GET /v0/computers/{:connector_guid}/trajectory
Description
Provides a list of all activities associated with a particular computer. This is analogous to the Device Trajectory on the FireAMP Console.
Using the q parameter, you can search for an IP Address, SHA256 or URL.
Query Parameters
| Name | Type | Example Values | Description |
|---|---|---|---|
q |
String | 37ceea0922d1177a9de74f4858678acf6afd22706489fcca35a509bca9688cb7 | |
limit |
Integer | 5 |
| Name | Type | Description |
|---|---|---|
| version | String | |
| metadata.links.self | String | |
| data.computer.connector_guid | GUID | |
| data.computer.hostname | String | |
| data.computer.active | Boolean | |
| data.computer.links.computer | String | |
| data.computer.links.trajectory | String | |
| data.computer.links.group | String | |
| data.computer.connector_version | String | |
| data.computer.operating_system | String | |
| data.computer.internal_ips | Array | |
| data.computer.internal_ips[] | String | |
| data.computer.external_ip | String | |
| data.computer.group_guid | GUID | |
| data.computer.install_date | String (Time ISO8601) | |
| data.computer.network_addresses | Array | |
| data.computer.network_addresses[].mac | String | |
| data.computer.network_addresses[].ip | String | |
| data.computer.policy.guid | GUID | |
| data.computer.policy.name | String | |
| data.events | Array | |
| data.events[].timestamp | Integer | |
| data.events[].timestamp_nanoseconds | Integer | |
| data.events[].date | String (Time ISO8601) | |
| data.events[].event_type | String | |
| data.events[].detection | String | |
| data.events[].group_guids | Array | |
| data.events[].group_guids[] | GUID | |
| data.events[].file.disposition | String | |
| data.events[].file.file_name | String | |
| data.events[].file.file_path | String | |
| data.events[].file.file_type | String | |
| data.events[].file.identity.sha256 | String | |
| data.events[].file.parent.disposition | String | |
| data.events[].file.parent.identity.sha256 | String |
Examples
- Fetch a specific computer's trajectory with given connector_guid
- Fetch a specific computer's trajectory with given connector_guid and filter for files with a SHA-...
Fetch a specific computer's trajectory with given connector_guid
Request
Requires AuthorizationGET /v0/computers/0f6de888-e023-4020-8f0b-a82d64de8ef3/trajectory
Headers
accept: application/json
content-type: application/json
authorization: Basic FILTERED
cURL Edit, then copy and paste on your terminal
curl -X GET \
-H 'accept: application/json' \
-H 'content-type: application/json' \
--compressed -H 'Accept-Encoding: gzip, deflate' \
-u YOUR_API_CLIENT_ID \
'https://api.amp.cisco.com/v0/computers/0f6de888-e023-4020-8f0b-a82d64de8ef3/trajectory'
Response
cURL Edit, then copy and paste on your terminal
curl -X GET \ -H 'accept: application/json' \ -H 'content-type: application/json' \ --compressed -H 'Accept-Encoding: gzip, deflate' \ -u YOUR_API_CLIENT_ID \ 'https://api.amp.cisco.com/v0/computers/0f6de888-e023-4020-8f0b-a82d64de8ef3/trajectory'
Shortened for readability
strict-transport-security: max-age=31536000 content-type: application/json; charset=utf-8 status: 200 OK x-ratelimit-limit: 3000 x-ratelimit-reset: 3580 x-ratelimit-remaining: 2959 x-frame-options: SAMEORIGIN x-ratelimit-resetdate: 2019-11-01T18:03:14Z transfer-encoding: chunked
{
"version": "v0.2.2",
"metadata": {
"links": {
"self": "https://api.amp.cisco.com/v0/computers/0f6de888-e023-4020-8f0b-a82d64de8ef3/trajectory"
}
},
"data": {
"computer": {
"connector_guid": "0f6de888-e023-4020-8f0b-a82d64de8ef3",
"hostname": "Demo_AMP_Intel",
"active": true,
"links": {
"computer": "https://api.amp.cisco.com/v0/computers/0f6de888-e023-4020-8f0b-a82d64de8ef3",
"trajectory": "https://api.amp.cisco.com/v0/computers/0f6de888-e023-4020-8f0b-a82d64de8ef3/trajectory",
"group": "https://api.amp.cisco.com/v0/groups/6c3c2005-4c74-4ba7-8dbb-c4d5b6bafe03"
},
"connector_version": "6.3.1.10893",
"operating_system": "Windows 7, SP 1.0",
