f71ec35e7a6d/trajectory
Headers
accept: application/json
content-type: application/json
accept-encoding: identity
authorization: Basic FILTERED
cURL Edit, then copy and paste on your terminal
curl -X GET \
-H 'accept: application/json' \
-H 'content-type: application/json' \
-H 'accept-encoding: identity' \
--compressed -H 'Accept-Encoding: gzip, deflate' \
-u YOUR_API_CLIENT_ID \
'https://api.amp.cisco.com/v0/computers/55d4faec-9481-4686-a667-f71ec35e7a6d/trajectory'
Response
cURL Edit, then copy and paste on your terminal
curl -X GET \ -H 'accept: application/json' \ -H 'content-type: application/json' \ -H 'accept-encoding: identity' \ --compressed -H 'Accept-Encoding: gzip, deflate' \ -u YOUR_API_CLIENT_ID \ 'https://api.amp.cisco.com/v0/computers/55d4faec-9481-4686-a667-f71ec35e7a6d/trajectory'
Shortened for readability
content-type: application/json; charset=utf-8 transfer-encoding: chunked status: 200 OK x-ratelimit-limit: 3000 x-ratelimit-reset: 1988 referrer-policy: strict-origin-when-cross-origin x-ratelimit-remaining: 2855 x-permitted-cross-domain-policies: none x-download-options: noopen etag: W/"95ce863f31dca3140ba5d28c6eb4bbd3" x-frame-options: SAMEORIGIN x-ratelimit-resetdate: 2021-05-05T23:55:49Z strict-transport-security: max-age=31536000
{
"version": "v0.2.2",
"metadata": {
"links": {
"self": "https://api.amp.cisco.com/v0/computers/55d4faec-9481-4686-a667-f71ec35e7a6d/trajectory"
}
},
"data": {
"computer": {
"connector_guid": "55d4faec-9481-4686-a667-f71ec35e7a6d",
"hostname": "Demo_AMP",
"windows_processor_id": "1b932e70da84f65",
"active": true,
"links": {
"computer": "https://api.amp.cisco.com/v0/computers/55d4faec-9481-4686-a667-f71ec35e7a6d",
"trajectory": "https://api.amp.cisco.com/v0/computers/55d4faec-9481-4686-a667-f71ec35e7a6d/trajectory",
"group": "https://api.amp.cisco.com/v0/groups/6c3c2005-4c74-4ba7-8dbb-c4d5b6bafe03"
},
"connector_version": "99.0.99.30065",
"operating_system": "Windows 10 Enterprise",
"internal_ips": [
"29.185.115.160"
],
"external_ip": "182.209.164.92",
"group_guid": "6c3c2005-4c74-4ba7-8dbb-c4d5b6bafe03",
"install_date": "2021-04-05T23:22:31Z",
"is_compromised": false,
"network_addresses": [
{
"mac": "c4:dd:c2:53:e2:cc",
"ip": "29.185.115.160"
}
],
"policy": {
"guid": "520c7c68-a637-43b1-b851-7830b0b336b6",
"name": "Protect Policy"
},
"faults": [
],
"isolation": {
"available": false,
"status": "not_isolated"
},
"orbital": {
"status": "not_enabled"
}
},
"events": [
]
}
}
Fetch a specific computer's trajectory with given connector_guid and filter for files with a SHA-256 value
Request
Requires AuthorizationGET /v0/computers/55d4faec-9481-4686-a667-f71ec35e7a6d/trajectory?q=37ceea0922d1177a9de74f4858678acf6afd22706489fcca35a509bca9688cb7&limit=5
Headers
accept: application/json
content-type: application/json
accept-encoding: identity
authorization: Basic FILTERED
cURL Edit, then copy and paste on your terminal
curl -X GET \
-H 'accept: application/json' \
-H 'content-type: application/json' \
-H 'accept-encoding: identity' \
--compressed -H 'Accept-Encoding: gzip, deflate' \
-u YOUR_API_CLIENT_ID \
'https://api.amp.cisco.com/v0/computers/55d4faec-9481-4686-a667-f71ec35e7a6d/trajectory?q=37ceea0922d1177a9de74f4858678acf6afd22706489fcca35a509bca9688cb7&limit=5'
Response
cURL Edit, then copy and paste on your terminal
curl -X GET \ -H 'accept: application/json' \ -H 'content-type: application/json' \ -H 'accept-encoding: identity' \ --compressed -H 'Accept-Encoding: gzip, deflate' \ -u YOUR_API_CLIENT_ID \ 'https://api.amp.cisco.com/v0/computers/55d4faec-9481-4686-a667-f71ec35e7a6d/trajectory?q=37ceea0922d1177a9de74f4858678acf6afd22706489fcca35a509bca9688cb7&limit=5'
Shortened for readability
content-type: application/json; charset=utf-8 transfer-encoding: chunked status: 200 OK x-ratelimit-limit: 3000 x-ratelimit-reset: 1988 referrer-policy: strict-origin-when-cross-origin x-ratelimit-remaining: 2854 x-permitted-cross-domain-policies: none x-download-options: noopen etag: W/"9ae12db4116a6089ebef3e8f3b48c12f" x-frame-options: SAMEORIGIN x-ratelimit-resetdate: 2021-05-05T23:55:49Z strict-transport-security: max-age=31536000
{
"version": "v0.2.2",
"metadata": {
"links": {
"self": "https://api.amp.cisco.com/v0/computers/55d4faec-9481-4686-a667-f71ec35e7a6d/trajectory?q=37ceea0922d1177a9de74f4858678acf6afd22706489fcca35a509bca9688cb7&limit=5"
}
},
"data": {
"computer": {
"connector_guid": "55d4faec-9481-4686-a667-f71ec35e7a6d",
"hostname": "Demo_AMP",
"windows_processor_id": "1b932e70da84f65",
"active": true,
"links": {
"computer": "https://api.amp.cisco.com/v0/computers/55d4faec-9481-4686-a667-f71ec35e7a6d",
"trajectory": "https://api.amp.cisco.com/v0/computers/55d4faec-9481-4686-a667-f71ec35e7a6d/trajectory",
"group": "https://api.amp.cisco.com/v0/groups/6c3c2005-4c74-4ba7-8dbb-c4d5b6bafe03"
},
"connector_version": "99.0.99.30065",
"operating_system": "Windows 10 Enterprise",
"internal_ips": [
"29.185.115.160"
],
"external_ip": "182.209.164.92",
"group_guid": "6c3c2005-4c74-4ba7-8dbb-c4d5b6bafe03",
"install_date": "2021-04-05T23:22:31Z",
"is_compromised": false,
"network_addresses": [
{
"mac": "c4:dd:c2:53:e2:cc",
"ip": "29.185.115.160"
}
],
"policy": {
"guid": "520c7c68-a637-43b1-b851-7830b0b336b6",
"name": "Protect Policy"
},
"faults": [
],
"isolation": {
"available": false,
"status": "not_isolated"
},
"orbital": {
"status": "not_enabled"
}
},
"events": [
]
}
}