GET /v0/computers/{:connector_guid}/trajectory
Description
Provides a list of all activities associated with a particular computer. This is analogous to the Device Trajectory on the FireAMP Console.
Using the q
parameter, you can search for an IP Address, SHA256 or URL.
Query Parameters
Name | Type | Example Values | Description |
---|---|---|---|
q |
String | 37ceea0922d1177a9de74f4858678acf6afd22706489fcca35a509bca9688cb7 | |
limit |
Integer | 5 |
Name | Type | Description |
---|---|---|
version | String | |
metadata.links.self | String | |
data.computer.connector_guid | GUID | |
data.computer.hostname | String | |
data.computer.active | Boolean | |
data.computer.links.computer | String | |
data.computer.links.trajectory | String | |
data.computer.links.group | String | |
data.computer.connector_version | String | |
data.computer.operating_system | String | |
data.computer.internal_ips | Array | |
data.computer.internal_ips[] | String | |
data.computer.external_ip | String | |
data.computer.group_guid | GUID | |
data.computer.install_date | String (Time ISO8601) | |
data.computer.network_addresses | Array | |
data.computer.network_addresses[].mac | String | |
data.computer.network_addresses[].ip | String | |
data.computer.policy.guid | GUID | |
data.computer.policy.name | String | |
data.events | Array | |
data.events[].timestamp | Integer | |
data.events[].timestamp_nanoseconds | Integer | |
data.events[].date | String (Time ISO8601) | |
data.events[].event_type | String | |
data.events[].detection | String | |
data.events[].group_guids | Array | |
data.events[].group_guids[] | GUID | |
data.events[].file.disposition | String | |
data.events[].file.file_name | String | |
data.events[].file.file_path | String | |
data.events[].file.file_type | String | |
data.events[].file.identity.sha256 | String | |
data.events[].file.parent.disposition | String | |
data.events[].file.parent.identity.sha256 | String |
Examples
- Fetch a specific computer's trajectory with given connector_guid
- Fetch a specific computer's trajectory with given connector_guid and filter for files with a SHA-...
Fetch a specific computer's trajectory with given connector_guid
Request
Requires AuthorizationGET /v0/computers/bad2c522-3052-4d75-93a0-832d6283c299/trajectory
Headers
accept: application/json
content-type: application/json
accept-encoding: identity
authorization: Basic FILTERED
cURL Edit, then copy and paste on your terminal
curl -X GET \
-H 'accept: application/json' \
-H 'content-type: application/json' \
-H 'accept-encoding: identity' \
--compressed -H 'Accept-Encoding: gzip, deflate' \
-u YOUR_API_CLIENT_ID \
'https://api.amp.cisco.com/v0/computers/bad2c522-3052-4d75-93a0-832d6283c299/trajectory'
Response
cURL Edit, then copy and paste on your terminal
curl -X GET \ -H 'accept: application/json' \ -H 'content-type: application/json' \ -H 'accept-encoding: identity' \ --compressed -H 'Accept-Encoding: gzip, deflate' \ -u YOUR_API_CLIENT_ID \ 'https://api.amp.cisco.com/v0/computers/bad2c522-3052-4d75-93a0-832d6283c299/trajectory'
Shortened for readability
content-type: application/json transfer-encoding: chunked status: 200 OK x-ratelimit-limit: 3000 x-ratelimit-reset: 899 strict-transport-security: max-age=31536000; includeSubDomains, max-age=31536000 referrer-policy: strict-origin-when-cross-origin x-ratelimit-remaining: 2856 x-permitted-cross-domain-policies: none x-download-options: noopen etag: W/"5b7c9cca4f315a8f7e6a833358777635" x-frame-options: SAMEORIGIN x-ratelimit-resetdate: 2022-03-18T11:55:11Z
{
"version": "v0.2.2",
"metadata": {
"links": {
"self": "https://api.amp.cisco.com/v0/computers/bad2c522-3052-4d75-93a0-832d6283c299/trajectory"
}
},
"data": {
"computer": {
"connector_guid": "bad2c522-3052-4d75-93a0-832d6283c299",
"hostname": "Demo_AMP",
"windows_processor_id": "195b0d8736e2af4",
"active": true,
"links": {
"computer": "https://api.amp.cisco.com/v0/computers/bad2c522-3052-4d75-93a0-832d6283c299",