"internal_ips": [
"139.210.10.15"
],
"external_ip": "99.254.102.26",
"group_guid": "6c3c2005-4c74-4ba7-8dbb-c4d5b6bafe03",
"install_date": "2019-10-09T17:30:41Z",
"network_addresses": [
{
"mac": "10:48:6b:6b:06:74",
"ip": "139.210.10.15"
}
],
"policy": {
"guid": "520c7c68-a637-43b1-b851-7830b0b336b6",
"name": "Protect Policy"
},
"faults": [
],
"isolation": {
"available": false,
"status": "not_isolated"
}
},
"events": [
{
"timestamp": 1572455180,
"timestamp_nanoseconds": 337814426,
"date": "2019-10-30T17:06:20+00:00",
"event_type": "Created by",
"group_guids": [
"6c3c2005-4c74-4ba7-8dbb-c4d5b6bafe03"
],
"file": {
"disposition": "Unknown",
"file_type": "MS OLE2 CF",
"identity": {
"sha256": "7d56ad1ed9dd554dcd029be7a59d7491aeafac99dbc3f7a821efffe420316e8d"
},
"parent": {
"disposition": "Unknown",
"identity": {
"sha256": "fe85234ced13d5b94e42af429a32a81276b5a22ad819e9f2ccf519d998f5e449"
}
}
}
},
{
"timestamp": 1572455180,
"timestamp_nanoseconds": 337814426,
"date": "2019-10-30T17:06:20+00:00",
"event_type": "Created by",
"group_guids": [
"6c3c2005-4c74-4ba7-8dbb-c4d5b6bafe03"
],
"file": {
"disposition": "Unknown",
"file_type": "MS OLE2 CF",
"identity": {
"sha256": "7d56ad1ed9dd554dcd029be7a59d7491aeafac99dbc3f7a821efffe420316e8d"
},
"parent": {
"disposition": "Unknown",
"identity": {
"sha256": "fe85234ced13d5b94e42af429a32a81276b5a22ad819e9f2ccf519d998f5e449"
}
}
}
}
]
}
}
Fetch a specific computer's trajectory with given connector_guid and filter for files with a SHA-256 value
Request
Requires AuthorizationGET /v0/computers/0f6de888-e023-4020-8f0b-a82d64de8ef3/trajectory?q=37ceea0922d1177a9de74f4858678acf6afd22706489fcca35a509bca9688cb7&limit=5
Headers
accept: application/json
content-type: application/json
authorization: Basic FILTERED
cURL Edit, then copy and paste on your terminal
curl -X GET \
-H 'accept: application/json' \
-H 'content-type: application/json' \
--compressed -H 'Accept-Encoding: gzip, deflate' \
-u YOUR_API_CLIENT_ID \
'https://api.amp.cisco.com/v0/computers/0f6de888-e023-4020-8f0b-a82d64de8ef3/trajectory?q=37ceea0922d1177a9de74f4858678acf6afd22706489fcca35a509bca9688cb7&limit=5'
Response
cURL Edit, then copy and paste on your terminal
curl -X GET \ -H 'accept: application/json' \ -H 'content-type: application/json' \ --compressed -H 'Accept-Encoding: gzip, deflate' \ -u YOUR_API_CLIENT_ID \ 'https://api.amp.cisco.com/v0/computers/0f6de888-e023-4020-8f0b-a82d64de8ef3/trajectory?q=37ceea0922d1177a9de74f4858678acf6afd22706489fcca35a509bca9688cb7&limit=5'
Shortened for readability
strict-transport-security: max-age=31536000 content-type: application/json; charset=utf-8 status: 200 OK x-ratelimit-limit: 3000 x-ratelimit-reset: 3577 x-ratelimit-remaining: 2957 x-frame-options: SAMEORIGIN x-ratelimit-resetdate: 2019-11-01T18:03:14Z transfer-encoding: chunked
{
"version": "v0.2.2",
"metadata": {
"links": {
"self": "https://api.amp.cisco.com/v0/computers/0f6de888-e023-4020-8f0b-a82d64de8ef3/trajectory?q=37ceea0922d1177a9de74f4858678acf6afd22706489fcca35a509bca9688cb7&limit=5"
}
},
"data": {
"computer": {
"connector_guid": "0f6de888-e023-4020-8f0b-a82d64de8ef3",
"hostname": "Demo_AMP_Intel",
"active": true,
"links": {
"computer": "https://api.amp.cisco.com/v0/computers/0f6de888-e023-4020-8f0b-a82d64de8ef3",
"trajectory": "https://api.amp.cisco.com/v0/computers/0f6de888-e023-4020-8f0b-a82d64de8ef3/trajectory",
"group": "https://api.amp.cisco.com/v0/groups/6c3c2005-4c74-4ba7-8dbb-c4d5b6bafe03"
},
"connector_version": "6.3.1.10893",
"operating_system": "Windows 7, SP 1.0",
"internal_ips": [
"139.210.10.15"
],
"external_ip": "99.254.102.26",
"group_guid": "6c3c2005-4c74-4ba7-8dbb-c4d5b6bafe03",
"install_date": "2019-10-09T17:30:41Z",
"network_addresses": [
{
"mac": "10:48:6b:6b:06:74",
"ip": "139.210.10.15"
}
],
"policy": {
"guid": "520c7c68-a637-43b1-b851-7830b0b336b6",
"name": "Protect Policy"
},
"faults": [
],
"isolation": {
"available": false,
"status": "not_isolated"
}
},
"events": [
]
}
}