"trajectory": "https://api.amp.cisco.com/v0/computers/bad2c522-3052-4d75-93a0-832d6283c299/trajectory",
"group": "https://api.amp.cisco.com/v0/groups/6c3c2005-4c74-4ba7-8dbb-c4d5b6bafe03"
},
"connector_version": "99.0.99.20946",
"operating_system": "Windows 10",
"os_version": "10.0.19044.1466",
"internal_ips": [
"74.177.148.86"
],
"external_ip": "78.127.198.189",
"group_guid": "6c3c2005-4c74-4ba7-8dbb-c4d5b6bafe03",
"install_date": "2022-02-16T11:40:01Z",
"is_compromised": false,
"demo": true,
"network_addresses": [
{
"mac": "31:5e:f7:d7:d3:31",
"ip": "74.177.148.86"
}
],
"policy": {
"guid": "520c7c68-a637-43b1-b851-7830b0b336b6",
"name": "Protect Policy"
},
"groups": [
{
"guid": "6c3c2005-4c74-4ba7-8dbb-c4d5b6bafe03",
"name": "Protect"
}
],
"faults": [
],
"isolation": {
"available": false,
"status": "not_isolated"
},
"orbital": {
"status": "not_enabled"
}
},
"events": [
]
}
}
Fetch a specific computer's trajectory with given connector_guid and filter for files with a SHA-256 value
Request
Requires AuthorizationGET /v0/computers/bad2c522-3052-4d75-93a0-832d6283c299/trajectory?q=37ceea0922d1177a9de74f4858678acf6afd22706489fcca35a509bca9688cb7&limit=5
Headers
accept: application/json
content-type: application/json
accept-encoding: identity
authorization: Basic FILTERED
cURL Edit, then copy and paste on your terminal
curl -X GET \
-H 'accept: application/json' \
-H 'content-type: application/json' \
-H 'accept-encoding: identity' \
--compressed -H 'Accept-Encoding: gzip, deflate' \
-u YOUR_API_CLIENT_ID \
'https://api.amp.cisco.com/v0/computers/bad2c522-3052-4d75-93a0-832d6283c299/trajectory?q=37ceea0922d1177a9de74f4858678acf6afd22706489fcca35a509bca9688cb7&limit=5'
Response
cURL Edit, then copy and paste on your terminal
curl -X GET \ -H 'accept: application/json' \ -H 'content-type: application/json' \ -H 'accept-encoding: identity' \ --compressed -H 'Accept-Encoding: gzip, deflate' \ -u YOUR_API_CLIENT_ID \ 'https://api.amp.cisco.com/v0/computers/bad2c522-3052-4d75-93a0-832d6283c299/trajectory?q=37ceea0922d1177a9de74f4858678acf6afd22706489fcca35a509bca9688cb7&limit=5'
Shortened for readability
content-type: application/json transfer-encoding: chunked status: 200 OK x-ratelimit-limit: 3000 x-ratelimit-reset: 898 strict-transport-security: max-age=31536000; includeSubDomains, max-age=31536000 referrer-policy: strict-origin-when-cross-origin x-ratelimit-remaining: 2855 x-permitted-cross-domain-policies: none x-download-options: noopen etag: W/"de3e5bfaa9336a1a7fca63d1a9ed8655" x-frame-options: SAMEORIGIN x-ratelimit-resetdate: 2022-03-18T11:55:11Z
{
"version": "v0.2.2",
"metadata": {
"links": {
"self": "https://api.amp.cisco.com/v0/computers/bad2c522-3052-4d75-93a0-832d6283c299/trajectory?q=37ceea0922d1177a9de74f4858678acf6afd22706489fcca35a509bca9688cb7&limit=5"
}
},
"data": {
"computer": {
"connector_guid": "bad2c522-3052-4d75-93a0-832d6283c299",
"hostname": "Demo_AMP",
"windows_processor_id": "195b0d8736e2af4",
"active": true,
"links": {
"computer": "https://api.amp.cisco.com/v0/computers/bad2c522-3052-4d75-93a0-832d6283c299",
"trajectory": "https://api.amp.cisco.com/v0/computers/bad2c522-3052-4d75-93a0-832d6283c299/trajectory",
"group": "https://api.amp.cisco.com/v0/groups/6c3c2005-4c74-4ba7-8dbb-c4d5b6bafe03"
},
"connector_version": "99.0.99.20946",
"operating_system": "Windows 10",
"os_version": "10.0.19044.1466",
"internal_ips": [
"74.177.148.86"
],
"external_ip": "78.127.198.189",
"group_guid": "6c3c2005-4c74-4ba7-8dbb-c4d5b6bafe03",
"install_date": "2022-02-16T11:40:01Z",
"is_compromised": false,
"demo": true,
"network_addresses": [
{
"mac": "31:5e:f7:d7:d3:31",
"ip": "74.177.148.86"
}
],
"policy": {
"guid": "520c7c68-a637-43b1-b851-7830b0b336b6",
"name": "Protect Policy"
},
"groups": [
{
"guid": "6c3c2005-4c74-4ba7-8dbb-c4d5b6bafe03",
"name": "Protect"
}
],
"faults": [
],
"isolation": {
"available": false,
"status": "not_isolated"
},
"orbital": {
"status": "not_enabled"
}
},
"events": [
]
}
}